Compliance Specialist

About Vitestro

Founded in 2017 in Utrecht, Vitestro is pioneering the future of blood collection with the Aletta® Autonomous Robotic Phlebotomy Device™ (ARPD™). This groundbreaking medical device combines advanced multi-modal imaging (near-infrared, ultrasound, and Doppler ultrasound) with robotics and AI to perform the entire diagnostic blood draw procedure autonomously.

By addressing critical healthcare staffing shortages and improving patient experience, Vitestro is transforming one of the most common and essential medical procedures. With more than 90 team members and growing rapidly, we are scaling our impact. As we placed our first devices with customers, we are now expanding our team to ensure successful implementation and long-term reliability.

At Vitestro, we are committed to continuous innovation and improvement.

For our Security Team, we are looking for an Security Compliance Specialist to support the development and maintenance of Vitestro’s information security framework.

In this role, you will contribute to the implementation and maintenance of ISO 27001:2022, working closely with IT, engineering, and operations teams to translate security and regulatory requirements into practical, workable processes. You will support risk assessments, audits, and documentation efforts, helping maintain a strong and security posture.

You will collaborate with internal stakeholders to ensure alignment between security controls, operational realities, and business needs. This role offers the opportunity to help shape how information security is applied in a growing organization, while supporting Vitestro’s mission to deliver safe and reliable healthcare technology.

What you are going to do:

• Help build and scale Vitestro’s information security foundation as the company grows.

• You will work on SOC2 Type II as well (from 2027), as well as working - to the extent information security is concerned - with regards to GDPR and HIPAA.

• Take an active role in implementing and maintaining ISO 27001:2022, turning requirements into practical, real-world processes.

• Work closely with engineering, IT, and operations to embed security into how we work—not as a blocker, but as an enabler.

• Support risk assessments, audits, and certification efforts by gathering evidence and keeping documentation sharp and up to date.

• Continuously improve policies, controls, and workflows as the organization evolves.

• Help raise security awareness across the company in a way that’s practical and human.
  

Who are you:

• You have ~3 years of experience in information security, compliance, or ISO-related work.

• You like building things from scratch and improving them over time.

• You’re comfortable navigating a fast-moving environment where not everything is fully defined yet.

• You’re structured and detail-oriented, but also pragmatic—you know when “good enough” is better than “perfect.”

• You communicate easily with both technical and non-technical teammates.

• You’re excited about growing with a startup and shaping how security is done, not just maintaining it.

What we offer:

• Competitive salary including pension plan

• 25 days of annual leave based on a full-time position

• Hybrid work model

• Working together in a high-skilled team with our home base in Utrecht

• Frequent out-of-work activities with our team, and annual company weekend away

• Annual training budget of €2000,-

• Opportunity to be key shaper of a new global industry niche: autonomous medical robotics