GatherJob
Back to jobs
V

IT Security & Compliance Lead

VIA HealthTech
Berlin, DEOn-siteengineering Today

VIA HealthTech automates psychotherapy documentation — from session notes to psychological reports — so therapists spend less time on admin and more time with patients.

We work at the intersection of mental healthcare, AI, and software. Security is central to what we build: we process highly sensitive data and already hold C5 and ISO27001 certification.

Tasks

We are looking for a hands-on IT Security & Compliance Lead to own security and compliance end-to-end at VIA.

This is a broad role in a small team. You will not only define policies — you will implement systems, configure tools, improve cloud and product security, run audits, and work directly with engineering to make security a practical part of how we build.

Your goal is to make VIA more secure while helping the team move faster, not slower.

What you’ll do

  • Own internal IT security end-to-end: devices, access management, 2FA, endpoint protection, policies, onboarding and offboarding
  • Professionalize and operate our internal IT setup
  • Own IT Compliance (ISO27001 and C5), including audits, evidence management, policies, risk management, corrective actions, auditor communication, and internal training
  • Improve cloud security across infrastructure, access control, encryption, logging, monitoring, and operational processes
  • Work closely with engineering on product security across web, desktop, mobile, backend, and AI-related systems
  • Help embed security into the development lifecycle without creating unnecessary overhead
  • Coordinate external security work such as penetration tests, security reviews, and vendor assessments where needed
  • Identify security gaps, prioritize what matters, and implement pragmatic improvements

Requirements

Required:

  • Strong hands-on experience in IT Security, Information Security, Cloud Security, or a closely related field
  • Practical experience securing cloud-based software products and internal IT environments
  • Solid understanding of IAM, endpoint security, device management, encryption, logging, access control, and incident response
  • Experience with ISO27001 and/or C5, ideally including audit ownership or major audit involvement
  • Ability to work directly with engineering teams on technical security topics
  • Strong operational ownership: you see what needs to be done and make it happen
  • Pragmatic judgment: you know how to raise the security bar without blocking a fast-moving team
  • Clear communication and comfort working in an async-first startup environment

Nice to have:

  • Experience in healthcare, regulated environments, or companies handling highly sensitive data
  • Experience with application security, secure SDLC, threat modeling, or vulnerability management
  • Experienc

Opens the company's application page

About the company

VIA HealthTech

Listed via

A

Arbeitnow

arbeitnow.com