Sr. Director, Information Security, CISO

Sr. Director Information Security What You’ll Do: The Senior Director, Information Security is the enterprise‑wide leader responsible for defining, executing, and advancing the organization’s global security strategy. This role oversees security operations, incident response, threat intelligence, engineering, governance, and resilience programs across a complex, highly regulated SaaS and life sciences environment. This role provides strategic guidance to executive leadership, influences long‑range technology and risk decisions, and ensures that security capabilities scale with the organization's growth. This role partners closely with Engineering, IT, Enterprise Architecture, Legal, Compliance, HR, and Product teams to safeguard information assets, protect customer trust, and uphold regulatory and contractual obligations. Enterprise Security Leadership & Strategy Define and own the long‑term enterprise information security strategy aligned with business objectives, risk appetite, regulatory expectations, and future growth. Serve as the primary security advisor to executive leadership and a key contributor to enterprise risk, technology, and business continuity planning. Translate emerging threats, industry trends, and technology shifts into actionable programs and investments. Establish measurable KPIs, maturity roadmaps, and performance metrics for all security domains. Security Operations & Threat Management Provide executive oversight of the Security Operations Center (SOC), ensuring world‑class detection, response, and containment capabilities. Lead the organization’s threat intelligence, threat hunting, and vulnerability management programs, ensuring proactive identification and mitigation of risks. Ensure continuous optimization of security tools including SIEM, SOAR, EDR, DLP, IDS/IPS, and cloud-native controls. Drive automation, orchestration, and AI‑enabled capabilities to improve detection speed, reduce manual effort, and enhance accuracy. Enterprise Incident Response & Resilience Serve as the executive incident commander for major cybersecurity events. Oversee development, testing, and continuous enhancement of enterprise incident response, disaster recovery, and business continuity plans. Direct cross-functional coordination with Legal, HR, Communications, Compliance, Engineering, and external partners during high‑severity incidents. Security Architecture & Engineering Partner with technology leaders to ensure secure design and implementation across infrastructure, applications, networks, and cloud services. Champion secure-by-design principles and influence architecture, DevSecOps practices, and roadmap decisions. Lead investment planning and lifecycle management for enterprise security platforms and controls. Governance, Risk, Compliance & Audit Oversee adherence to security frameworks and regulatory standards such as HIPAA, SOX, GDPR, PCI-DSS, and ISO 27001. Ensure audit readiness, evidence quality, and control accuracy across all security programs. Lead enterprise-wide policy development, risk assessments, vendor security evaluations, and executive reporting. Leadership, Talent, & Culture Lead, mentor, and retain a diverse, high‑performing organization of security, engineering, and operations professionals. Set clear goals, performance expectations, and development plans for leaders and teams. Foster a culture of resilience, accountability, continuous learning, and partnership across the enterprise. Act as a visible and influential security champion to executive leaders, customers, and internal teams.