Information Security & Data Privacy Manager

Über den Job

Level of employment: 100%

Working place: Allschwil and Home- Office

For 26 years, Medgate has been bringing doctors directly to patients 24/7 thanks to telemedicine. At Medgate Switzerland, more than 300 motivated employees - including over 130 permanently employed doctors - are actively shaping the medicine of tomorrow with the help of future-oriented digital health solutions.

Those who treat patients remotely at Medgate receive intensive training in telemedicine at the beginning. The medical guidelines developed for the needs of telemedicine and continuously refined over the years are practice-oriented and designed for remote treatment. The patient management system supports doctors in their treatment by using artificial intelligence, among other things. This means that doctors have less administrative work and can focus more specifically on their patients. The medicine of the future is already a reality at Medgate.

With flexible working models and reliable duty scheduling, Medgate makes it easy to combine work, leisure and family life.

Information Security & Data Privacy Manager

About the role

Medgate is a leading player in the digital-health market and a medical-device manufacturer: we develop and operate applications — including AI copilots and CE-marked Software as a Medical Device (SaMD) — that handle sensitive patient data under strict Swiss professional-secrecy obligations. We run an integrated management system: an ISO 27001:2022 information-security management system (ISMS) operating inside an ISO 13485:2016 / EU MDR quality management system.

Compliance with information-security and data-privacy requirements is a supporting pillar of our business. In this role you support the Compliance Officer in operating and maintaining both management systems, running their day-to-day operational activities and growing your contribution over time. You will work in a modern, AI-augmented environment: Claude (Anthropic) is available as an AI assistant to support research, drafting, and document generation across compliance and privacy workflows.

Your tasks

You support the Compliance Officer in the planning and execution of projects and operational activities across the following areas:

• Information Security Management System (ISMS) — operate and maintain the ISO 27001:2022 ISMS: keep policies and documentation current, run the security-exception register, document security incidents and track their remediation, and monitor vulnerabilities and threat sources to produce the periodic cyber report — in coordination with IT Security & Operations.
• Supplier & cloud security assessments — prepare and maintain security assessments for new and existing suppliers and cloud services, on a new-engagement and yearly-review cycle.
• Data privacy — support the data-privacy management system under Swiss nDSG/FADP and EU GDPR: keep privacy documentation current, document and assess data-breach incidents, and support the handling of data-subject requests, in liaison with the (externally mandated) Data Protection Officer.
• Documentation, risk & improvement — support internal IT and the business in generating and maintaining security and privacy documentation, risk management, monitoring and measurements, corrective actions and improvement measures — within the ISO 13485 / EU MDR quality management system.
• Training & awareness — administer information-security and data-privacy training in the existing tools, support the yearly training plan, and grow into designing and delivering trainings over time.
• Audits — organise and support internal and external audit activities, including ISO 27001 certification and surveillance audits and medical-device (Notified Body) audits; grow your content contribution over time.
• Coordination & reporting — coordinate internal departments, intra-group stakeholders and external providers on the treatment of compliance issues; track and report the status of project and operational compliance activities to internal stakeholders (optionally including the Medgate Group and the Otto Group).
• Corporate projects — support corporate project activities; analyse problems and propose actions to remediate gaps.

Your profile

• Advanced university or university of applied sciences degree in an engineering, scientific, or related discipline. 
• Fluent in German and English, both written and spoken.
• Professional experience in a regulated industry (e.g. medical devices, healthcare, or financial services) combined with strong organisational skills.
• Solid understanding of management systems, organisational structures, processes, regulatory requirements, and standards, particularly ISO 27001, the Swiss Data Protection Act (DSG/nDSG), and GDPR. An ISO 27001 Foundation and/or Internal Auditor certification is an advantage or can be obtained on the job. Knowledge of ISO 13485, EU MDR, the EU AI Act, and professional confidentiality obligations is an advantage, or a willingness to acquire this knowledge quickly.
• Ability to bridge business, compliance, and IT functions, translating regulatory requirements into practical and effective solutions.
• Passion for helping shape the responsible adoption of AI, digital health solutions, and emerging technologies within a highly regulated environment.
• Analytical mindset, strong problem-solving skills, and the ability to navigate complex challenges within regulatory frameworks and in a dynamic environment.
• Strong communication skills, with the ability to communicate clearly, positively, and appropriately with diverse stakeholders while building trust and alignment.
• Experience with collaboration tools such as Microsoft 365, Jira, and Confluence; familiarity with security awareness, data privacy, and security operations tools is a plus.

If you have any questions, please contact Vanessa Sziedat, HR Operations Associate, on +41 61 377 65 52.

Interested in joining us? If so, we look forward to receiving your complete online application. As the hiring manager is not a German speaker, we kindly ask you to submit your application documents in English where available. Please note that the interview process will be conducted in English.