Iambic Therapeutics

life sciences

AssociateDirector,InformationSecurity

$156–190k San Diego, California, United States; Boston, Massachusetts, United States FULL TIME Remote Friendly

The Brief

“Associate Director, Information Security at Iambic Therapeutics. Skills: Information Security Program Management, Cloud Security, Application Security, GRC, ISO 27001, Risk Management, Compliance. Grow and mature the information security program. Expand security posture into the software development lifecycle”

Industry & Context.

life sciences

Problems you'll solve

risk assessment skills; controls rationalization

What They're Looking For.

Must Have

12+ years of progressive information security experience with a track record of hands-on technical execution, Direct, practitioner-level experience in at least two of the three domains: GRC, IT security operations, and application/cloud security, Experience collaborating with or embedding security within software engineering or product organizations, Deep working knowledge of ISO 27001, including post-certification program management and audit readiness, Familiarity with SOC 2, NIST CSF, HIPAA, SOX IT General Controls, and related frameworks, Hands-on understanding of application security principles, secure SDLC practices, and cloud security (AWS, Azure, or GCP), Able to write and maintain clear, practical policies and standards directly, without relying on external consultants or pre-built templates, risk assessment skills with the ability to translate technical findings into business impact for non-technical audiences, Experience supporting or preparing for a SOX readiness assessment or IPO-related compliance effort, Direct experience with GRC platforms (Vanta, Drata, Tugboat Logic, or similar) and security tooling across endpoint, identity, SIEM, and AppSec domains, Pragmatic and mission-driven; energized by doing meaningful work in a fast-moving clinical-stage environment

Nice to Have

Regulated industry experience strongly life sciences, biotech, or pharma background is a meaningful plus, CISM, CISSP, or CRISC certification preferred, AWS Security Specialty, CCSP, or equivalent a plus

What You'll Do.

Grow and mature the information security program

Expand security posture into the software development lifecycle

Embed cloud security practices across internally developed SaaS environment

Maintain and mature governance

and compliance foundation

Obtain and maintain ISO certification

and the enterprise risk register

Develop security metrics and reporting

Serve as a working technical mentor to security analysts

Own ISO 27001 certification and maintenance

Directly manage controls rationalization across frameworks

Lead and execute the vendor and third-party risk management program

Establish and maintain information security controls in alignment with life sciences regulatory requirements

Partner with Software

and DevOps teams on expanding industry-standard security practices into the software development lifecycle

Actively participate in security operations across the corporate IT environment

Define cloud security governance standards and policies for SaaS-hosted environments and oversee compliance

Own and continuously improve the company-wide security awareness and training program

risk-based security culture

How You'll Work.

Team & Collaboration

partnering closely with IT leadership, R&D, and the broader organization; advising leadership and department heads; Serve as a working technical mentor to security analysts, providing hands-on guidance, knowledge sharing, and day-to-day direction across IT and cloud security domains; Partner with the Software, cloud security, and DevOps teams; collaborating with or embedding security within software engineering or product organizations

Communication Scope

Develop security metrics and reporting for technical and executive stakeholders; translate technical findings into business impact for non-technical audiences

Process & Methodology

Drive and mature the company-wide information security program and strategy, Lead and execute the vendor and third-party risk management program

Free ATS check

Applying for this Associate Director, Information Security role?

Most applicants get filtered before a human reads their resume. See if yours makes the cut.

Should you apply? AI reads your resume vs this job — match score, gaps to address, ATS keywords.

Skill Signal 48 detected

Required

Cloud Security ×3

Application Security ×3

ISO 27001 ×3

Risk Management ×3

Compliance ×3

governance, risk, and compliance foundation ×3

security posture expansion ×3

cloud security practices ×3

ISO certification ×3

policies ×3

Nice to have

IT security operations

SOC 2

NIST CSF

SOX IT General Controls

AWS

Azure

GCP

GRC platforms

Vanta

Drata

Behavioural

leadership

hands-on practitioner

working technical mentor

knowledge sharing

pragmatic

mission-driven

energized by doing meaningful work

inclusive environment

Role Details

Work Mode

Hybrid

Type

FULL TIME

Experience

12–+ yrs

Salary Band

150k-200k

How to Apply on Ashby

Ashby is a fast modern ATS — most applications take under 3 minutes.
The resume parser is strong; verify parsed experience dates and job titles.
Custom screening questions are often scored algorithmically — answer completely.
Location field affects geo-based screening; use your actual metro area.

ANONYMOUS · UNFILTERED

What do employees actually say about Iambic Therapeutics?

Real rants from real employees. Read before you apply.

Read Company Rants →