×
Register Here to Apply for Jobs or Post Jobs. X

Associate Director, Information Security

Job in San Diego, San Diego County, California, 92189, USA
Listing for: Jobtailor
Full Time position
Listed on 2026-07-13
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 156000 - 190000 USD Yearly USD 156000.00 190000.00 YEAR
Job Description & How to Apply Below

JOB SUMMARY

We have an established information security program and are looking for a hands‑on Associate Director to grow it and take it to the next level. This is a practitioner role as much as a leadership role — you will be directly involved in the work across governance, IT, cloud security, software, and Dev Ops. The immediate strategic priority is expanding our security posture into the software development lifecycle, embedding cloud security practices across our internally developed SaaS environment, while maintaining and maturing our governance, risk, and compliance foundation.

You will work to obtain and maintain our ISO certification, partnering closely with IT leadership, R&D, and the broader organization to continuously raise the security bar across the company.

This role reports to the VP of IT and carries significant visibility to the CTO and senior leadership.

This role is Hybrid based in San Diego HQ or Boston, MA preferred

KEY RESPONSIBILITIES
  • Drive and mature the company‑wide information security program and strategy including managing policies, standards, risk assessments, and the enterprise risk register

  • Act as the primary internal authority on information security operations, advising leadership and department heads on risk and priorities

  • Develop security metrics and reporting for technical and executive stakeholders

  • Serve as a working technical mentor to security analysts, providing hands‑on guidance, knowledge sharing, and day‑to‑day direction across IT and cloud security domains

  • Own ISO 27001 certification and maintenance, including audits, evidence collection, and improvement

  • Directly manage controls rationalization across frameworks (ISO 27001, SOC 2, NIST CSF, SOX ITGC) to support evolving compliance requirements

  • Lead and execute the vendor and third‑party risk management program

  • Establish and maintain information security controls in alignment with life sciences regulatory requirements, including 21 CFR Part 11 and GxP

  • Partner with the Software, cloud security, and Dev Ops teams on expanding industry‑standard security practices into the software development lifecycle

  • Actively participate in security operations across the corporate IT environment, including hands‑on involvement in endpoint security, identity and access management, vulnerability management, and security monitoring

  • Define cloud security governance standards and policies for SaaS‑hosted environments and oversee compliance

  • Own and continuously improve the company‑wide security awareness and training program

  • Champion a realistic, risk‑based security culture across a diverse workforce spanning research, clinical, and corporate functions

QUALIFICATIONS
  • 12+ years of progressive information security experience with a strong track record of hands‑on technical execution

  • Direct, practitioner‑level experience in at least two of the three domains: GRC, IT security operations, and application/cloud security

  • Experience collaborating with or embedding security within software engineering or product organizations

  • Deep working knowledge of ISO 27001, including post‑certification program management and audit readiness

  • Familiarity with SOC 2, NIST CSF, HIPAA, SOX IT General Controls, and related frameworks

  • Hands‑on understanding of application security principles, secure SDLC practices, and cloud security (AWS, Azure, or GCP)

  • Able to write and maintain clear, practical policies and standards directly, without relying on external consultants or pre‑built templates

  • Strong risk assessment skills with the ability to translate technical findings into business impact for non‑technical audiences

  • Experience supporting or preparing for a SOX readiness assessment or IPO‑related compliance effort

  • Direct experience with GRC platforms (Vanta, Drata, Tugboat Logic, or similar) and security tooling across endpoint, identity, SIEM, and App Sec domains

  • Pragmatic and mission‑driven; energized by doing meaningful work in a fast‑moving clinical‑stage environment

PREFERRED QUALIFICATIONS
  • Regulated industry experience strongly preferred; life sciences, biotech, or pharma background is a meaningful plus

  • CISM, CISSP, or CRISC certification preferred, AWS Security…

Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary