Associate Director, Information Security

JOB SUMMARY We have an established information security program and are looking for a hands-on Associate Director to grow it and take it to the next level. This is a practitioner role as much as a leadership role — you will be directly involved in the work across governance, IT, cloud security, software, and DevOps. The immediate strategic priority is expanding our security posture into the software development lifecycle, embedding cloud security practices across our internally developed SaaS environment, while maintaining and maturing our governance, risk, and compliance foundation. You will work to obtain and maintain our ISO certification, partnering closely with IT leadership, R&D, and the broader organization to continuously raise the security bar across the company. This role reports to the VP of IT and carries significant visibility to the CTO and senior leadership. This role is Hybrid based in San Diego HQ or Boston, MA preferred KEY RESPONSIBILITIES - Drive and mature the company-wide information security program and strategy including managing policies, standards, risk assessments, and the enterprise risk register - Act as the primary internal authority on information security operations, advising leadership and department heads on risk and priorities - Develop security metrics and reporting for technical and executive stakeholders - Serve as a working technical mentor to security analysts, providing hands-on guidance, knowledge sharing, and day-to-day direction across IT and cloud security domains - Own ISO 27001 certification and maintenance, including audits, evidence collection, and improvement - Directly manage controls rationalization across frameworks (ISO 27001, SOC 2, NIST CSF, SOX ITGC) to support evolving compliance requirements - Lead and execute the vendor and third-party risk management program - Establish and maintain information security controls in alignment with life sciences regulatory requirements, including 21 CFR Part 11 and GxP - Partner with the Software, cloud security, and DevOps teams on expanding industry-standard security practices into the software development lifecycle - Actively participate in security operations across the corporate IT environment, including hands-on involvement in endpoint security, identity and access management, vulnerability management, and security monitoring - Define cloud security governance standards and policies for SaaS-hosted environments and oversee compliance - Own and continuously improve the company-wide security awareness and training program - Champion a realistic, risk-based security culture across a diverse workforce spanning research, clinical, and corporate functions QUALIFICATIONS - 12+ years of progressive information security experience with a strong track record of hands-on technical execution - Direct, practitioner-level experience in at least two of the three domains: GRC, IT security operations, and application/cloud security - Experience collaborating with or embedding security within software engineering or product organizations - Deep working knowledge of ISO 27001, including post-certification program management and audit readiness - Familiarity with SOC 2, NIST CSF, HIPAA, SOX IT General Controls, and related frameworks - Hands-on understanding of application security principles, secure SDLC practices, and cloud security (AWS, Azure, or GCP) - Able to write and maintain clear, practical policies and standards directly, without relying on external consultants or pre-built templates - Strong risk assessment skills with the ability to translate technical findings into business impact for non-technical audiences - Experience supporting or preparing for a SOX readiness assessment or IPO-related compliance effort - Direct experience with GRC platforms (Vanta, Drata, Tugboat Logic, or similar) and security tooling across endpoint, identity, SIEM, and AppSec domains - Pragmatic and mission-driven; energized by doing meaningful work in a fast-moving clinical-stage environment PREFERRED QUALIFICATIONS - Regulated industry experience strongly preferred; life sciences, biotech, or pharma background is a meaningful plus - CISM, CISSP, or CRISC certification preferred, AWS Security Specialty, CCSP, or equivalent a plus ABOUT IAMBIC THERAPEUTICS Iambic is a clinical-stage life-science and technology company developing novel medicines using its AI-driven discovery and development platform. Based in San Diego and founded in 2020, Iambic has assembled a world-class team that unites pioneering AI experts and experienced drug hunters. The Iambic platform has demonstrated delivery of new drug candidates to human clinical trials with unprecedented speed and across multiple target classes and mechanisms of action. Iambic is advancing a pipeline of potential best-in-class and first-in-class clinical assets, both internally and in partnership, to address urgent unmet patient need. Learn more about the Iambic team, platform, pipeline, and partnerships at iambic.ai http://iambic.ai. MISSION & CORE VALUES Our mission is to deliver better medicines through innovations in AI-based discovery technologies. The culture and work at Iambic Therapeutics are profoundly strengthened by the diversity of our people and our differences in background, culture, national origin, religion, sexual orientation, and life experiences. We are committed to building an inclusive environment where a diverse group of talented humans work together to discover therapeutics and create technologies. PAY AND BENEFITS We offer industry leading competitive pay, company paid healthcare, flexible spending accounts, voluntary life insurance, 401K matching, and uncapped vacation to our team. We are in a brand-new state-of-the art facility in beautiful San Diego with an onsite gym, dining, and easy access to great places to live and play.