Associate Director, Information Security

JOB SUMMARY

We have an established information security program and are looking for a hands-on Associate Director to grow it and take it to the next level. This is a practitioner role as much as a leadership role — you will be directly involved in the work across governance, IT, cloud security, software, and DevOps. The immediate strategic priority is expanding our security posture into the software development lifecycle, embedding cloud security practices across our internally developed SaaS environment, while maintaining and maturing our governance, risk, and compliance foundation.

You will work to obtain and maintain our ISO certification, partnering closely with IT leadership, R&D, and the broader organization to continuously raise the security bar across the company.

This role reports to the VP of IT and carries significant visibility to the CTO and senior leadership.

This role is Hybrid based in San Diego HQ or Boston, MA preferred

KEY RESPONSIBILITIES

- Drive and mature the company-wide information security program and strategy including managing policies, standards, risk assessments, and the enterprise risk register

- Act as the primary internal authority on information security operations, advising leadership and department heads on risk and priorities

- Develop security metrics and reporting for technical and executive stakeholders

- Serve as a working technical mentor to security analysts, providing hands-on guidance, knowledge sharing, and day-to-day direction across IT and cloud security domains

- Own ISO 27001 certification and maintenance, including audits, evidence collection, and improvement

- Directly manage controls rationalization across frameworks (ISO 27001, SOC 2, NIST CSF, SOX ITGC) to support evolving compliance requirements

- Lead and execute the vendor and third-party risk management program

- Establish and maintain information security controls in alignment with life sciences regulatory requirements, including 21...