Senior Information Security Analyst



Curelator is a digital health company focused on developing a clinical grade disease management platform for patients and clinicians. The company is base in Cambridge MA with operations in the US as well as Barcelona, Spain, UK and Germany.

Our product is a clinically validated patient-centric, digital platform that combines big data and proprietary small data (n=1) analytics to measure the impact of a wide spectrum of factors and medications on individuals with chronic diseases who have debilitating episodic attacks.

N1-Headache, our first application is being used in clinical studies with multiple institutions, which have generated several groundbreaking findings that have advanced the clinical management of migraine. Curelator collects patient reported data remotely and provide individual analysis to headache clinics.

The position

We are looking for a person to fill an hybrid role of Security Analyst, Information Security Officer and Data Protection Officer. We are developing a new information security program and a data protection and privacy program and we need a technical, hands-on person, with good management skills to help us implement and oversee the application of these new policies, procedures and guidelines.

Security Analyst / Information Security Officer role:

  • Implement, maintain a comprehensive information security program, related policies, procedures, standards and guidelines, and oversee their approval, dissemination, and maintenance, to ensure adequate protection of information assets.
  • Establish monitoring and assessment processes to ensure compliance and adherence to laws and regulations such as HIPAA.
  • Develop and implement training programs and communications to make systems, network, and data users aware of and understand security policies and procedures.
  • Partner with operations, infrastructure, and applications teams to ensure that technologies are developed and maintained according to security policies and guidelines.
  • Develop and maintain the Incident Response Plan and escalates possible incidents to the relevant teams.
  • Stay well-informed of best practices in the IT security field, coordinate and evaluates new and emerging security practices and technologies, and recommends and promotes adoption as appropriate.
  • Manage the daily operation and implementation of the IT security strategies.
  • Identify and assess risks in implementing new features and products.

Data Protection Officer:

  • Maintain and improve the data inventory, classification and mapping.
  • Conduct Data Protection Impact Assessments (PIAs).
  • Monitor data management procedures and compliance within the company.
  • Establish monitoring and assessment processes to ensure compliance and adherence to laws and regulations such as GDPR.
  • Maintain records of processing operations.
  • Respond to data subject requests.
  • Review external providers contracts to ensure compliance to data protection policies and regulations.

This is an exciting opportunity to get involved first-hand in the implementation of the first comprehensive cybersecurity and privacy program at Curelator.

You will work closely with our CEO, Clinical VP, Medical Affairs Director, Product Manager, Designers and Developers. We have smart and autonomous team of effective and communicative people spread between US and Europe. We are looking for someone based in Europe, with strong communication skills generally and especially in German and English.

Preferred Qualifications and Experience

  • Extensive knowledge of business risk, risk assessment and risk-based decision making.
  • Expert knowledge of GDPR, national data protection laws and practices.
  • A proven track record in developing information security policies, privacy policies and procedures, and successful execution.
  • Knowledge of security, risk and control frameworks and standards such as ISO27001 and NIST.
  • Knowledge of HIPAA and HITRUST desirable.
  • Experience in data protection and legal compliance.
  • Ability to handle confidential information.
  • Ethical, with the ability to remain impartial and report all noncompliance.
  • Great organizational skills with attention to detail.
  • Enthusiastic, responsive and a flexible working style.
  • Proactive and pragmatic approach.
  • Background in computer science, engineering, cyber risk management or a related field.
  • Desirable: knowledge of data processing operations within the health sector.
  • Desirable: experience in start-up roles.


Between €45,000 and €55,000, depending on the experience, plus an equity sharing plan.

To apply, please send your resume to