Security & Compliance Specialist

Tucuvi is the global leader in clinical Conversational AI in healthcare . Our mission is to enable efficient and effective care for all, starting with AI‑led phone consultations that augment care teams’ capacity. Our safe and medical‑grade AI autonomously conducts low‑risk clinical calls, inbound and outbound, streamlining caseload, augmenting patient reach, and improving patient outcomes. In Europe, our product, an AI Care management platform powered by an AI Clinical Agent named LOLA, is CE‑marked as a SaMD (Software as a Medical Device). Our enterprise‑grade technology is implemented in +50 care settings, improving tens of thousands of patients’ lives in more than 40 different care pathways. We partner with leading healthcare systems to transform patient care and augment healthcare professionals’ capacities.

Context

We are a mission‑driven SaaS company with a clear vision : to make healthcare more accessible and efficient, ensuring that every patient enjoys the highest possible quality of life. This vision has positioned us at the forefront of Clinical Conversational AI, as we have built the first Clinical AI Agent certified as Software as a Medical Device (SaMD). As we continue to expand and operate in highly regulated environments, maintaining trust, privacy, and compliance is central to everything we do. Our QA / RA (Quality Assurance & Regulatory Affairs) team plays a crucial role in ensuring that our technology meets the highest standards of safety, quality, and security — from medical device regulations to data protection frameworks.

What You’ll Do

As a Security & Compliance Specialist , your main mission will be to help us strengthen and maintain Tucuvi’s security and compliance posture, ensuring our systems, processes, and culture align with the highest standards — including ISO 27001, Esquema Nacional de Seguridad (ENS), SOC 2 and similar frameworks. You’ll play a hands‑on role in managing security controls, preparing and supporting audits, and driving compliance initiatives across the company. Working closely with our engineering and operations teams, you’ll help translate security frameworks into practical, scalable, and automation‑ready practices.

During your first month

You’ll start by getting familiar with Tucuvi’s security policies, architecture, and compliance landscape. You’ll shadow ongoing ISO 27001 and ENS processes, review documentation, and understand how we implement and track controls. You’ll also collaborate with different teams to learn how security integrates into our software development and healthcare operations, ensuring you gain full context from day one.

By the end of month three, we expect to start

You’ll be ready to take ownership of specific security controls, tracking compliance activities and preparing documentation for internal or external audits. You’ll begin to lead small audits or control reviews, help coordinate evidence collection, and start identifying areas for improvement, including potential automation or tooling to make compliance more efficient.

After six months

You’ll become a key point of reference for security and compliance, helping lead audit processes (ISO 27001, ENS, SOC 2) and ensuring continuous alignment with regulatory frameworks. You’ll also collaborate with engineering to explore AI‑related security practices, support risk assessments, and evaluate tools that automate compliance and control management. By this stage, you’ll be proactively proposing improvements, training others, and contributing to our overall security culture.

Responsibilities

• Support and maintain compliance with security and privacy frameworks, including ISO 27001, ENS, and SOC 2, as well as upcoming implementations such as HITRUST and NIST frameworks.
• Lead and coordinate internal and external audits, gathering evidence and liaising with auditors.
• Develop and improve security processes and policies in collaboration with technical and operational teams.
• Manage and monitor security controls, ensuring proper documentation and follow‑up.
• Design and implement automation and tooling to streamline compliance, risk management, and reporting activities.
• Stay up to date with emerging security and privacy regulations, including AI governance frameworks.
• Contribute to risk assessments, incident response, and awareness activities.
• Configure and oversee IT asset security, ensuring laptops, servers, and cloud resources are securely configured, maintained, and compliant with internal policies.
• Implement and manage access control policies, guaranteeing that only authorized users have access to systems, data, and environments, and that permissions are regularly reviewed.
• Support AI security initiatives, exploring techniques for secure AI model development and testing.

With Whom You Will Work

Requirements

Here you have the list of must‑have knowledge / experience we’ll be talking to you during the selection process. Here’s what we’re looking for :

Nice to have ✚

What We Offer