Director, Information Security

Seattle, South San Francisco, CA, United States
Jan 08, 2021
Required Education
Bachelors Degree
Position Type
Full time
Job Purpose

Sana Biotechnology is looking for a Director of Information Security to join the IT Leadership Team. You will work cross-functionally across the Sana organization to manage and oversee all aspects of application and corporate security and infrastructure, maintaining a thorough understanding of the current threat and attack landscape and latest security trends and principles. We will rely on your wide-ranging experience in this role as you perform a large variety of tasks - from strategy through implementation. You must be comfortable talking with users & peers, coordinating audits, and implementing internal policies and procedures across a fast-growing biotech company. Prior management experience is required, as you will oversee external & internal resources focused on security and IT operations.

  • Own strategy and vision around IT enterprise security, application security, vulnerability management and incident management, including owning and maintaining all security policies and procedures for a growth stage biotechnology company
  • Collaborate and communicate effectively with IT and Technical Science teams to ensure application security is championed throughout our processes, including regular vulnerability scans and 3rd party penetration testing
  • Drive business results by representing security to our internal business units
  • Participate in security review calls w/ platform partners (current & future)
  • Manage SOC2 audit process and assess other certifications (e.g. ISO 27001) as appropriate, designing plans to satisfy regulatory and compliance requirements related to security and privacy.
  • Own the partnership with external auditors and legal
  • Review and update existing controls to best balance agile startup environment and meet the security requirements of the business
  • Coordinate audit processes
  • Cross functional collaboration with HR and Finance for a successful audit
  • Develop and Conduct annual information security awareness training for employees
  • Work with IT & HR to ensure security on Sana employee computer systems
  • Work with executive leadership to strategize and recommend changes and updates to company-wide processes and policies relating to security.
  • Ensure Sana's continued compliance with existing privacy standards
  • Own and develop other miscellaneous infosec policies and programs outside of compliance
  • Lead and develop team that owns both corporate IT and R&D related security functions
  • Grow and Manage IT security team / strategize and think through team structure and growth


Basic Qualifications
  • 10+ years in security management function, leading initiatives across an organization. Previous company-wide leadership experience is required
  • 5+ years of people management experience, leading teams to build systems, practices and policies that comply with important security standards
  • Experience leading SOC2 audits and managing external service providers
  • Experience reviewing potential corporate vendors with regards to security and compliance with privacy laws and conducting audits of existing vendors.
  • Ability to communicate security risks in business terms that can be clearly understood at all levels of the organization
  • Deep familiarity with distributed web applications, and security processes and procedures
  • Experience managing and configuring web applications hosted on AWS & Azure
  • Experience with MacOS, MDM and endpoint management solutions like Jamf & InTune
  • Security configuration and management of corporate productivity software including O365, Zoom, & Slack

Preferred Qualifications
  • Bachelor's degree in Computer Science or related field strongly desired
  • High-growth startup experience is strongly preferred
  • CISSP certification preferred