About Origin Medical Research Lab

Origin Medical Research Lab is the research arm of Origin Medical. Here, we strive to bring together the best and brightest minds at the intersection of AI and healthcare to fulfill Origin Medical’s mission.

By combining the knowledge of healthcare and AI, it is on a journey to build state-of-the-art solutions aimed at supporting a broad spectrum of healthcare providers in rural and urban communities, allowing them to practice at the top of their licenses. With AI in the imaging workflow, clinicians can more confidently deliver timely interventions, enhance pregnancy outcomes, identify high-risk pregnancies to reduce maternal mortality, and significantly lower infant mortality rates.

Origin Medical, headquartered in Cambridge, Massachusetts, USA, is driven by a mission to advance maternal health equity by improving access to quality prenatal care with artificial intelligence.

About Governance, Risk, and Compliance Team and the Role

Our Governance, Risk & Compliance team ensures Origin Medical's quality assurance standards and regulatory obligations are upheld across all processes, taking a proactive approach to translating evolving regulations into actionable compliance practices.

As an Information Security Analyst, you will own the assessment and strengthening of Origin Medical's cloud, product, and infrastructure security posture through a GRC lens. This role sits at the intersection of compliance rigor and hands-on technical assessment. You will work cross-functionally with Engineering, Product, and Legal teams to ensure all controls are documented, auditable, and aligned to applicable regulatory frameworks.

What will you do?

Cloud, Product & Infrastructure Security Assessment

• Conduct GRC-led security assessments of cloud environments (AWS / GCP / Azure), internal product infrastructure, and data pipelines against ISO 27001, NIST 800-53, SOC 2, and HIPAA controls
• Document technical, administrative, and physical controls for cloud and product environments, driving remediation of identified gaps to closure

Risk Management & Compliance

• Build and maintain a data security risk register and reporting framework aligned to ISO 27001, ISO 27701, and NIST SP 800-53 for governance committees and leadership
• Manage exception review processes and escalate critical risk findings to leadership with prioritized remediation plans

Audit & Regulatory Compliance

• Prepare evidence packages and coordinate responses for security assessments and audits under HIPAA, HITRUST, and SOC 2
• Own the lifecycle management of information security policies, standards, and supporting compliance documentation

Cross-Functional & Operational Security

• Collaborate with Engineering, Product, and Operations teams to embed security policies and drive a culture of compliance across the organization
• Analyze security incidents, coordinate remediation actions, and lead post-incident awareness and documentation efforts

Who are we looking for?

• Bachelor's degree in Computer Science & Engineering, Information Security, Cybersecurity, Networking, or Computer Applications
• At least 1–3 years of hands-on GRC or information security compliance experience
• Prior exposure to cloud security assessments (AWS, GCP, or Azure) from a risk or compliance perspective is strongly preferred
• Working knowledge of ISO 27001, HIPAA, SOC 2, and familiarity with NIST CSF / 800-53, HITRUST, GDPR, and DPDPA, cloud security concepts such as IAM, encryption, logging, and network segmentation.
• Strong Python/scripting skills for compliance automation and experience with GRC platforms such as Vanta, Drata, or OneTrust is a plus
• ISO 27001 Lead Implementer / Lead Auditor, CISA, CISM, CRISC, CEH, or CCSP
• Specific training in NIST CSF, HIPAA Security Rule, or HITRUST CSF is a plus
• Ability to independently own assessment projects end-to-end with strong attention to detail and a data-driven approach to risk decision-making
• Strong written and verbal communication in English, able to present complex security findings clearly to both technical teams and senior leadership

Working at Origin Medical Research Lab

You will receive competitive monthly compensation aligned with industry standards. Additionally, we provide a comprehensive benefits package, including:

• Provident fund
• Paid annual leaves
• Sick leaves
• Wellness allowance
• Insurance allowance

You will work with an exceptional team of highly qualified individuals who strive towards a common goal of delivering a product that improves the standard of care for expecting mothers everywhere.

You will also collaborate with renowned clinicians, AI scientists, and business leaders from around the world.

At Origin Medical Research Lab, we take pride in fostering an inclusive and optimistic company culture that places great value on collaboration, teamwork, and work-life balance. As a valued member of our team, you will have the opportunity to join a supportive environment where individuals genuinely care about each other's success and well-being. Our dedicated colleagues are always ready to lend a helping hand and wish you nothing but the best in your professional journey.

This job posting is valid only on our official LinkedIn page and the mentioned URL. We are not responsible for any job postings or advertisements on third-party sites not listed above.

Please note that our company does not charge any fees for internships or job applications. Any such requests for payment should be considered fraudulent. We strongly advise you to report any suspicious activity involving our name to the appropriate authorities.

Any unauthorized use of our job postings, company information, or data by third parties for their business activities is strictly prohibited. Such actions may be in violation of the Information Technology Act and will be subject to legal penalties under applicable laws.

The information provided in this job posting outlines the general nature of the role. It is not an exhaustive list of responsibilities, duties, or skills required. The company reserves the right to make changes to this description at any time based on business needs.

Our company is an Equal Opportunity Employer, and we do not discriminate based on race, color, religion, gender, national origin, age, disability, sexual orientation, or any other status protected under federal, state, or local laws.