Director, IT Governance & Cybersecurity

About KalVista Pharmaceuticals, Inc. 

KalVista is a global pharmaceutical company dedicated to delivering life-changing oral therapies for individuals affected by rare diseases with significant unmet needs. The KalVista team discovered and developed EKTERLY®—the first and only oral on-demand treatment for hereditary angioedema (HAE)—and continues to work closely with the global HAE community to improve treatment and care for this disease around the world.

For more information about KalVista, please visit www.kalvista.com and follow us on LinkedIn, X, Facebook and Instagram.

 

ABOUT THE ROLE

The Director, IT Governance, & Cybersecurity is a senior leadership role responsible for building, leading, and continuously maturing KalVista's information security and IT governance program. This individual will serve as the organization's primary cybersecurity leader, owning the full spectrum of IT governance, risk management, regulatory compliance, data protection, and hands-on cybersecurity operations and strategy.

This role partners closely with senior executives and cross-functional leaders across HR, Finance, Legal, Regulatory Affairs, Quality, and IT to align the company's security posture with its business objectives, risk tolerance, and obligations under applicable laws and industry standards. As an emerging biotech, KalVista requires a leader who is equally comfortable setting strategic direction and rolling up their sleeves to execute.

 

RESPONSIBILITIES

Cybersecurity Leadership

• Own and lead the enterprise cybersecurity function, acting as the organization’s de facto CISO-equivalent
• Define, implement, and mature a cybersecurity strategy aligned to NIST CSF
• Lead and manage MSSP and third-party partners
• Oversee security operations and tooling (Azure Security, SentinelOne, Defender suite, Qualys, Mimecast, EOP, Meraki, Intune, AOVPN, GPOs)
• Develop and lead Incident Response
• Drive threat intelligence and vulnerability management
• Champion security awareness

 

IT Governance & Risk Management

• Develop and maintain the enterprise IT governance framework.
• Own and execute IT Risk Management.
• Lead BC/DR planning and tabletop exercises.
• Provide risk reporting to leadership and Board.
• Compliance & Audit
• Develop and execute compliance strategy across InfoSec, privacy, and IT controls
• Own all security policies and SOPs
• Lead SOX ITGC audit coordination
• Ensure compliance with SOX, GDPR, HIPAA, 21 CFR Part 11, GxP
• Identify and remediate policy gaps

 

Data Protection & Privacy

• Partner on data governance and privacy programs.
• Oversee data classification, DLP, access control
• Support privacy-by-design for new systems
• Vendor & Third-Party Security
• Lead vendor security assessments
• Establish third-party risk management
• Partner with Procurement and Legal on vendor security terms

 

BASIC QUALIFICATIONS

• Bachelor’s degree in a related field
• 10+ years in cybersecurity, governance, risk, and compliance
• 4+ years director-level leadership
• Experience scaling cybersecurity in high-growth or resource-constrained settings
• MSSP management experience
• Regulated environment experience (SOX ITGC, GxP, FDA)

 

PREFERRED QUALIFICATIONS

• Master’s degree or MBA with tech focus.
• Life sciences/biotech/pharma experience.
• Strong TPRM experience.
• Certifications: CISSP, CISM, CRISC, CISA
• Microsoft security certifications (SC-100, SC-200, AZ-500)
• Strong executive communication
• Deep Microsoft security stack expertise
• Proficiency with vulnerability management, SIEM, email security, endpoint protection
• Cloud security architecture (Azure preferred), IAM, zero trust
• Experience with Druva or similar backup solutions
• Frameworks & Regulatory Knowledge
• Expert familiarity with NIST CSF, ISO 27001, SOX, GDPR, HIPAA
• Working knowledge of GxP, 21 CFR Part 11
• Experience applying CIS Controls

 

EXPECTATIONS & COMPETENCIES

• Exceptional communication and executive presentation skills
• Strong cross-functional collaboration and influence
• Strategic and operational mindset
• High integrity, sound judgment, decisiveness under pressure
• Maintain CSF-aligned cybersecurity roadmap and risk register
• Lead mature IR program with playbooks and exercises
• Ensure strong oversight of MSSP and partners
• Maintain enforceable policies and close audit findings
• Embed privacy-by-design and least privilege principles

 

OUR VISION

We Deliver Novel Therapies That Empower People To Live Better Lives.

 

Our OPERATING PRINCIPLES, referenced below, guide our behaviors and decisions:

Define Success – And Then Deliver
Act with outcomes in mind. Have high expectations. Details Matter.

Be Data Driven And Openly Debate – But Be Decisive
Time is valuable. Say the thing you can’t say. Understand timelines and meet them.

Have An Ownership Mentality
This is your company; treat it that way. Protect our resources, reputation, and results.

Be Internally Collaborative And Externally Competitive
We go further, faster, together. Have a bias for action, but bring others along. Offer solutions, not just problems.

Good People = Great Company
Act with integrity. Assume positive intent. Be Kind.

 

Important Notice to Third-Party Recruiters & Staffing Agencies:

The current job openings advertised on this website are for the sole purpose of candidates to apply directly. Unsolicited and anonymous CVs submitted in any manner to KalVista employees, including to employee personal e-mail accounts, are considered to be the property of KalVista and will not qualify for a fee to be paid. Referral fees will only be payable where KalVista has agreed with an agency to work on a specific appointment, and then only in conjunction with a fully-executed contract for service.

If any Agency representative contacts a KalVista Hiring Manager or company employee, other than a member of the KalVista Talent Acquisition team, to solicit an appointment to engage on a job opening, that Agency will not be considered for that specific job opening or future opportunities with KalVista.

Thank you for your understanding and cooperation.