Director, Information Security

Soleno is a biopharmaceutical company focused on the development and commercialization of novel therapeutics for the treatment of rare diseases based in Redwood City, CA.

At Soleno, we are driven by the unique and multi-faceted needs of the PWS community. Like these individuals, resilience is part of who we are – it is in our chromosomes – and our team is made up of exceptional colleagues whose collective efforts are woven together to deliver meaningful outcomes, both professionally and for those living with PWS.

We value collaboration, integrity, and respect. These characteristics have allowed us to forge strong, authentic bonds with the caregivers, patients, health care professionals (HCPs) and community members we serve. We are proud to work alongside them every step of the way.

Our employees are our greatest asset, and we're expanding across functions during this pivotal time. We invite you to join us in making an impact—and making history.
We all share the most important goal of bringing solutions to the PWS community.

The Director, Information Security will report to the VP & Head of IT and will be accountable for designing, implementing, and operating Soleno’s cybersecurity program in a regulated biopharmaceutical environment. This role is intentionally hands‑on and execution‑oriented, while also operating at a strategic level—partnering with Legal, Compliance, QA, Finance, People, and business leaders to reduce risk, ensure audit readiness, and protect Soleno’s digital crown jewels.

The Director will lead security operations, governance, and continuous improvement aligned with CIS controls, GxP expectations, SOX, HIPAA, and global privacy regulations, while enabling the business to move fast and securely.

• Define and execute Soleno’s enterprise IT Security and Cybersecurity strategy, aligned with business growth, commercialization, and pipeline expansion.
• Translate risk assessments and CIS‑based gap analyses into practical, prioritized remediation roadmaps.
• Balance security rigor with business agility, ensuring security enables—not blocks—innovation.

• Own day‑to‑day security operations, including:
• Identity and Access Management (IAM)
• Endpoint security and MDM
• Network and cloud security
• Vulnerability management and remediation
• Partner with IT Operations and Infrastructure teams to embed security into systems, processes, and platforms.
• Lead penetration testing, security assessments, and ongoing control validation.

• Establish and maintain security policies, standards, and procedures aligned to:
• CIS Critical Security Controls
• SOX ITGCs
• HIPAA and global privacy requirements (GDPR, CCPA)
• Partner closely with Legal, Compliance, QA, and Finance to support audits, inspections, and regulatory inquiries.
• Ensure security controls are documented, auditable, and operationally effective.
• Lead security architecture and controls across Azure and AWS environments.
• Ensure secure configuration, monitoring, and logging across cloud workloads.
• Partner with Infrastructure teams on:
• Secure remote access
• Backup, disaster recovery, and business continuity
• Own and continuously improve Soleno’s Security Incident Response program.
• Lead tabletop exercises, incident simulations, and post‑incident reviews.
• Ensure readiness for cybersecurity incidents with clear escalation, communication, and recovery procedures.

• Lead third‑party risk management, including security due diligence, questionnaires, and risk assessments.
• Partner with Procurement and Legal on security requirements in vendor contracts.
• Ensure vendors handling regulated or sensitive data meet Soleno’s security standards.

• Partner with the Director of Data Analytics & AI to ensure:
• Secure data platforms and pipelines
• Responsible and compliant AI usage
• Strong access controls, monitoring, and data protection
• Embed security and privacy‑by‑design into analytics and AI initiatives.

• Build and mentor a small, high‑impact IT security team and/or managed service…