About the Company

At nyra health, we’re a scale-up in rapid growth with a hands-on culture. We’re looking for someone who enjoys building robust security and compliance foundations, is comfortable switching between policy and practice, and thrives in an environment where flexibility, pragmatism, and attention to detail are essential.

This is a chance to own our Information Security Management System (ISMS), strengthen our privacy posture, and support our Quality Management System (QMS) as we scale in digital health.

About the role

As Information Security & Compliance Specialist, you will maintain and improve our ISMS (ISO 27001), lead privacy compliance (GDPR, HIPAA), and support aspects of our QMS (ISO 13485). You’ll plan and support audits, drive risk management end-to-end, and coordinate security operations such as vulnerability scanning and penetration testing. You’ll work closely with Product, Engineering, Operations, and Leadership to align technical controls with organizational processes and documentation.

Responsibilities

Information Security Management (ISO 27001)

• Maintain and improve the ISMS; manage the Statement of Applicability and control effectiveness.
• Plan, prepare, and support internal & external audits.
• ISMS Risk Management: Conduct risk assessments and threat modeling. Integrate security risks into product risk management (aligned with ISO 14971 principles).
• Coordinate regular vulnerability scans and penetration tests; drive remediation.
• Support operational security tasks (access reviews, incident response drills, backup/restore tests).
• Maintain an Asset Management System (hardware, software, services, data).
• Develop and deliver role-based training on ISO 27001, secure practices & GDPR.

Quality Management Support (ISO 13485)

• Change Management: Support and monitor changes within the Integrated Management System (IMS) for ISO 13485 conformity.
• CAPA Management: Own CAPAs within your scope, ensuring timely implementation, root-cause analysis, corrective actions, and documentation.

What You Should Bring

• Understanding of ISO 27001 and ISMS implementation/operation
• Knowledge of GDPR is beneficial. Exposure to HIPAA is a plus
• Familiarity with ISO 13485 is beneficial
• Experience within the medical device or healthcare industry is beneficial
• Hands-on experience in risk management, audit preparation, and regulatory compliance
• Structured, detail-oriented working style with excellent documentation and communication skills
• Eagerness to grow and continuously expand your skill set
• Strong collaboration and communication skills within cross-functional teams
• Bonus: German and English proficiency; English required

Why nyra health

• Fast-growing digital health scale-up with international ambition.
• Direct collaboration with the founders and cross-functional teams.
• Responsibility from day one and tangible impact on how we scale securely.
• Transparent, direct communication and feedback culture.
• Attractive compensation, Phantom Stock Options, and company perks (Wiener Linien Jahreskarte etc.).
• Beautiful office in Vienna’s First District with regular team events.
• Some of the best Mario Kart drivers in the Austrian startup scene ;)

The process

1. Intro call (~30 mins): Background, expectations, and an overview of nyra health and the role.
2. Practical exercise: A short case focused on ISMS improvement and a privacy/security scenario which you will discuss with our QMRA Team Lead. 
3. Meet with Founders: Discuss your case, approach to audits, and real-world constraints with the founders as the last step before joining nyra health.