Associate Director, IT Security & Compliance

Hi Tarsan! 

Thanks for your interest in this position.  Please review the details and if role and if it's something that could match your career goals, connect with your current manager and HRBP to discuss if your experience and skills line up. If everything is a go, please apply and the Talent Acquisition team will contact you for an interview so we can also get to know you better.  

- Your Human Resources Team

About the Role

The Associate Director, IT Security & Compliance is responsible for defining and executing an information security strategy and continuous improvement plan. This person will manage our IT security operations and cybersecurity program and will play a critical role in identifying and mitigating potential security risks and maintaining compliance with relevant industry regulations. This role will work collaboratively with IT peers, business stakeholders and external vendors.

Let’s talk about some of the key responsibilities of the role:

• Develop and oversee a comprehensive cybersecurity risk management program, ensuring proactive identification, assessment, and mitigation of security threats and vulnerabilities.
• Develop IT security policies and procedures (SOPs) to protect organization’s digital assets and infrastructure.
• Lead the IT Security Operations Center (SOC), ensuring efficient threat detection and automated incident response.
• Manage IT security systems such as intrusion detection and website monitoring systems.
• Manage incident response and recovery efforts, ensuring effective communication and coordination during security incidents.
• Manage regular security audits and assessments (internal or external) to identify and address potential vulnerabilities in systems and applications, and ensure adherence to security controls
• Manage and Support IT-related crisis management plans, including Incident Response Plans, Business Continuity, and Disaster Recovery strategies, ensuring system integrity, recoverability, and preparedness.
• Maintain compliance with relevant regulatory standards and frameworks (e.g., HIPAA, GDPR, NIST, SOX) and ensure that security controls are aligned with industry’s best practices.
• Promote cybersecurity awareness through training, communication, and employee engagement initiatives.
• Stay up-to-date with the latest cyber security trends, threats, and technologies, and recommend improvements to enhance the organization's security posture.
• Collaborate with IT peers to drive automation and improve existing support processes related to IT security and vulnerability detection/remediation.
• Prepare and present regular status reports on the organization's cyber security program
• Work with vendors to drive cybersecurity programs

Factors for Success:

• Bachelor’s degree (Master’s a plus) in Computer Science, Information Security, or a related field
• 12+ years’ relevant experience, with 10+ years’ in the life sciences industry preferred, with expertise in Cybersecurity, IT security operations, and regulatory compliance
• Strong knowledge of threat intelligence, penetration testing, SIEM and SOC tools (such as Rapid7)
• Strong experience with Cybersecurity architecture, Zero Trust, vulnerability management, risk management, threat modeling and cloud security
• Strong troubleshooting experience with firewalls, VPNs, IDS/IPS, and cloud security (AWS, Azure)
• Proficiency in network security, mobile security, data loss prevention (DLP), and endpoint security
• Experience in security incident response and crisis management.
• Experience with Identity and Access management solutions (such as Okta), and end-user security awareness solutions (such as KnowBe4)
• Strong experience working in a Regulatory environment, with knowledge of GxPs (GMP/GCP/GLP), 21 CFR Part 11, HIPAA, SOX, GDPR, PII, PHI, and NIST frameworks
• Ability to build consensus, drive improvements and implement enterprise-wide cybersecurity programs.
• Strong leadership and communication skills with ability to engage executive stakeholders and communicate complex cybersecurity concepts in business terms.
• Industry Certifications (Preferred): CISSP, CISM, CISA, CRISC, CCSP

A Few Other Details Worth Mentioning:

• The position will be based in our beautiful Irvine office, complete with a courtyard, snacks, drinks, and occasional catered meals.
• We provide a hybrid work environment
• This position reports directly to the Director, IT Infrastructure and Security
• Some travel may be required – up to 10%

At Tarsus, we understand the importance of attracting and retaining top talent. The expected base pay range for this position is $161,200 - $225,800 plus bonus, stock equity, and comprehensive benefits. The base pay range reflects the target range for this position, but individual pay will be determined by additional factors such as job-related skills, experience and relevant education or training. Our benefits include health, dental and vision insurance benefits to ensure your well-being. We believe in work-life balance and offer generous paid time off, including vacation, holidays, and personal days. For more details regarding Tarsus benefits, please visit: https://alliantbenefits.cld.bz/25tarsusbenesnap.

#LI-Hybrid