Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Senior Manager, IT Cybersecurity & Compliance

$164k - $200k

Kardigan

About Us Kardigan is a heart health company working to make cardiovascular disease preventable, curable and no longer the leading cause of death in the world. It is Kardigan’s mission to develop multiple targeted treatments in parallel that bring people with cardiovascular diseases to the cures they deserve. Led by Tassos Gianakakos, Jay Edelberg and Bob McDowell, Kardigan’s co‑founders have reunited after leading MyoKardia to discover and develop mavacamten, the first cardiac myosin inhibitor, resulting in an acquisition by Bristol Myers Squibb in 2020. We have a cutting‑edge discovery and translational research platform, a pipeline of late‑stage candidates, and an industry‑leading team that is driven to improve the lives of patients. At Kardigan, we are motivated by our values which guide how we work, interact, and achieve our goals. Driven by patients and their families , we are deeply committed to improving the lives of patients and prioritizing their needs above all else. We believe in being authentic —leading with truth to bring out the best in others by creating an environment where every person knows they will be fully accepted. With an eagerness to learn , we encourage the highest levels of curiosity and are open to changing our minds. We are committed to winning as a team with urgency, excellence, and intention, and support each other no matter what role we play or where we sit. Lastly, we strive to enable the impossible because patients are counting on us. We are not afraid to take risks to unlock innovation and advance scientific discoveries. These values are the foundation of our work, empowering us to make a real difference, every day. Position Title: Senior Manager, IT Cybersecurity & Compliance Department: Information Technology Reports To: Senior Director, IT Infrastructure Location: South San Francisco, CA (preferred) or Princeton, NJ – On‑site 4 days per week (Mon to Thurs) Job Overview We are seeking a Senior Manager, IT Cybersecurity and Compliance to manage and strengthen our information security, privacy, and IT compliance programs. Reporting to the Senior Director, IT Infrastructure, this role manages the day‑to‑day security risk management process, runs security awareness and training, and helps ensure compliance with applicable regulations and internal policies (including SOX, GDPR, and GxP). The Senior Manager serves as a primary IT point of contact for audits and assessments, maintains IT security policies and standards, oversees vulnerability management and vendor security reviews, and prepares evidence and attestations for IT General Controls (ITGCs) and related governance processes. Key Responsibilities Security governance and program leadership: Help define and execute the IT security and compliance roadmap and operating processes; maintain metrics, reporting, and continuous improvement activities. Security policies and standards: Maintain and obtain approvals for IT security policies, standards, and procedures (e.g., vulnerability management, patching, configuration baselines, identity and access management, encryption, logging/monitoring, secure remote access, incident response, and third‑party risk management), and recommend updates as needed. Vendor and third‑party security assessments: Conduct security due diligence and ongoing monitoring for vendors (SaaS, cloud, MSPs, consultants, and critical suppliers), including risk tiering, questionnaires, evidence review (e.g., SOC 1/2, ISO 27001), remediation tracking, and security addendum requirements in partnership with Legal and Procurement. Security awareness and training: Run user security training and awareness programs (onboarding, annual training, targeted campaigns, phishing simulations, role‑based training), and measure effectiveness through reporting and follow‑up actions. SOX compliance (ITGC): Support and maintain IT General Controls in scope for SOX (access controls, change management, computer operations, system development where applicable). Provide timely evidence, coordinate walkthroughs, respond to auditor requests, and execute remediation and management action plans. Privacy and regulatory compliance: Partner with Privacy/Legal to support GDPR and other applicable privacy requirements, including security controls, data protection impact inputs, and vendor processing/security reviews. GxP/regulated environment compliance: Help ensure IT controls and practices support GxP expectations (e.g., validated systems, data integrity/ALCOA+ principles, audit trails, controlled access, change control, backup/restore, and incident handling) in partnership with Quality. Identity, access, and permissions governance: Operate access governance processes (role design, least privilege, segregation of duties, periodic access reviews). Provide ITGC‑related attestations for appropriate roles and permissions, including evidence of approvals and review completion. Risk management: Maintain the IT security risk register; perform periodic risk assessments, threat modeling (as appropriate), and control gap analyses; elevate risks and recommendations to leadership. Vulnerability management: Manage the vulnerability management program including scanning, prioritization, remediation SLAs, exception handling, and reporting; partner with Infrastructure, Application owners, and vendors to drive timely remediation. Incident response and investigations: Coordinate IT security incident response activities, including triage, containment, forensics coordination, communications support, and post‑incident reviews; maintain tabletop exercises and runbooks. Audit and assessment management: Serve as a primary IT contact for internal/external audits and customer security assessments; coordinate evidence collection across IT teams; ensure findings are documented, tracked, and resolved. Security architecture and project reviews: Review new systems, integrations, and changes for security and compliance requirements; provide secure‑by‑design guidance for cloud, endpoints, networks, and applications. Data protection: Support data classification, retention/security control alignment, encryption and key management practices (in partnership with platform teams), and secure data handling requirements. Business continuity and disaster recovery: Support IT aspects of BCP/DR planning, testing, and documentation; ensure controls align with audit/regulatory expectations. Collaboration and stakeholder management: Partner with Finance, Quality, Legal/Privacy, HR, Procurement, and business leaders to operationalize controls and meet compliance objectives; communicate security requirements in practical, business‑aligned terms. Required Qualifications Bachelor’s degree in Information Security, Information Systems, Computer Science, or equivalent practical experience. 7+ years of progressive experience in IT, information security, risk management, and/or IT compliance, including experience leading projects, programs, or small teams. Demonstrated experience supporting SOX IT General Controls, including evidence collection, walkthroughs, and remediation of findings. Working knowledge of GDPR security requirements and privacy‑supporting controls. Experience operating in regulated environments and supporting GxP expectations (e.g., pharma/biotech, medical devices, clinical, manufacturing, or quality‑regulated systems). Hands‑on experience with third‑party/vendor security assessments, including SOC report review and risk‑based remediation tracking. Experience designing and delivering security awareness and training programs for end users and administrators. Strong understanding of core security domains: IAM, endpoint security, network security, cloud security, vulnerability management, logging/monitoring, and incident response. Excellent written communication skills, including ability to draft clear policies, standards, and procedures. Preferred Qualifications Relevant certifications such as CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer/Auditor, or similar. Experience with security and compliance frameworks such as NIST CSF, NIST 800‑53, ISO 27001, SOC 2, and/or COBIT. Experience with cloud platforms (e.g., AWS, Azure, GCP) and SaaS security controls. Experience with GRC tooling (risk registers, control libraries, evidence management, vendor risk platforms). Experience supporting customer security questionnaires and audits. Experience building and scaling security programs in high‑growth organizations. Key Competencies Ability to translate regulatory and security requirements into practical, scalable processes. Strong project/program management and prioritization skills; comfortable operating with ambiguity. Strong communication skills and the ability to present risk, tradeoffs, and remediation plans to leadership and stakeholders. High integrity and sound judgment when handling sensitive information. Collaborative approach with the ability to influence without authority across IT and business stakeholders. Detail‑oriented approach to controls, evidence, and documentation while maintaining a risk‑based mindset. Exact Compensation may vary based on skills, experience and location. Pay range: $164,000 – $200,000 USD #J-18808-Ljbffr Kardigan

Vacancy posted 1 day ago
Similar jobs that could be interesting for youBased on the Senior Manager, IT Cybersecurity & Compliance in South San Francisco, CA vacancy
  • $155k - $190k

     ...Risk Advisory team is looking for a Senior Manager to join our Cybersecurity practice. The Senior Manager is...  ...assessments, network and security reviews, compliance, assessments, and system...  ...with clients’ Information Technology (IT) team to implement Information Security... 
    Senior
    Work at office
    Local area
    Remote work
    Visa sponsorship
    Work visa
    Flexible hours
    Day shift

    Miller Kaplan Arase LLP

    San Francisco, CA
    18 days ago
  • $124k - $280k

     ...Overview Specialty/Competency: Cybersecurity & Privacy Industry/Sector: Not...  ...PwC, our people in risk and compliance focus on maintaining regulatory compliance and managing risks for clients, providing advice...  ..., AI-driven solutions. As a Senior Manager, you will lead large... 
    Senior
    Full time
    H1b

    PwC

    San Francisco, CA
    4 hours ago
  • NightDragon Acquisition Corp. is looking for a Senior Product Manager to lead the NodeZero platform product portfolio. The role includes overseeing product strategy and ensuring platform scalability and reliability. The ideal candidate has 5+ years of B2B SaaS product... 
    Senior

    NightDragon Acquisition Corp.

    San Francisco, CA
    3 days ago
  • $90k - $125k

     ...Senior Account Manager, Cybersecurity, Highwire Senior Account Managers on our cybersecurity team lead integrated communications programs for some of the most influential companies in the cybersecurity sector. They bring deep experience across threat intelligence, incident... 
    Senior
    Work at office
    Remote work
    3 days per week

    Highwire

    San Francisco, CA
    3 days ago
  • BCG Attorney Search is seeking a Midlevel/Senior Associate specializing in Regulatory (Consumer Protection) in San Francisco, California...  ...experience with data protection legal frameworks and privacy compliance. The role requires 5-6 years of experience in regulatory... 
    Senior

    BCG Attorney Search

    San Francisco, CA
    4 days ago
  • Veracyte is seeking a Manager, IT & Cybersecurity GRC based in South San Francisco. This role leads the design and execution of enterprise technology controls and manages compliance initiatives. You'll partner with various departments to enhance governance and risk management... 
    Senior

    Veracyte

    South San Francisco, CA
    1 day ago
  • GrubMarket, Inc. is seeking a Business SOX Compliance Manager to own and lead the execution of its business process SOX program. This role reports...  ...the organization. You will partner with Finance, Accounting, IT, Legal, and business leaders to assess risk, drive control... 
    Senior

    GrubMarket, Inc.

    South San Francisco, CA
    1 day ago
  • CareDx is hiring a Senior Software Quality Assurance Engineer to ensure quality across various software products in a fast-paced environment in Brisbane, CA. The ideal candidate will have extensive experience in biotech or diagnostics and a strong background in software... 
    Senior

    CareDx

    Brisbane, CA
    1 day ago
  • $175k - $195k

     ...based in South San Francisco seeks a Senior Infrastructure Engineer to enhance IT systems and architecture. You'll...  ...on-premises servers, ensuring compliance and security standards in a regulated...  ...experience, and strong vendor management skills. This role offers a... 
    Senior

    Lyell Immunopharma

    South San Francisco, CA
    1 day ago
  • $115k - $163k

     ...technology professional to oversee its InfoSec and IT functions. You will oversee the company’s IT vendor(s), security and compliance, and drive AI and technology adoption within...  ..., DLP. Oversee strategy and day‑to‑day management of our IT services contractor(s). Ensure... 
    Senior
    For contractors

    WeaveGrid, Inc.

    San Francisco, CA
    1 day ago
  • $145k - $155k

     ...and respect for one another. The Position: The Manager, IT & Cybersecurity GRC (Governance, Risk, and Compliance) leads the design, execution, and continuous improvement...  ...skills with experience presenting to senior leadership or audit committees #LI-Remote The final... 
    Remote work

    Veracyte

    South San Francisco, CA
    1 day ago
  •  ...San Francisco to spearhead its global cybersecurity partnership strategy. In this pivotal role...  ...teams on product strategies and compliance requirements. The ideal candidate should...  ...cybersecurity, demonstrating success in managing complex partnerships, and should be deeply... 
    Senior

    OpenAI

    San Francisco, CA
    1 day ago
  • $102k - $162.89k

    Baker Tilly US in San Francisco is seeking an IT risk professional to manage financial and operational risks for clients. This role offers a unique...  ...executives while implementing new processes to ensure compliance and security. Ideal candidates will have a bachelor’s degree... 
    Senior

    Baker Tilly US

    San Francisco, CA
    1 day ago
  • Acadia Pharmaceuticals Inc. seeks a Sr. Director of Data Management to lead the data management strategy across clinical development programs. This role drives efficient, high‑quality processes, partners with outsourced vendors, and ensures systems readiness for regulatory... 
    Senior

    Acadia Pharmaceuticals Inc.

    South San Francisco, CA
    1 day ago
  • jobr.pro is looking for a DevSecOps Lead to enhance security protocols and ensure compliance for its voice AI product. This role involves close collaboration with various teams to build a robust security framework as the company scales. The ideal candidate has extensive... 
    Senior
    Flexible hours

    jobr.pro

    San Francisco, CA
    3 days ago
  • SoFi is seeking a Cybersecurity Incident Commander based in San Francisco. The role focuses on managing security incident responses and ensuring effective communication during cybersecurity events. You'll collaborate with various teams to drive incident containment and... 
    Senior

    SoFi

    San Francisco, CA
    1 day ago
  •  ...focused professional to oversee endpoint and cloud asset security across our enterprise footprint. You will manage EDR, vulnerability programs, and continuous compliance to protect systems and data. You will lead onboarding/offboarding security, coordinate with auditors for... 
    Senior

    Cobalt

    San Francisco, CA
    1 day ago
  • $85.91k - $162.89k

     ...your work experiences and hone your skills as an IT risk professional in the areas of compliance, cybersecurity, and internal controls. You crave the opportunity...  ...Will Do Work closely with client executives and management teams to understand their businesses and assist... 
    Senior
    Work experience placement
    Local area

    Baker Tilly US

    San Francisco, CA
    1 day ago
  • Gallagher seeks a Senior Broker Placement Specialist to independently manage cyber marketing and placement of new accounts and renewals for complex portfolios. You will collaborate with Sales Leaders and the Branch President to maximize revenue and opportunities while... 
    Senior

    Gallagher

    San Francisco, CA
    2 days ago
  • OpenAI is looking for a marketing professional for their cybersecurity offerings in San Francisco, CA. The role requires ownership of positioning, building assets for sales and security leaders, and coordinating marketing campaigns. The ideal candidate will have over 7... 
    Senior
    Relocation package

    OpenAI

    San Francisco, CA
    15 hours ago
  • $150k - $200k

     ...Owning and evolving our vulnerability management, misconfiguration detection, and SIEM strategy...  ...partnership with product, InfoSec, and IT Contributing to day‑to‑day Cloud...  ...than gates and approvals; low‑friction compliance is the goal You understand the security... 
    Senior
    Work at office
    Remote work

    Truebill

    San Francisco, CA
    4 days ago
  • $183k - $225k

     ...The Sr. Systems Engineer is a senior individual contributor and...  ...systems, not internal enterprise IT, and requires deep expertise...  ...without formal people management. Design, configure, and support...  ...environments with awareness of compliance and audit expectations. Demonstrated... 
    Senior

    Veracyte

    South San Francisco, CA
    4 days ago
  • $250k - $290k

     ...Senior Director, Corporate Controller Department: Finance Locations...  ..., equity, treasury, risk management, tax and internal controls. This...  ..., State, and local tax compliance and filings. Systems and Tools...  ...partners to develop Finance IT roadmap, implementing select... 
    Senior
    Full time
    Work at office
    Local area

    Encoded Genomics

    South San Francisco, CA
    3 days ago
  • $159k

     ...Business Operations / Strategy  Job Level: Senior Manager Business Unit: Strategy & Growth...  ...Department Overview: The Electric Risk & Compliance organization provides governance,...  ...provides input into FERC/NERC policy as it pertains to development of new and/or revised... 
    Senior
    Contract work
    Work experience placement
    Work at office
    Flexible hours
    2 days per week
    3 days per week

    PG&E Corporation

    Millbrae, CA
    2 days ago
  • Rippling is hiring a Senior Product Marketing Manager to own how IT products are positioned, launched, and sold. You will sharpen the message, build the...  ...environment, shaping messaging for IT infrastructure, identity, and compliance while exploring #J-18808-Ljbffr Rippling
    Senior

    Rippling

    San Francisco, CA
    1 day ago
  • PwC is hiring an AI Engineer / Data Scientist, AI Senior Associate in San Francisco, CA. The role focuses on evaluating AI solutions for governance and compliance, leading AI/ML control initiatives, and improving reporting and transparency across teams. You will collaborate... 
    Senior

    TryApplyNow

    San Francisco, CA
    15 hours ago
  • DocuSign seeks a Senior IT Auditor in California to join the global internal audit function. You will collaborate with business leaders, IT management, and the second line of defense to plan and perform enterprise‑wide IT, operational, and regulatory audits, including SOX... 
    Senior

    Docusign

    San Francisco, CA
    1 day ago
  • $115k - $163k

    WeaveGrid, Inc. in San Francisco, CA is seeking an Information Security and IT Professional to lead the company's security functions. You will manage IT vendors, oversee compliance such as SOC 2 Type II, and drive AI and technology adoption within the company. The ideal... 
    Senior

    WeaveGrid, Inc.

    San Francisco, CA
    1 day ago
  • $250k - $290k

    EY-Parthenon is looking for a Senior Director to lead AI Business Solutions. In this role, you will oversee AI solution deployment, ensuring...  ...sectors. The ideal candidate has a strong background in management consulting, with 7-8 years of experience and a deep understanding... 
    Senior

    EY-Parthenon

    San Francisco, CA
    1 day ago
  • $180k - $258k

    candidhealth is seeking a Senior Security Engineer to enhance the safety and security of its systems. In this role, you'll be integral...  ...processes, collaborate with engineering teams, and navigate compliance requirements including HIPAA and SOC. The position calls for over... 
    Senior

    candidhealth

    San Francisco, CA
    1 day ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Senior Manager, IT Cybersecurity & Compliance. Be the first to apply!