Director, Information Security

Location
Seattle, South San Francisco, CA, United States
Posted
Jan 08, 2021
Ref
5021943002
Required Education
Bachelors Degree
Position Type
Full time
Job Purpose

Sana Biotechnology is looking for a Director of Information Security to join the IT Leadership Team. You will work cross-functionally across the Sana organization to manage and oversee all aspects of application and corporate security and infrastructure, maintaining a thorough understanding of the current threat and attack landscape and latest security trends and principles. We will rely on your wide-ranging experience in this role as you perform a large variety of tasks - from strategy through implementation. You must be comfortable talking with users & peers, coordinating audits, and implementing internal policies and procedures across a fast-growing biotech company. Prior management experience is required, as you will oversee external & internal resources focused on security and IT operations.

DUTIES AND RESPONSIBILITIES
  • Own strategy and vision around IT enterprise security, application security, vulnerability management and incident management, including owning and maintaining all security policies and procedures for a growth stage biotechnology company
  • Collaborate and communicate effectively with IT and Technical Science teams to ensure application security is championed throughout our processes, including regular vulnerability scans and 3rd party penetration testing
  • Drive business results by representing security to our internal business units
  • Participate in security review calls w/ platform partners (current & future)
  • Manage SOC2 audit process and assess other certifications (e.g. ISO 27001) as appropriate, designing plans to satisfy regulatory and compliance requirements related to security and privacy.
  • Own the partnership with external auditors and legal
  • Review and update existing controls to best balance agile startup environment and meet the security requirements of the business
  • Coordinate audit processes
  • Cross functional collaboration with HR and Finance for a successful audit
  • Develop and Conduct annual information security awareness training for employees
  • Work with IT & HR to ensure security on Sana employee computer systems
  • Work with executive leadership to strategize and recommend changes and updates to company-wide processes and policies relating to security.
  • Ensure Sana's continued compliance with existing privacy standards
  • Own and develop other miscellaneous infosec policies and programs outside of compliance
  • Lead and develop team that owns both corporate IT and R&D related security functions
  • Grow and Manage IT security team / strategize and think through team structure and growth

QUALIFICATIONS

Basic Qualifications
  • 10+ years in security management function, leading initiatives across an organization. Previous company-wide leadership experience is required
  • 5+ years of people management experience, leading teams to build systems, practices and policies that comply with important security standards
  • Experience leading SOC2 audits and managing external service providers
  • Experience reviewing potential corporate vendors with regards to security and compliance with privacy laws and conducting audits of existing vendors.
  • Ability to communicate security risks in business terms that can be clearly understood at all levels of the organization
  • Deep familiarity with distributed web applications, and security processes and procedures
  • Experience managing and configuring web applications hosted on AWS & Azure
  • Experience with MacOS, MDM and endpoint management solutions like Jamf & InTune
  • Security configuration and management of corporate productivity software including O365, Zoom, & Slack

Preferred Qualifications
  • Bachelor's degree in Computer Science or related field strongly desired
  • High-growth startup experience is strongly preferred
  • CISSP certification preferred