Vice President, Chief Information Security Officer

About The Position

Requirements

• Bachelor’s or Master’s degree in Information Security, Computer Science, or related field.
• 10+ years of progressive experience in information security, including leadership roles and hands-on security engineering and vulnerability remediation.
• Proven ability to lead cross-functional teams and manage global security operations
• Strong communication and stakeholder engagement skills with demonstrated record of translating technical content for business adoption
• Experience with vendor management and contract negotiation
• Familiarity with cloud security, application security, and data loss prevention
• Understanding of modern threats and exploits
• Ability to understand and communicate attack chains to management and key stakeholders
• Experience managing or working with Managed Security Service Providers (MSSPs) and Security Operations Centers (SOCs).
• Familiarity with Zero Trust architecture and identity-centric security models.

Nice To Haves

• Experience in pharmaceutical, healthcare, or consulting industries preferred
• Certifications such as CISSP, CISM, CEH, GSEC, ECSA, Security+ or CISA strongly preferred

Responsibilities

• Develop and implement a global information security strategy aligned with business goals and regulatory requirements
• Establish and maintain enterprise-wide security policies, standards, and procedures.
• Lead the information security governance, risk management, including responsibility for audit readiness and post-assessment remediation plans, especially for ISO 27001 and 42001 gaps
• Define and report on key security metrics (e.g., incident response times, vulnerability remediation SLAs, phishing simulation results) to executive leadership and the board
• Lead the development and enforcement of cloud security strategies across Microsoft 365, Azure, AWS, and other SaaS platforms with emphasis on configuration management, monitoring, and incident detection/remediation in cloud environments
• Lead threat detection, prevention, and response capabilities, including Security Operations Center (SOC) oversight.
• Ensure the timely investigation, response, and remediation of security incidents and breaches.
• Establish and document a framework-aligned, business-integrated security ecosystem for Trinity and enable mechanisms to showcase it to customers on a need basis.
• Lead data protection efforts across Trinity SaaS, Product and Internal environments, including cloud-native services and large-scale repositories
• Integrate security practices into the full software development lifecycle, including secure architecture, code review, automated testing for vulnerabilities, and DevSecOps principles.
• Collaborate with IT and Product teams to ensure security controls are embedded from project initiation through deployment.
• Oversee data governance and protection strategies for large-scale data repositories, including SharePoint Online, OneDrive, and Teams
• Ensure secure configuration and monitoring of cloud-native services, including identity, access, and data protection controls
• Orchestrate regular security audits in SaaS ecosystems, to proactively identify vulnerabilities.
• Collaborate with international teams to maintain consistent security posture and incident response readiness globally
• Champion regular security audits and continuous improvement cycles, with a focus on cloud ecosystem vulnerabilities such as drift in Microsoft 365, AWS, Azure, among others.
• Work directly with General Counsel and Compliance group to ensure compliance with HIPAA, GDPR, NIST CSF, SOC 2, ISO 27001 and ISO 42001and other global data protection regulations relevant to pharmaceutical consulting
• Develop, execute and track the performance of security measures to protect information and network infrastructure and computer systems
• Identify, define and document system security requirements and recommend solutions to management
• Identify and document security requirements and recommend solutions to management
• Ownership of remediation activities for ISO and other regulatory gaps.