Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
Iambic Therapeutics

Associate Director, Information Security

Iambic Therapeutics

. Drive and mature the company-wide information security program and strategy including managing policies, standards, risk assessments, and the enterprise risk register .

Posted 5/14/2026full-timeSan Diego • California • 🇺🇸 United StatesSenior💰 $156,000 - $190,000 per yearWebsite

Tech Stack

Tools & technologies
AWSAzureCloudGoogle Cloud PlatformSDLC

About the role

Key responsibilities & impact
  • Drive and mature the company-wide information security program and strategy including managing policies, standards, risk assessments, and the enterprise risk register
  • Act as the primary internal authority on information security operations, advising leadership and department heads on risk and priorities
  • Develop security metrics and reporting for technical and executive stakeholders
  • Serve as a working technical mentor to security analysts, providing hands-on guidance, knowledge sharing, and day-to-day direction across IT and cloud security domains
  • Own ISO 27001 certification and maintenance, including audits, evidence collection, and improvement
  • Directly manage controls rationalization across frameworks (ISO 27001, SOC 2, NIST CSF, SOX ITGC) to support evolving compliance requirements
  • Lead and execute the vendor and third-party risk management program
  • Establish and maintain information security controls in alignment with life sciences regulatory requirements, including 21 CFR Part 11 and GxP
  • Partner with the Software, cloud security, and DevOps teams on expanding industry-standard security practices into the software development lifecycle
  • Actively participate in security operations across the corporate IT environment, including hands-on involvement in endpoint security, identity and access management, vulnerability management, and security monitoring
  • Define cloud security governance standards and policies for SaaS-hosted environments and oversee compliance
  • Own and continuously improve the company-wide security awareness and training program
  • Champion a realistic, risk-based security culture across a diverse workforce spanning research, clinical, and corporate functions

Requirements

What you’ll need
  • 12+ years of progressive information security experience with a strong track record of hands-on technical execution
  • Direct, practitioner-level experience in at least two of the three domains: GRC, IT security operations, and application/cloud security
  • Experience collaborating with or embedding security within software engineering or product organizations
  • Deep working knowledge of ISO 27001, including post-certification program management and audit readiness
  • Familiarity with SOC 2, NIST CSF, HIPAA, SOX IT General Controls, and related frameworks
  • Hands-on understanding of application security principles, secure SDLC practices, and cloud security (AWS, Azure, or GCP)
  • Able to write and maintain clear, practical policies and standards directly, without relying on external consultants or pre-built templates
  • Strong risk assessment skills with the ability to translate technical findings into business impact for non-technical audiences
  • Experience supporting or preparing for a SOX readiness assessment or IPO-related compliance effort
  • Direct experience with GRC platforms (Vanta, Drata, Tugboat Logic, or similar) and security tooling across endpoint, identity, SIEM, and AppSec domains
  • Pragmatic and mission-driven; energized by doing meaningful work in a fast-moving clinical-stage environment.

Benefits

Comp & perks
  • company paid healthcare
  • flexible spending accounts
  • voluntary life insurance
  • 401K matching
  • uncapped vacation

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
information securityrisk assessmentssecurity metricscloud securityapplication securitysecure SDLC practicesrisk assessmentISO 27001SOC 2NIST CSF
Soft Skills
leadershipmentoringcollaborationcommunicationrisk-based security cultureknowledge sharinghands-on guidanceorganizational skillspragmaticmission-driven
Certifications
ISO 27001