CISO
CISO
About us
Owkin is an AI biotechnology company that uses AI to find the right treatment for every patient. We combine the best of human and artificial intelligence to answer the research questions shared by biopharma and academic researchers. By closing the translational gap between complex biology and new treatments, we bring new diagnostics and drugs to patients sooner.
Owkin has raised over $300 million and became a unicorn through investments from leading biopharma companies (Sanofi and BMS) and venture funds (Fidelity, GV and BPI, among others).
Owkin is seeking the best and brightest to join our fast-growing and dynamic team.
About the role:
As the CISO, you will be the executive responsible for Owkin’s information and data security. You will be responsible for minimizing the risk related to company, partner and client information. The role has responsibility for cyber risk and cyber intelligence, security operations, data loss and fraud prevention, as well as ensuring consistent security architectures are applied. You will also be in charge of identity and access management, investigations and forensics and governance activities and expected to develop and support programs to mitigate risks.
Working closely with all departments you will implement risk management processes on the basis of continuous improvement. Specifically with technology teams, you will make sure IT and network infrastructure is designed with best security practices in mind.
In particular, you will:
- Maintain and communicate a risk register based on pro-actively analyzing the risks related to the information system
- Manage and train staff at the appropriate level of security
- Regularly define the information security policy
- Implement the information security policy
- Work with departments to develop improvement plans to minimize risk and increase resilience
- Communicate and raise awareness of security issues
- Manage certification processes and audits
- Respond to and control security incidents
- Ensure business continuity
- Ensure technological, regulatory and legal oversight
- Ensure the management and supervision of its entity
The responsibilities missions described are not an exhaustive list; additional tasks may be assigned or the scope of the job may change as necessitated by business demands.
Position is based in our Paris or Nantes offices or remotely.
About you
Required qualifications / experience:
- Proven and strong experience in the IT field and in information systems security
- Legal and regulatory knowledge
- Project management techniques
- IT and technology oversight and management reporting
- Implementing IT security procedures and tools
- Use and carry out auditing techniques and procedures
- Manage risks (financial, human, technical): anticipation, identification, implementation of corrective actions
- Experience in Health Data hosting (EU and/or US) and handling in a secure environment
- Experience providing cybersecurity documentation to hospitals
- Strong communication and negotiations skills
- Fluent English
- Valid CISSP or CISM or C|CISO certification
- ISO/IEC 27001-2013
Bonus:
- Security Standards related to Medical Devices (i.e. IEC 81001-5-1 & MDCG guidance)
- ASIP HDS certification
- GDPR
- NIST SP-800
- SOC1/2
- EBIOS RM methodology
- CIS V7 or V8
What we offer
- Competitive salary & excellent benefits package
- Flexible work organization and access to remote work
- Friendly and informal working environment
- Opportunity to work with an international team with high technical and scientific backgrounds
Recruitment Process & Security
- Please attach a CV.
- Owkin is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, sex, gender, sexual orientation, age, color, religion, national origin, protected veteran status or on the basis of disability.
- Owkin is a great place to work. Unfortunately, being a coveted workplace means we are vulnerable to recruitment phishing scams. We urge all job seekers and candidates to be wary of potential scams. Most of these have individuals posing as representatives of prominent companies, including Owkin, with the aim of obtaining personal, sensitive, or financial information from applicants. These scams prey upon an individual’s desire to obtain a job and can sometimes “feel” like a genuine recruitment process. Some red flags are identified below. Should you encounter a recruitment process that claims to be for Owkin but is not consistent with the below, please do not provide any personal or financial information:
- Legitimate Owkin recruitment processes include communication with candidates through recognized professional networks, such as LinkedIn. However, further
- communication is always through an official Owkin email address (from the @owkin.com domain), over the phone or though Recruitment platforms (WelcomeKit, talent.io, hidden.market, Fifty Talent or Hiresweet);
- Legitimate Owkin recruiters will not solicit personal data from candidates during the application phase including, but not limited to, date of birth, social security numbers, or bank account information;
- Legitimate Owkin interviews may be conducted over the phone, in person, or via an approved enterprise videoconferencing service (such as Google Meets or Highfive). They will never occur via Signal, Telegram or Messenger
- Legitimate Owkin offers of employment are based on merit and only extended once a candidate has interviewed with members of the hiring team. Offers will be extended both verbally and in written format. Owkin may request some personal information to initiate the hiring process, but this will be through protected means.
- Please attach a CV.
- Owkin is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, sex, gender, sexual orientation, age, color, religion, national origin, protected veteran status or on the basis of disability.
- Owkin is a great place to work. Unfortunately, being a coveted workplace means we are vulnerable to recruitment phishing scams. We urge all job seekers and candidates to be wary of potential scams. Most of these have individuals posing as representatives of prominent companies, including Owkin, with the aim of obtaining personal, sensitive, or financial information from applicants. These scams prey upon an individual’s desire to obtain a job and can sometimes “feel” like a genuine recruitment process. Some red flags are identified below. Should you encounter a recruitment process that claims to be for Owkin but is not consistent with the below, please do not provide any personal or financial information:
- Legitimate Owkin recruitment processes include communication with candidates through recognized professional networks, such as LinkedIn. However, further
- communication is always through an official Owkin email address (from the @owkin.com domain), over the phone or though Recruitment platforms (WelcomeKit, talent.io, hidden.market, Fifty Talent or Hiresweet);
- Legitimate Owkin recruiters will not solicit personal data from candidates during the application phase including, but not limited to, date of birth, social security numbers, or bank account information;
- Legitimate Owkin interviews may be conducted over the phone, in person, or via an approved enterprise videoconferencing service (such as Google Meets or Highfive). They will never occur via Signal, Telegram or Messenger
- Legitimate Owkin offers of employment are based on merit and only extended once a candidate has interviewed with members of the hiring team. Offers will be extended both verbally and in written format. Owkin may request some personal information to initiate the hiring process, but this will be through protected means.
If you think that you have been a victim of fraud,
- Check the identity of recruiters on LinkedIn and the website https://owkin.com/team/
- Check the existence of the position on our website https://owkin.welcomekit.co/
- Notify Owkin's recruitment unit at this address hiring@owkin.com
- contact the following authorities:
Take a closer look
