Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Senior Manager, IT Cybersecurity & Compliance

$164k - $200k
Full-time

Kardigan

About Us Kardigan is a heart health company working to make cardiovascular disease preventable, curable and no longer the leading cause of death in the world. It is Kardigan’s mission to develop multiple targeted treatments in parallel that bring people with cardiovascular diseases to the cures they deserve. Led by Tassos Gianakakos, Jay Edelberg, M.D., Ph.D., and Bob McDowell, Ph.D., Kardigan’s co-founders have reunited after leading MyoKardia to discover and develop mavacamten, the first cardiac myosin inhibitor, resulting in an acquisition by Bristol Myers Squibb in 2020. We have a cutting-edge discovery and translational research platform, a pipeline of late-stage candidates, and an industry-leading team that is driven to improve the lives of patients. At Kardigan, we are motivated by our values which guide how we work, interact, and achieve our goals. Driven by patients and their families, we are deeply committed to improving the lives of patients and prioritizing their needs above all else. We believe in being authentic—leading with truth to bring out the best in others by creating an environment where every person knows they will be fully accepted. With an eagerness to learn, we encourage the highest levels of curiosity and are open to changing our minds. We are committed to winning as a team with urgency, excellence, and intention, and support each other no matter what role we play or where we sit. Lastly, we strive to enable the impossible because patients are counting on us. We are not afraid to take risks to unlock innovation and advance scientific discoveries. These values are the foundation of our work, empowering us to make a real difference, every day. Position Title: Senior Manager, IT Cybersecurity & Compliance Department: Information Technology Reports To: Senior Director, IT Infrastructure Location: South San Francisco, CA (preferred) or Princeton, NJ – On-site 4 days per week (Mon to Thurs) Job Overview We are seeking a Senior Manager, IT Cybersecurity and Compliance to manage and strengthen our information security, privacy, and IT compliance programs. Reporting to the Senior Director, IT Infrastructure, this role manages the day-to-day security risk management process, runs security awareness and training, and helps ensure compliance with applicable regulations and internal policies (including SOX, GDPR, and GxP). The Senior Manager serves as a primary IT point of contact for audits and assessments, maintains IT security policies and standards, oversees vulnerability management and vendor security reviews, and prepares evidence and attestations for IT General Controls (ITGCs) and related governance processes. Key Responsibilities Security governance and program leadership: Help define and execute the IT security and compliance roadmap and operating processes; maintain metrics, reporting, and continuous improvement activities. Security policies and standards: Maintain and obtain approvals for IT security policies, standards, and procedures (e.g., vulnerability management, patching, configuration baselines, identity and access management, encryption, logging/monitoring, secure remote access, incident response, and third-party risk management), and recommend updates as needed. Vendor and third-party security assessments: Conduct security due diligence and ongoing monitoring for vendors (SaaS, cloud, MSPs, consultants, and critical suppliers), including risk tiering, questionnaires, evidence review (e.g., SOC 1/2, ISO 27001), remediation tracking, and security addendum requirements in partnership with Legal and Procurement. Security awareness and training: Run user security training and awareness programs (onboarding, annual training, targeted campaigns, phishing simulations, role-based training), and measure effectiveness through reporting and follow-up actions. SOX compliance (ITGC): Support and maintain IT General Controls in scope for SOX (access controls, change management, computer operations, system development where applicable). Provide timely evidence, coordinate walkthroughs, respond to auditor requests, and execute remediation and management action plans. Privacy and regulatory compliance: Partner with Privacy/Legal to support GDPR and other applicable privacy requirements, including security controls, data protection impact inputs, and vendor processing/security reviews. GxP/regulated environment compliance: Help ensure IT controls and practices support GxP expectations (e.g., validated systems, data integrity/ALCOA+ principles, audit trails, controlled access, change control, backup/restore, and incident handling) in partnership with Quality. Identity, access, and permissions governance: Operate access governance processes (role design, least privilege, segregation of duties, periodic access reviews). Provide ITGC-related attestations for appropriate roles and permissions, including evidence of approvals and review completion. Risk management: Maintain the IT security risk register; perform periodic risk assessments, threat modeling (as appropriate), and control gap analyses; escalate risks and recommendations to leadership. Vulnerability management: Manage the vulnerability management program including scanning, prioritization, remediation SLAs, exception handling, and reporting; partner with Infrastructure, Application owners, and vendors to drive timely remediation. Incident response and investigations: Coordinate IT security incident response activities, including triage, containment, forensics coordination, communications support, and post-incident reviews; maintain tabletop exercises and runbooks. Audit and assessment management: Serve as a primary IT contact for internal/external audits and customer security assessments; coordinate evidence collection across IT teams; ensure findings are documented, tracked, and resolved. Security architecture and project reviews: Review new systems, integrations, and changes for security and compliance requirements; provide secure-by-design guidance for cloud, endpoints, networks, and applications. Data protection: Support data classification, retention/security control alignment, encryption and key management practices (in partnership with platform teams), and secure data handling requirements. Business continuity and disaster recovery: Support IT aspects of BCP/DR planning, testing, and documentation; ensure controls align with audit/regulatory expectations. Collaboration and stakeholder management: Partner with Finance, Quality, Legal/Privacy, HR, Procurement, and business leaders to operationalize controls and meet compliance objectives; communicate security requirements in practical, business-aligned terms. Required Qualifications Bachelor’s degree in Information Security, Information Systems, Computer Science, or equivalent practical experience. 7+ years of progressive experience in IT, information security, risk management, and/or IT compliance, including experience leading projects, programs, or small teams. Demonstrated experience supporting SOX IT General Controls, including evidence collection, walkthroughs, and remediation of findings. Working knowledge of GDPR security requirements and privacy-supporting controls. Experience operating in regulated environments and supporting GxP expectations (e.g., pharma/biotech, medical devices, clinical, manufacturing, or quality-regulated systems). Hands-on experience with third-party/vendor security assessments, including SOC report review and risk-based remediation tracking. Experience designing and delivering security awareness and training programs for end users and administrators. Strong understanding of core security domains: IAM, endpoint security, network security, cloud security, vulnerability management, logging/monitoring, and incident response. Excellent written communication skills, including ability to draft clear policies, standards, and procedures. Preferred Qualifications Relevant certifications such as CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer/Auditor, or similar. Experience with security and compliance frameworks such as NIST CSF, NIST 800-53, ISO 27001, SOC 2, and/or COBIT. Experience with cloud platforms (e.g., AWS, Azure, GCP) and SaaS security controls. Experience with GRC tooling (risk registers, control libraries, evidence management, vendor risk platforms). Experience supporting customer security questionnaires and audits. Experience building and scaling security programs in high-growth organizations. Key Competencies Ability to translate regulatory and security requirements into practical, scalable processes. Strong project/program management and prioritization skills; comfortable operating with ambiguity. Strong communication skills and the ability to present risk, tradeoffs, and remediation plans to leadership and stakeholders. High integrity and sound judgment when handling sensitive information. Collaborative approach with the ability to influence without authority across IT and business stakeholders. Detail-oriented approach to controls, evidence, and documentation while maintaining a risk-based mindset. Exact Compensation may vary based on skills, experience and location. Pay range

$164,000—$200,000 USD

Vacancy posted 1 day ago
Similar jobs that could be interesting for youBased on the Senior Manager, IT Cybersecurity & Compliance in South San Francisco, CA vacancy
  • A leading cybersecurity firm is seeking a Strategic Account Manager to manage high-value accounts and drive customer success using AI-powered systems. The role requires a deep understanding of B2B dynamics in cybersecurity, strong relationships with executives, and the... 
    Senior
    Full time

    Virio

    San Francisco, CA
    5 days ago
  • $155k - $190k

     ...Risk Advisory team is looking for a Senior Manager to join our Cybersecurity practice. The Senior Manager is...  ...assessments, network and security reviews, compliance, assessments, and system...  ...with clients’ Information Technology (IT) team to implement Information Security... 
    Senior
    Work at office
    Local area
    Remote work
    Visa sponsorship
    Work visa
    Flexible hours
    Day shift

    Miller Kaplan Arase LLP

    San Francisco, CA
    6 days ago
  • Megaport is looking for a Senior Cyber Security Analyst to join their Brisbane team, focusing on governance, risk, and compliance. This role involves leading security compliance certification activities like ISO27001:2022 and SOC 2 Type 2, mentoring analysts, and preparing... 
    Senior
    Flexible hours

    Megaport

    Brisbane, CA
    4 days ago
  • $124k - $280k

     ...Specialty/Competency: Cybersecurity & Privacy Industry/Sector: Not Applicable...  ...PwC, our people in risk and compliance focus on maintaining regulatory compliance and managing risks for clients, providing...  ..., AI-driven solutions. As a Senior Manager, you will lead large... 
    Senior
    Full time
    H1b

    PwC

    San Francisco, CA
    4 days ago
  • BCG Attorney Search is seeking a Midlevel/Senior Associate specializing in Regulatory (Consumer Protection) in San Francisco, California...  ...experience with data protection legal frameworks and privacy compliance. The role requires 5-6 years of experience in regulatory... 
    Senior

    BCG Attorney Search

    San Francisco, CA
    2 days ago
  • Stafl Systems, LLC is seeking a Senior Systems Engineer in South San Francisco to design and implement advanced systems solutions for...  ...encompass system architecture definition, functional safety, and compliance across the product lifecycle. This position offers competitive... 
    Senior

    Stafl Systems, LLC

    South San Francisco, CA
    6 days ago
  •  ...South San Francisco. You will serve as the subject matter expert for industry standards, define system requirements, and ensure compliance throughout the product lifecycle. Ideal candidates have over 5 years of relevant experience and a strong technical background. The... 
    Senior

    STAFL Systems, LLC.

    South San Francisco, CA
    3 days ago
  • $165k - $200k

     ...system solutions for electric vehicle powertrains in South San Francisco. This role emphasizes systems architecture, regulatory compliance, and functional safety, ideal for candidates passionate about innovative EV technology. Responsibilities include defining system... 
    Senior

    Stafl Systems

    South San Francisco, CA
    5 days ago
  • Allergan is seeking a Manager, Statistics to provide statistical expertise for clinical trials and research. This hybrid role requires collaboration with multifunctional teams to ensure high-quality output and scientific soundness. Candidates should have an MS or PhD in... 
    Senior

    Allergan

    South San Francisco, CA
    6 days ago
  •  ...San Francisco to spearhead its global cybersecurity partnership strategy. In this pivotal role...  ...teams on product strategies and compliance requirements. The ideal candidate should...  ...cybersecurity, demonstrating success in managing complex partnerships, and should be deeply... 
    Senior

    OpenAI

    San Francisco, CA
    4 days ago
  • B Capital is seeking a Senior and Lead Security Engineer for the Secure AI team. You will assess and maintain AI tooling security, ensuring compliance with Salesforce requirements while identifying emerging threats. Your role encompasses conducting security assessments,... 
    Senior

    B Capital

    San Francisco, CA
    3 days ago
  • Stripe is seeking a Software Engineer in South San Francisco to lead technical discussions and implement solutions for fraud and compliance. This role requires a Bachelor's degree in Computer Science and three years of experience, with a focus on building software in the... 
    Senior
    Remote work

    Stripe

    South San Francisco, CA
    2 days ago
  •  ...DevSecOps Lead in San Francisco to enhance the security of our voice AI platform. You'll collaborate with multiple teams to ensure compliance and strong security for enterprise clients, including Fortune 500 companies. This hands-on role emphasizes proactive security... 
    Senior

    Vapi

    San Francisco, CA
    4 days ago
  • $81.4k - $151.8k

    BMO in San Francisco is seeking a Senior Azure Cloud Engineer to support core business IT initiatives. You will design and implement cloud solutions, ensuring security and compliance. The ideal candidate will have significant experience with Azure services and strong programming... 
    Senior

    BMO

    San Francisco, CA
    10 days ago
  • $168k - $213k

    A leading financial services AI platform is seeking a Senior Infrastructure Engineer to manage Kubernetes infrastructure and ensure compliance. You'll work on automating secure infrastructure and addressing high-performance regulatory requirements while collaborating with... 
    Senior

    Bretton AI

    San Francisco, CA
    2 days ago
  • $205.38k - $327.84k

     ...risk advisory? Baker Tilly (BT) as an Cybersecurity & IT Risk Director ! Our Risk Advisory...  ...of risk, governance, internal audit, compliance, IT, and cybersecurity best practices....  ...role in helping our clients proactively manage their cybersecurity risks by assessing... 
    Work experience placement
    Local area

    Dormont Manufacturing Co

    San Francisco, CA
    1 day ago
  • $87.8k - $160.9k

     ...identifying, evaluating, and managing cyber risks across the...  ...working closely with IT, security teams, and...  ...teams to ensure that cybersecurity policies and...  ...reports and dashboards to senior management and the board...  ...of directors. Ensure compliance with relevant laws, regulations... 
    Senior
    Contract work
    Summer holiday
    Work at office
    Flexible hours

    Ernst & Young Oman

    San Francisco, CA
    3 days ago
  • Neura Market is seeking a Senior Security Assurance Engineer to lead compliance certification efforts for the U.S. Federal Government initiatives, such as FedRAMP and DISA CC SRG. The successful candidate will manage evidence for audits, develop ATO packages, and ensure... 
    Senior

    Neura Market

    San Francisco, CA
    5 days ago
  • $115k - $163k

    WeaveGrid, Inc. in San Francisco, CA is seeking an Information Security and IT Professional to lead the company's security functions. You will manage IT vendors, oversee compliance such as SOC 2 Type II, and drive AI and technology adoption within the company. The ideal... 
    Senior

    WeaveGrid, Inc.

    San Francisco, CA
    4 days ago
  • A financial compliance technology firm is seeking a talented professional to automate compliance processes with AI agents. The ideal candidate will design integration layers, manage client-specific quirks, and ensure seamless product deployment in live environments. This... 
    Senior

    Sphinx

    San Francisco, CA
    2 days ago
  • $285k - $355k

    A leading financial technology company is seeking a Senior Director of Technical Program Management in San Francisco. This role involves leading the Technical Program Management function, driving strategic planning, and enhancing operational processes across multiple teams... 
    Senior
    Remote job

    Affirm

    San Francisco, CA
    2 days ago
  • Drata, a leader in compliance software innovation, is hiring an Applied Research Engineer based in San Francisco. This role focuses on enhancing AI systems for compliance through rigorous research and experimentation. The ideal candidate has over 10 years of experience... 
    Senior

    Careers at Drata

    San Francisco, CA
    3 days ago
  • Crusoe is seeking a Senior Director, Technical Accounting to shape accounting policies and ensure compliance with US GAAP. You will lead audit preparations and provide accounting guidance to finance teams. This role requires 10+ years of experience in accounting, a Bachelor... 
    Senior

    Epoch Biodesign

    San Francisco, CA
    2 days ago
  • A cutting-edge healthcare technology firm in San Francisco is seeking a Senior Machine Learning Engineer to develop automation solutions for complex healthcare compliance workflows. This role focuses on turning unstructured data into reliable outputs using machine learning... 
    Senior

    Hike Medical

    San Francisco, CA
    4 days ago
  • Intercom seeks a Systems Engineer to enhance our IT infrastructure with a focus on automation and compliance. This role offers the chance to work in cutting-edge environments while leveraging SaaS solutions. Your responsibilities will include solving integration problems... 
    Senior

    Intercom

    San Francisco, CA
    2 days ago
  • A technology company is looking for a Senior / Staff Product Manager to lead their Ray Data initiative in San Francisco. This pivotal role involves managing the product roadmap and ensuring a balance between open source growth and commercial features. The ideal candidate... 
    Senior

    Anyscale

    San Francisco, CA
    5 days ago
  • $115k - $163k

     ...seeking a mission-driven Information Security and IT professional to lead its InfoSec functions. Responsibilities include managing the company's IT vendor, maintaining...  ...posture in AWS, and ensuring SOC 2 Type II compliance. Candidates should have over 7 years of information... 
    Senior

    Weave Grid, Inc.

    San Francisco, CA
    4 days ago
  • Careers at Drata are seeking a Senior IT Engineer in San Francisco who will play a key role in managing security and improving internal operations. You will leverage...  ...automation and enhance our infrastructure to ensure compliance and security as Drata continues to scale. The... 
    Senior
    Work at office

    Careers at Drata

    San Francisco, CA
    4 days ago
  •  ...development of infrastructure that powers AI features within the compliance platform. This hybrid role involves collaborating closely with cross-functional teams to enhance agent orchestration and manage the production AI stack. Ideal candidates will have extensive experience... 
    Senior

    Cacheflow

    San Francisco, CA
    6 days ago
  • Crowe is seeking a Financial Crime Internal Audit & AML Testing Manager to join their Financial Crime Compliance team in San Francisco. This role involves managing teams, developing client relationships, and ensuring compliance with AML regulations. The ideal candidate... 
    Senior

    Crowe

    San Francisco, CA
    5 days ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Senior Manager, IT Cybersecurity & Compliance. Be the first to apply!