Senior Manager, IT Cybersecurity & Compliance
$164k - $200kKardigan
About Us Kardigan is a heart health company working to make cardiovascular disease preventable, curable and no longer the leading cause of death in the world. It is Kardigan’s mission to develop multiple targeted treatments in parallel that bring people with cardiovascular diseases to the cures they deserve. Led by Tassos Gianakakos, Jay Edelberg and Bob McDowell, Kardigan’s co‑founders have reunited after leading MyoKardia to discover and develop mavacamten, the first cardiac myosin inhibitor, resulting in an acquisition by Bristol Myers Squibb in 2020. We have a cutting‑edge discovery and translational research platform, a pipeline of late‑stage candidates, and an industry‑leading team that is driven to improve the lives of patients. At Kardigan, we are motivated by our values which guide how we work, interact, and achieve our goals. Driven by patients and their families , we are deeply committed to improving the lives of patients and prioritizing their needs above all else. We believe in being authentic —leading with truth to bring out the best in others by creating an environment where every person knows they will be fully accepted. With an eagerness to learn , we encourage the highest levels of curiosity and are open to changing our minds. We are committed to winning as a team with urgency, excellence, and intention, and support each other no matter what role we play or where we sit. Lastly, we strive to enable the impossible because patients are counting on us. We are not afraid to take risks to unlock innovation and advance scientific discoveries. These values are the foundation of our work, empowering us to make a real difference, every day. Position Title: Senior Manager, IT Cybersecurity & Compliance Department: Information Technology Reports To: Senior Director, IT Infrastructure Location: South San Francisco, CA (preferred) or Princeton, NJ – On‑site 4 days per week (Mon to Thurs) Job Overview We are seeking a Senior Manager, IT Cybersecurity and Compliance to manage and strengthen our information security, privacy, and IT compliance programs. Reporting to the Senior Director, IT Infrastructure, this role manages the day‑to‑day security risk management process, runs security awareness and training, and helps ensure compliance with applicable regulations and internal policies (including SOX, GDPR, and GxP). The Senior Manager serves as a primary IT point of contact for audits and assessments, maintains IT security policies and standards, oversees vulnerability management and vendor security reviews, and prepares evidence and attestations for IT General Controls (ITGCs) and related governance processes. Key Responsibilities Security governance and program leadership: Help define and execute the IT security and compliance roadmap and operating processes; maintain metrics, reporting, and continuous improvement activities. Security policies and standards: Maintain and obtain approvals for IT security policies, standards, and procedures (e.g., vulnerability management, patching, configuration baselines, identity and access management, encryption, logging/monitoring, secure remote access, incident response, and third‑party risk management), and recommend updates as needed. Vendor and third‑party security assessments: Conduct security due diligence and ongoing monitoring for vendors (SaaS, cloud, MSPs, consultants, and critical suppliers), including risk tiering, questionnaires, evidence review (e.g., SOC 1/2, ISO 27001), remediation tracking, and security addendum requirements in partnership with Legal and Procurement. Security awareness and training: Run user security training and awareness programs (onboarding, annual training, targeted campaigns, phishing simulations, role‑based training), and measure effectiveness through reporting and follow‑up actions. SOX compliance (ITGC): Support and maintain IT General Controls in scope for SOX (access controls, change management, computer operations, system development where applicable). Provide timely evidence, coordinate walkthroughs, respond to auditor requests, and execute remediation and management action plans. Privacy and regulatory compliance: Partner with Privacy/Legal to support GDPR and other applicable privacy requirements, including security controls, data protection impact inputs, and vendor processing/security reviews. GxP/regulated environment compliance: Help ensure IT controls and practices support GxP expectations (e.g., validated systems, data integrity/ALCOA+ principles, audit trails, controlled access, change control, backup/restore, and incident handling) in partnership with Quality. Identity, access, and permissions governance: Operate access governance processes (role design, least privilege, segregation of duties, periodic access reviews). Provide ITGC‑related attestations for appropriate roles and permissions, including evidence of approvals and review completion. Risk management: Maintain the IT security risk register; perform periodic risk assessments, threat modeling (as appropriate), and control gap analyses; elevate risks and recommendations to leadership. Vulnerability management: Manage the vulnerability management program including scanning, prioritization, remediation SLAs, exception handling, and reporting; partner with Infrastructure, Application owners, and vendors to drive timely remediation. Incident response and investigations: Coordinate IT security incident response activities, including triage, containment, forensics coordination, communications support, and post‑incident reviews; maintain tabletop exercises and runbooks. Audit and assessment management: Serve as a primary IT contact for internal/external audits and customer security assessments; coordinate evidence collection across IT teams; ensure findings are documented, tracked, and resolved. Security architecture and project reviews: Review new systems, integrations, and changes for security and compliance requirements; provide secure‑by‑design guidance for cloud, endpoints, networks, and applications. Data protection: Support data classification, retention/security control alignment, encryption and key management practices (in partnership with platform teams), and secure data handling requirements. Business continuity and disaster recovery: Support IT aspects of BCP/DR planning, testing, and documentation; ensure controls align with audit/regulatory expectations. Collaboration and stakeholder management: Partner with Finance, Quality, Legal/Privacy, HR, Procurement, and business leaders to operationalize controls and meet compliance objectives; communicate security requirements in practical, business‑aligned terms. Required Qualifications Bachelor’s degree in Information Security, Information Systems, Computer Science, or equivalent practical experience. 7+ years of progressive experience in IT, information security, risk management, and/or IT compliance, including experience leading projects, programs, or small teams. Demonstrated experience supporting SOX IT General Controls, including evidence collection, walkthroughs, and remediation of findings. Working knowledge of GDPR security requirements and privacy‑supporting controls. Experience operating in regulated environments and supporting GxP expectations (e.g., pharma/biotech, medical devices, clinical, manufacturing, or quality‑regulated systems). Hands‑on experience with third‑party/vendor security assessments, including SOC report review and risk‑based remediation tracking. Experience designing and delivering security awareness and training programs for end users and administrators. Strong understanding of core security domains: IAM, endpoint security, network security, cloud security, vulnerability management, logging/monitoring, and incident response. Excellent written communication skills, including ability to draft clear policies, standards, and procedures. Preferred Qualifications Relevant certifications such as CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer/Auditor, or similar. Experience with security and compliance frameworks such as NIST CSF, NIST 800‑53, ISO 27001, SOC 2, and/or COBIT. Experience with cloud platforms (e.g., AWS, Azure, GCP) and SaaS security controls. Experience with GRC tooling (risk registers, control libraries, evidence management, vendor risk platforms). Experience supporting customer security questionnaires and audits. Experience building and scaling security programs in high‑growth organizations. Key Competencies Ability to translate regulatory and security requirements into practical, scalable processes. Strong project/program management and prioritization skills; comfortable operating with ambiguity. Strong communication skills and the ability to present risk, tradeoffs, and remediation plans to leadership and stakeholders. High integrity and sound judgment when handling sensitive information. Collaborative approach with the ability to influence without authority across IT and business stakeholders. Detail‑oriented approach to controls, evidence, and documentation while maintaining a risk‑based mindset. Exact Compensation may vary based on skills, experience and location. Pay range: $164,000 – $200,000 USD #J-18808-Ljbffr Kardigan
$155k - $190k
...Risk Advisory team is looking for a Senior Manager to join our Cybersecurity practice. The Senior Manager is... ...assessments, network and security reviews, compliance, assessments, and system... ...with clients’ Information Technology (IT) team to implement Information Security...SeniorWork at officeLocal areaRemote workVisa sponsorshipWork visaFlexible hoursDay shift$124k - $280k
...Overview Specialty/Competency: Cybersecurity & Privacy Industry/Sector: Not... ...PwC, our people in risk and compliance focus on maintaining regulatory compliance and managing risks for clients, providing advice... ..., AI-driven solutions. As a Senior Manager, you will lead large...SeniorFull timeH1b- NightDragon Acquisition Corp. is looking for a Senior Product Manager to lead the NodeZero platform product portfolio. The role includes overseeing product strategy and ensuring platform scalability and reliability. The ideal candidate has 5+ years of B2B SaaS product...Senior
$90k - $125k
...Senior Account Manager, Cybersecurity, Highwire Senior Account Managers on our cybersecurity team lead integrated communications programs for some of the most influential companies in the cybersecurity sector. They bring deep experience across threat intelligence, incident...SeniorWork at officeRemote work3 days per week- BCG Attorney Search is seeking a Midlevel/Senior Associate specializing in Regulatory (Consumer Protection) in San Francisco, California... ...experience with data protection legal frameworks and privacy compliance. The role requires 5-6 years of experience in regulatory...Senior
- Veracyte is seeking a Manager, IT & Cybersecurity GRC based in South San Francisco. This role leads the design and execution of enterprise technology controls and manages compliance initiatives. You'll partner with various departments to enhance governance and risk management...Senior
- GrubMarket, Inc. is seeking a Business SOX Compliance Manager to own and lead the execution of its business process SOX program. This role reports... ...the organization. You will partner with Finance, Accounting, IT, Legal, and business leaders to assess risk, drive control...Senior
- CareDx is hiring a Senior Software Quality Assurance Engineer to ensure quality across various software products in a fast-paced environment in Brisbane, CA. The ideal candidate will have extensive experience in biotech or diagnostics and a strong background in software...Senior
$175k - $195k
...based in South San Francisco seeks a Senior Infrastructure Engineer to enhance IT systems and architecture. You'll... ...on-premises servers, ensuring compliance and security standards in a regulated... ...experience, and strong vendor management skills. This role offers a...Senior$115k - $163k
...technology professional to oversee its InfoSec and IT functions. You will oversee the company’s IT vendor(s), security and compliance, and drive AI and technology adoption within... ..., DLP. Oversee strategy and day‑to‑day management of our IT services contractor(s). Ensure...SeniorFor contractors$145k - $155k
...and respect for one another. The Position: The Manager, IT & Cybersecurity GRC (Governance, Risk, and Compliance) leads the design, execution, and continuous improvement... ...skills with experience presenting to senior leadership or audit committees #LI-Remote The final...Remote work- ...San Francisco to spearhead its global cybersecurity partnership strategy. In this pivotal role... ...teams on product strategies and compliance requirements. The ideal candidate should... ...cybersecurity, demonstrating success in managing complex partnerships, and should be deeply...Senior
$102k - $162.89k
Baker Tilly US in San Francisco is seeking an IT risk professional to manage financial and operational risks for clients. This role offers a unique... ...executives while implementing new processes to ensure compliance and security. Ideal candidates will have a bachelor’s degree...Senior- Acadia Pharmaceuticals Inc. seeks a Sr. Director of Data Management to lead the data management strategy across clinical development programs. This role drives efficient, high‑quality processes, partners with outsourced vendors, and ensures systems readiness for regulatory...Senior
- jobr.pro is looking for a DevSecOps Lead to enhance security protocols and ensure compliance for its voice AI product. This role involves close collaboration with various teams to build a robust security framework as the company scales. The ideal candidate has extensive...SeniorFlexible hours
- SoFi is seeking a Cybersecurity Incident Commander based in San Francisco. The role focuses on managing security incident responses and ensuring effective communication during cybersecurity events. You'll collaborate with various teams to drive incident containment and...Senior
- ...focused professional to oversee endpoint and cloud asset security across our enterprise footprint. You will manage EDR, vulnerability programs, and continuous compliance to protect systems and data. You will lead onboarding/offboarding security, coordinate with auditors for...Senior
$85.91k - $162.89k
...your work experiences and hone your skills as an IT risk professional in the areas of compliance, cybersecurity, and internal controls. You crave the opportunity... ...Will Do Work closely with client executives and management teams to understand their businesses and assist...SeniorWork experience placementLocal area- Gallagher seeks a Senior Broker Placement Specialist to independently manage cyber marketing and placement of new accounts and renewals for complex portfolios. You will collaborate with Sales Leaders and the Branch President to maximize revenue and opportunities while...Senior
- OpenAI is looking for a marketing professional for their cybersecurity offerings in San Francisco, CA. The role requires ownership of positioning, building assets for sales and security leaders, and coordinating marketing campaigns. The ideal candidate will have over 7...SeniorRelocation package
$150k - $200k
...Owning and evolving our vulnerability management, misconfiguration detection, and SIEM strategy... ...partnership with product, InfoSec, and IT Contributing to day‑to‑day Cloud... ...than gates and approvals; low‑friction compliance is the goal You understand the security...SeniorWork at officeRemote work$183k - $225k
...The Sr. Systems Engineer is a senior individual contributor and... ...systems, not internal enterprise IT, and requires deep expertise... ...without formal people management. Design, configure, and support... ...environments with awareness of compliance and audit expectations. Demonstrated...Senior$250k - $290k
...Senior Director, Corporate Controller Department: Finance Locations... ..., equity, treasury, risk management, tax and internal controls. This... ..., State, and local tax compliance and filings. Systems and Tools... ...partners to develop Finance IT roadmap, implementing select...SeniorFull timeWork at officeLocal area$159k
...Business Operations / Strategy Job Level: Senior Manager Business Unit: Strategy & Growth... ...Department Overview: The Electric Risk & Compliance organization provides governance,... ...provides input into FERC/NERC policy as it pertains to development of new and/or revised...SeniorContract workWork experience placementWork at officeFlexible hours2 days per week3 days per week- Rippling is hiring a Senior Product Marketing Manager to own how IT products are positioned, launched, and sold. You will sharpen the message, build the... ...environment, shaping messaging for IT infrastructure, identity, and compliance while exploring #J-18808-Ljbffr RipplingSenior
- PwC is hiring an AI Engineer / Data Scientist, AI Senior Associate in San Francisco, CA. The role focuses on evaluating AI solutions for governance and compliance, leading AI/ML control initiatives, and improving reporting and transparency across teams. You will collaborate...Senior
- DocuSign seeks a Senior IT Auditor in California to join the global internal audit function. You will collaborate with business leaders, IT management, and the second line of defense to plan and perform enterprise‑wide IT, operational, and regulatory audits, including SOX...Senior
$115k - $163k
WeaveGrid, Inc. in San Francisco, CA is seeking an Information Security and IT Professional to lead the company's security functions. You will manage IT vendors, oversee compliance such as SOC 2 Type II, and drive AI and technology adoption within the company. The ideal...Senior$250k - $290k
EY-Parthenon is looking for a Senior Director to lead AI Business Solutions. In this role, you will oversee AI solution deployment, ensuring... ...sectors. The ideal candidate has a strong background in management consulting, with 7-8 years of experience and a deep understanding...Senior$180k - $258k
candidhealth is seeking a Senior Security Engineer to enhance the safety and security of its systems. In this role, you'll be integral... ...processes, collaborate with engineering teams, and navigate compliance requirements including HIPAA and SOC. The position calls for over...Senior
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Senior Manager, IT Cybersecurity & Compliance. Be the first to apply!
- compliance director South San Francisco, CA
- regulatory affairs manager pharmaceutical South San Francisco, CA
- senior director regulatory affairs South San Francisco, CA
- senior regulatory manager South San Francisco, CA
- sr. manager regulatory compliance South San Francisco, CA
- compliance manager South San Francisco, CA
- training and compliance manager South San Francisco, CA
- regulatory affairs director South San Francisco, CA
- regulatory cmc manager South San Francisco, CA
- regulatory manager South San Francisco, CA


