Security Compliance Officer

About the role

We are on a mission to ensure everyone has access to medical expertise, no matter where they are. Half the world still lacks access to quality healthcare. Even in advanced systems, outcomes are uneven, and clinicians are overwhelmed. Medical knowledge grows faster than human capacity can keep up. Corti exists to close that gap. Our AI platform expands access to medical expertise, reducing errors, restoring time to clinicians, and making care more affordable, accessible, and human again. There is no quality healthcare without a quality dialogue, and no reliable AI without a strong foundation. Help us build both. Why Corti? Corti is the frontier lab for clinical-grade AI. We build world-leading models and infrastructure that power healthcare's most ambitious software - from EHR vendors and virtual care platforms to the health systems that care depends on. Today, Corti serves over 100 million patients annually, including the NHS. Our flagship model, Symphony, is trained and validated on real clinical data from real patient interactions, and powers the clinical and administrative work that healthcare runs on. We power the builders who are redefining how healthcare works, from startups creating new patient experiences to enterprises modernizing the systems that care depends on. If you believe that AI purpose-built for medicine will define the next century of healthcare, you belong at Corti. Corti is seeking a Security Compliance Officer to ensure we continue to meet and exceed our rigorous standards for data privacy, security, and regulatory compliance, particularly as it pertains to managing sensitive patient information. In this role, you will manage our adherence to essential frameworks such as ISO 27001, SOC 2, Cyber Essentials, and BSI C5. These frameworks are fundamental to safeguarding sensitive data, as they establish strict controls on data privacy, risk management, and region-specific compliance. The ideal candidate will play a critical role in implementing, monitoring, and refining our compliance strategies to meet evolving regulatory requirements. By leading our compliance efforts, you'll help build trust with clients, partners, and regulatory bodies, demonstrating our commitment to responsible data handling and supporting the long-term security and sustainability of our operations. The Security Compliance Officer would work closely with other Governance & Market Access team members, platform team, Technical teams, including management, to develop, implement and maintain compliance policies and procedures, as well as ensure company adherence to them.

Responsibilities

• Own and maintain Corti security governance model across ISO 27001, ISO 27017, SOC 2 and other relevant frameworks, including a clear control inventory and ownership map.
• Translate frameworks and customer requirements into concise policies, playbooks, checklists and acceptance criteria that fit naturally into tech docs, release processes and change management.
• Plan, manage and follow up on internal and external security audits and assessments, address any areas of non compliance and communicate status and findings to leadership, auditors and teams.
• Drive the use of compliance automation tools (e.g. Drata) and internal scripts, and monitor indicators such as device compliance, policy acceptance, training completion and access reviews, coordinating remediation with the responsible teams.
• Maintain a live security risk register, including risk acceptance, mitigation plans and regular reviews with Product, Platform and Governance team members.
• Partner with Platform and other engineers to ensure that policies and control objectives are reflected in CI or CD pipelines, Infrastructure as Code and cloud configuration baselines, manage incidents and review security impactful changes at a governance level so they remain aligned and auditable.
• Act as a trusted advisor on secure ways of working and provide answers to customers and stakeholders on Corti's security.
• What you bring:
• Strong understanding of security and data protection laws, regulations, and standards.
• Proven impact in risk reduction and safeguarding sensitive data, protecting brand reputation and customer trust.
• Practical exposure to modern engineering environments, for example working closely with platform or DevOps teams, and familiarity with CI or CD, Infrastructure as Code, and cloud platforms such as Azure.
• A builder mindset for governance, you enjoy designing processes, templates, and automations that make it easy for teams to do the right thing.
• A proactive, ownership-driven approach to building and coordinating company-wide compliance programs.
• Comfortable using and configuring compliance tooling such as Drata, and eager to experiment with new automation tools to reduce manual work.
• Effective partnership with external auditors, including evidence collection, issue tracking, and clear internal communication of findings.
• Clear communicator

Benefits

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at corti? Share your experience