Chief Information Security Officer

Trinity Life Sciences-posted 3 months ago
$250,000 - $300,000/Yr
Full-time • Senior
Waltham, MA
1,001-5,000 employees
Professional, Scientific, and Technical Services
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

The Chief Information Security Officer will lead the development and execution of a comprehensive information security strategy for a global pharmaceutical consulting firm. They will act as the strategic leader of Trinity's cyber defense program as an integral part of the Trinity leadership team. This role will ensure the confidentiality, integrity, and availability of enterprise data, systems, and infrastructure across all geographies. The CISO will collaborate with executive leadership, IT, legal, compliance, and operations to embed security into the company's culture and business processes. The CISO will possess the ability to manage the cybersecurity team to identify, assess and prioritize threats and vulnerabilities across all of Trinity's environment, while effectively influencing and communicating across multiple teams to help create a cohesive security ecosystem. The ideal candidate will be able to build strong relationships across the business to help identify gaps in security controls, as well as direct internal audits. They will possess an ability to 'think like an adversary' and promote security throughout the organization.

  • Develop and implement a global information security strategy aligned with business goals and regulatory requirements
  • Establish and maintain enterprise-wide security policies, standards, and procedures
  • Lead the information security governance, risk management, including responsibility for audit readiness and post-assessment remediation plans, especially for ISO 27001 and 42001 gaps
  • Define and report on key security metrics (e.g., incident response times, vulnerability remediation SLAs, phishing simulation results) to executive leadership and the board
  • Lead the development and enforcement of cloud security strategies across Microsoft 365, Azure, AWS, and other SaaS platforms with emphasis on configuration management, monitoring, and incident detection/remediation in cloud environments
  • Foster a security-first culture by engaging business leaders and department heads in regular security briefings and risk discussions
  • Lead threat detection, prevention, and response capabilities, including Security Operations Center (SOC) oversight
  • Ensure the timely investigation, response, and remediation of security incidents and breaches
  • Establish and document a framework-aligned, business-integrated security ecosystem for Trinity and enable mechanisms to showcase it to customers on a need basis
  • Lead data protection efforts across Trinity SaaS, Product and Internal environments, including cloud-native services and large-scale repositories
  • Integrate security practices into the full software development lifecycle, including secure architecture, code review, automated testing for vulnerabilities, and DevSecOps principles
  • Collaborate with IT and Product teams to ensure security controls are embedded from project initiation through deployment
  • Oversee the security review process for third-party vendors, cloud providers, and partners
  • Ensure supply chain security and resilience
  • Oversee the design and implementation of technical safeguards including access control, encryption, patch management, and threat detection systems
  • Manage the cybersecurity team, including security engineers, analysts, and external vendors (e.g., Managed SOC services)
  • Direct incident response planning and execution, including breach investigations and reporting
  • Ensure secure configuration and monitoring of cloud-native services, including identity, access, and data protection controls
  • Oversee data governance and protection strategies for large-scale data repositories, including SharePoint Online, OneDrive, and Teams
  • Orchestrate regular security audits in SaaS ecosystems, to proactively identify vulnerabilities
  • Collaborate with international teams to maintain consistent security posture and incident response readiness globally
  • Champion regular security audits and continuous improvement cycles, with a focus on cloud ecosystem vulnerabilities such as drift in Microsoft 365, AWS, Azure, among others
  • Work directly with General Counsel and Compliance group to ensure compliance with HIPAA, GDPR, NIST CSF, SOC 2, ISO 27001 and ISO 42001 and other global data protection regulations relevant to pharmaceutical consulting
  • Conduct regular risk assessments based on NIST RMF and develop mitigation plans
  • Lead external security audits and accreditation surveys
  • Ensure security practices are adapted to regional regulatory requirements and cultural contexts across North America, Europe, and Asia
  • Champion a culture of security awareness across the organization specifically with development teams
  • Develop and deliver training programs tailored to different roles and regions
  • Demonstrated ability to communicate complex security concepts to the board, non-technical stakeholders, and external customers in plain, persuasive language
  • Evaluate and implement emerging security technologies (e.g., CASB, PAM, GRC tools)
  • Align security architecture with frameworks such as NIST CSF, CIS 18, and OWASP
  • Bachelor's or Master's degree in Information Security, Computer Science, or related field
  • 10+ years of progressive experience in information security, including leadership roles and hands-on security engineering and vulnerability remediation
  • Experience in pharmaceutical, healthcare, or consulting industries preferred
  • Certifications such as CISSP, CISM, CEH, GSEC, ECSA, Security+ or CISA strongly preferred
  • Proven ability to lead cross-functional teams and manage global security operations
  • Strategic thinking and business acumen
  • Strong communication and stakeholder engagement skills with demonstrated record of translating technical content for business adoption
  • Experience with vendor management and contract negotiation
  • Familiarity with cloud security, application security, and data loss prevention
  • Understanding of modern threats and exploits
  • Ability to understand and communicate attack chains to management and key stakeholders
  • Develop, execute and track the performance of security measures to protect information and network infrastructure and computer systems
  • Identify, define and document system security requirements and recommend solutions to management
  • Ownership of remediation activities for ISO and other regulatory gaps
  • Experience managing or working with Managed Security Service Providers (MSSPs) and Security Operations Centers (SOCs)
  • Familiarity with Zero Trust architecture and identity-centric security models
  • Annual discretionary performance bonus
Track Jobs with Teal

Job Search Resources

AI Resume Builder
Chief Information Officer Resume Examples
Chief Information Officer Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service