Senior Manager, IT Cybersecurity & Compliance

KardiganPrinceton, NJ
$164,000 - $200,000Onsite

About The Position

We are seeking a Senior Manager, IT Cybersecurity and Compliance to manage and strengthen our information security, privacy, and IT compliance programs. Reporting to the Senior Director, IT Infrastructure, this role manages the day-to-day security risk management process, runs security awareness and training, and helps ensure compliance with applicable regulations and internal policies (including SOX, GDPR, and GxP). The Senior Manager serves as a primary IT point of contact for audits and assessments, maintains IT security policies and standards, oversees vulnerability management and vendor security reviews, and prepares evidence and attestations for IT General Controls (ITGCs) and related governance processes.

Requirements

  • Bachelor’s degree in Information Security, Information Systems, Computer Science, or equivalent practical experience.
  • 7+ years of progressive experience in IT, information security, risk management, and/or IT compliance, including experience leading projects, programs, or small teams.
  • Demonstrated experience supporting SOX IT General Controls, including evidence collection, walkthroughs, and remediation of findings.
  • Working knowledge of GDPR security requirements and privacy-supporting controls.
  • Experience operating in regulated environments and supporting GxP expectations (e.g., pharma/biotech, medical devices, clinical, manufacturing, or quality-regulated systems).
  • Hands-on experience with third-party/vendor security assessments, including SOC report review and risk-based remediation tracking.
  • Experience designing and delivering security awareness and training programs for end users and administrators.
  • Strong understanding of core security domains: IAM, endpoint security, network security, cloud security, vulnerability management, logging/monitoring, and incident response.
  • Excellent written communication skills, including ability to draft clear policies, standards, and procedures.

Nice To Haves

  • Relevant certifications such as CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer/Auditor, or similar.
  • Experience with security and compliance frameworks such as NIST CSF, NIST 800-53, ISO 27001, SOC 2, and/or COBIT.
  • Experience with cloud platforms (e.g., AWS, Azure, GCP) and SaaS security controls.
  • Experience with GRC tooling (risk registers, control libraries, evidence management, vendor risk platforms).
  • Experience supporting customer security questionnaires and audits.
  • Experience building and scaling security programs in high-growth organizations.

Responsibilities

  • Help define and execute the IT security and compliance roadmap and operating processes; maintain metrics, reporting, and continuous improvement activities.
  • Maintain and obtain approvals for IT security policies, standards, and procedures (e.g., vulnerability management, patching, configuration baselines, identity and access management, encryption, logging/monitoring, secure remote access, incident response, and third-party risk management), and recommend updates as needed.
  • Conduct security due diligence and ongoing monitoring for vendors (SaaS, cloud, MSPs, consultants, and critical suppliers), including risk tiering, questionnaires, evidence review (e.g., SOC 1/2, ISO 27001), remediation tracking, and security addendum requirements in partnership with Legal and Procurement.
  • Run user security training and awareness programs (onboarding, annual training, targeted campaigns, phishing simulations, role-based training), and measure effectiveness through reporting and follow-up actions.
  • Support and maintain IT General Controls in scope for SOX (access controls, change management, computer operations, system development where applicable). Provide timely evidence, coordinate walkthroughs, respond to auditor requests, and execute remediation and management action plans.
  • Partner with Privacy/Legal to support GDPR and other applicable privacy requirements, including security controls, data protection impact inputs, and vendor processing/security reviews.
  • Help ensure IT controls and practices support GxP expectations (e.g., validated systems, data integrity/ALCOA+ principles, audit trails, controlled access, change control, backup/restore, and incident handling) in partnership with Quality.
  • Operate access governance processes (role design, least privilege, segregation of duties, periodic access reviews). Provide ITGC-related attestations for appropriate roles and permissions, including evidence of approvals and review completion.
  • Maintain the IT security risk register; perform periodic risk assessments, threat modeling (as appropriate), and control gap analyses; escalate risks and recommendations to leadership.
  • Manage the vulnerability management program including scanning, prioritization, remediation SLAs, exception handling, and reporting; partner with Infrastructure, Application owners, and vendors to drive timely remediation.
  • Coordinate IT security incident response activities, including triage, containment, forensics coordination, communications support, and post-incident reviews; maintain tabletop exercises and runbooks.
  • Serve as a primary IT contact for internal/external audits and customer security assessments; coordinate evidence collection across IT teams; ensure findings are documented, tracked, and resolved.
  • Review new systems, integrations, and changes for security and compliance requirements; provide secure-by-design guidance for cloud, endpoints, networks, and applications.
  • Support data classification, retention/security control alignment, encryption and key management practices (in partnership with platform teams), and secure data handling requirements.
  • Support IT aspects of BCP/DR planning, testing, and documentation; ensure controls align with audit/regulatory expectations.
  • Partner with Finance, Quality, Legal/Privacy, HR, Procurement, and business leaders to operationalize controls and meet compliance objectives; communicate security requirements in practical, business-aligned terms.

Benefits

  • Exact Compensation may vary based on skills, experience and location.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service