Associate Director, Information Security

Iambic Iambic · Pharma · San Diego, CA · Technology

Associate Director of Information Security to mature the company's security program, focusing on governance, IT, cloud security, software development lifecycle, and compliance in a regulated life sciences environment. This is a hands-on leadership role.

What you'd actually do

  1. Drive and mature the company-wide information security program and strategy including managing policies, standards, risk assessments, and the enterprise risk register
  2. Act as the primary internal authority on information security operations, advising leadership and department heads on risk and priorities
  3. Develop security metrics and reporting for technical and executive stakeholders
  4. Serve as a working technical mentor to security analysts, providing hands-on guidance, knowledge sharing, and day-to-day direction across IT and cloud security domains
  5. Own ISO 27001 certification and maintenance, including audits, evidence collection, and improvement

Skills

Required

  • Information security program management
  • Governance, Risk, and Compliance (GRC)
  • IT security operations
  • Application security
  • Cloud security (AWS, Azure, or GCP)
  • ISO 27001
  • SOC 2
  • NIST CSF
  • SOX ITGC
  • 21 CFR Part 11
  • GxP
  • Secure SDLC practices
  • Vendor risk management
  • Security awareness and training
  • Risk assessment
  • GRC platforms (Vanta, Drata, Tugboat Logic, or similar)
  • Endpoint security
  • Identity and access management
  • Vulnerability management
  • Security monitoring
  • Cloud security governance
  • Policy and standards development

Nice to have

  • Life sciences, biotech, or pharma industry experience
  • CISM, CISSP, or CRISC certification
  • AWS Security Specialty, CCSP, or equivalent certification

What the JD emphasized

  • ISO 27001
  • SOC 2
  • NIST CSF
  • SOX ITGC
  • 21 CFR Part 11
  • GxP