Tucuvi is the global leader in clinical Conversational AI in healthcare.
Our mission is to enable efficient and effective care for all, starting with AI-led phone consultations that augment care teams' capacity. Our safe and medical-grade AI autonomously conducts low-risk clinical calls, inbound and outbound, streamlining caseload, augmenting patient reach, and improving patient outcomes.
In Europe, our product, an AI Care management platform powered by an AI Clinical Agent named LOLA, is CE-marked as a SaMD (Software as a Medical Device).
Our enterprise-grade technology is implemented in +50 care settings, improving tens of thousands of patients' lives in more than 40 different care pathways. We partner with leading healthcare systems to transform patient care and augment healthcare professionals’ capacities.
Click here if you want to see more about Tucuvi.
If you want to see our impact on people's lives, click here.
We are a mission-driven SaaS company with a clear vision: to make healthcare more accessible and efficient, ensuring that every patient enjoys the highest possible quality of life. This vision has positioned us at the forefront of Clinical Conversational AI, as we have built the first Clinical AI Agent certified as Software as a Medical Device (SaMD).
As we continue to expand and operate in highly regulated environments, maintaining trust, privacy, and compliance is central to everything we do. Our QA/RA (Quality Assurance & Regulatory Affairs) team plays a crucial role in ensuring that our technology meets the highest standards of safety, quality, and security — from medical device regulations to data protection frameworks.
As a Security & Compliance Specialist, your main mission will be to help us strengthen and maintain Tucuvi’s security and compliance posture, ensuring our systems, processes, and culture align with the highest standards — including ISO 27001, Esquema Nacional de Seguridad (ENS), SOC 2 and similar frameworks.
You’ll play a hands-on role in managing security controls, preparing and supporting audits, and driving compliance initiatives across the company. Working closely with our engineering and operations teams, you’ll help translate security frameworks into practical, scalable, and automation-ready practices.
This is an ideal opportunity for someone with 1–2 years of experience in cybersecurity, auditing, or compliance who’s eager to grow into a leadership role in security and compliance within an innovative health-tech environment.
You’ll also have the chance to explore new technologies and frameworks, especially around AI security, security testing for AI systems, and compliance automation tools, as we scale our platform globally.
You’ll start by getting familiar with Tucuvi’s security policies, architecture, and compliance landscape. You’ll shadow ongoing ISO 27001 and ENS processes, review documentation, and understand how we implement and track controls.
You’ll also collaborate with different teams to learn how security integrates into our software development and healthcare operations, ensuring you gain full context from day one.
You’ll be ready to take ownership of specific security controls, tracking compliance activities and preparing documentation for internal or external audits.
You’ll begin to lead small audits or control reviews, help coordinate evidence collection, and start identifying areas for improvement, including potential automation or tooling to make compliance more efficient.
You’ll become a key point of reference for security and compliance, helping lead audit processes (ISO 27001, ENS, SOC 2) and ensuring continuous alignment with regulatory frameworks.
You’ll also collaborate with engineering to explore AI-related security practices, support risk assessments, and evaluate tools that automate compliance and control management.
By this stage, you’ll be proactively proposing improvements, training others, and contributing to our overall security culture.
Here you have an overview of your main challenges and key responsibilities:
Support and maintain compliance with security and privacy frameworks, including ISO 27001, ENS, and SOC 2, as well as upcoming implementations such as HITRUST and NIST frameworks.
Lead and coordinate internal and external audits, gathering evidence and liaising with auditors.
Develop and improve security processes and policies in collaboration with technical and operational teams.
Manage and monitor security controls, ensuring proper documentation and follow-up.
Design and implement automation and tooling to streamline compliance, risk management, and reporting activities.
Stay up to date with emerging security and privacy regulations, including AI governance frameworks.
Contribute to risk assessments, incident response, and awareness activities.
Configure and oversee IT asset security, ensuring laptops, servers, and cloud resources are securely configured, maintained, and compliant with internal policies.
Implement and manage access control policies, guaranteeing that only authorized users have access to systems, data, and environments, and that permissions are regularly reviewed.
Support AI security initiatives, exploring techniques for secure AI model development and testing.
Meet part of the team you’ll be working more closely to achieve your goals:
Clara Soler - QA/RA Lead
Sandra Peris - QARA Specialist
Julio Porto - Product Lead
Marcos Rubio - Founder and CTO
Here you have the list of must-have knowledge/experience we’ll be talking to you during the selection process:
Here’s what we’re looking for:
1–2 years of experience in information security, compliance, or auditing roles.
Basic understanding of ISO 27001, ENS, or SOC 2 frameworks (hands-on experience preferred).
Familiarity with risk management, control tracking, or audit preparation.
Strong organizational and analytical skills, with a structured and proactive mindset.
Fluent in Spanish and English.
Curiosity and motivation to learn new frameworks and tools, especially around AI security and compliance automation.
Excellent communication and collaboration skills, comfortable working across teams.
Experience using GRC (Governance, Risk, and Compliance) tools or security automation platforms.
Exposure to healthcare environments or data protection frameworks (GDPR, HIPAA).
Familiarity with security testing tools or vulnerability assessments.
Interest in AI systems security or AI auditing frameworks.
💰 Fix and variable salary
We also have flexible benefits through Cobee (ticket restaurant, transport, nursery...).
🌍 Remote work in an async environment.
🕓 Flexible working hours.
💃 Teambuildings three time per year.
🏖️ 23 days per year + your birthday + 6 local and regional holidays added to your calendar (so we can choose when to enjoy them)
🧑🏫 Budget for training and personal development.
💻 A laptop (Mac) + the equipment that you need (screen…)
🛫 & last but not least, the possibility to join a team of good and ambitious people where you can create a real impact on people's lives.
Wanna know more ⁉️ Are you interested in the position but you don’t meet all the requirements ⁉️ Get in touch with us:
Sofia Nikolaeva
People & Culture Associate