Senior Manager, IT Cybersecurity & Compliance
$164k - $200kKardigan
About Us Kardigan is a heart health company working to make cardiovascular disease preventable, curable and no longer the leading cause of death in the world. It is Kardigan’s mission to develop multiple targeted treatments in parallel that bring people with cardiovascular diseases to the cures they deserve. Led by Tassos Gianakakos, Jay Edelberg, M.D., Ph.D., and Bob McDowell, Ph.D., Kardigan’s co-founders have reunited after leading MyoKardia to discover and develop mavacamten, the first cardiac myosin inhibitor, resulting in an acquisition by Bristol Myers Squibb in 2020. We have a cutting-edge discovery and translational research platform, a pipeline of late-stage candidates, and an industry-leading team that is driven to improve the lives of patients. At Kardigan, we are motivated by our values which guide how we work, interact, and achieve our goals. Driven by patients and their families, we are deeply committed to improving the lives of patients and prioritizing their needs above all else. We believe in being authentic—leading with truth to bring out the best in others by creating an environment where every person knows they will be fully accepted. With an eagerness to learn, we encourage the highest levels of curiosity and are open to changing our minds. We are committed to winning as a team with urgency, excellence, and intention, and support each other no matter what role we play or where we sit. Lastly, we strive to enable the impossible because patients are counting on us. We are not afraid to take risks to unlock innovation and advance scientific discoveries. These values are the foundation of our work, empowering us to make a real difference, every day. Position Title: Senior Manager, IT Cybersecurity & Compliance Department: Information Technology Reports To: Senior Director, IT Infrastructure Location: South San Francisco, CA (preferred) or Princeton, NJ – On-site 4 days per week (Mon to Thurs) Job Overview We are seeking a Senior Manager, IT Cybersecurity and Compliance to manage and strengthen our information security, privacy, and IT compliance programs. Reporting to the Senior Director, IT Infrastructure, this role manages the day-to-day security risk management process, runs security awareness and training, and helps ensure compliance with applicable regulations and internal policies (including SOX, GDPR, and GxP). The Senior Manager serves as a primary IT point of contact for audits and assessments, maintains IT security policies and standards, oversees vulnerability management and vendor security reviews, and prepares evidence and attestations for IT General Controls (ITGCs) and related governance processes. Key Responsibilities Security governance and program leadership: Help define and execute the IT security and compliance roadmap and operating processes; maintain metrics, reporting, and continuous improvement activities. Security policies and standards: Maintain and obtain approvals for IT security policies, standards, and procedures (e.g., vulnerability management, patching, configuration baselines, identity and access management, encryption, logging/monitoring, secure remote access, incident response, and third-party risk management), and recommend updates as needed. Vendor and third-party security assessments: Conduct security due diligence and ongoing monitoring for vendors (SaaS, cloud, MSPs, consultants, and critical suppliers), including risk tiering, questionnaires, evidence review (e.g., SOC 1/2, ISO 27001), remediation tracking, and security addendum requirements in partnership with Legal and Procurement. Security awareness and training: Run user security training and awareness programs (onboarding, annual training, targeted campaigns, phishing simulations, role-based training), and measure effectiveness through reporting and follow-up actions. SOX compliance (ITGC): Support and maintain IT General Controls in scope for SOX (access controls, change management, computer operations, system development where applicable). Provide timely evidence, coordinate walkthroughs, respond to auditor requests, and execute remediation and management action plans. Privacy and regulatory compliance: Partner with Privacy/Legal to support GDPR and other applicable privacy requirements, including security controls, data protection impact inputs, and vendor processing/security reviews. GxP/regulated environment compliance: Help ensure IT controls and practices support GxP expectations (e.g., validated systems, data integrity/ALCOA+ principles, audit trails, controlled access, change control, backup/restore, and incident handling) in partnership with Quality. Identity, access, and permissions governance: Operate access governance processes (role design, least privilege, segregation of duties, periodic access reviews). Provide ITGC-related attestations for appropriate roles and permissions, including evidence of approvals and review completion. Risk management: Maintain the IT security risk register; perform periodic risk assessments, threat modeling (as appropriate), and control gap analyses; escalate risks and recommendations to leadership. Vulnerability management: Manage the vulnerability management program including scanning, prioritization, remediation SLAs, exception handling, and reporting; partner with Infrastructure, Application owners, and vendors to drive timely remediation. Incident response and investigations: Coordinate IT security incident response activities, including triage, containment, forensics coordination, communications support, and post-incident reviews; maintain tabletop exercises and runbooks. Audit and assessment management: Serve as a primary IT contact for internal/external audits and customer security assessments; coordinate evidence collection across IT teams; ensure findings are documented, tracked, and resolved. Security architecture and project reviews: Review new systems, integrations, and changes for security and compliance requirements; provide secure-by-design guidance for cloud, endpoints, networks, and applications. Data protection: Support data classification, retention/security control alignment, encryption and key management practices (in partnership with platform teams), and secure data handling requirements. Business continuity and disaster recovery: Support IT aspects of BCP/DR planning, testing, and documentation; ensure controls align with audit/regulatory expectations. Collaboration and stakeholder management: Partner with Finance, Quality, Legal/Privacy, HR, Procurement, and business leaders to operationalize controls and meet compliance objectives; communicate security requirements in practical, business-aligned terms. Required Qualifications Bachelor’s degree in Information Security, Information Systems, Computer Science, or equivalent practical experience. 7+ years of progressive experience in IT, information security, risk management, and/or IT compliance, including experience leading projects, programs, or small teams. Demonstrated experience supporting SOX IT General Controls, including evidence collection, walkthroughs, and remediation of findings. Working knowledge of GDPR security requirements and privacy-supporting controls. Experience operating in regulated environments and supporting GxP expectations (e.g., pharma/biotech, medical devices, clinical, manufacturing, or quality-regulated systems). Hands-on experience with third-party/vendor security assessments, including SOC report review and risk-based remediation tracking. Experience designing and delivering security awareness and training programs for end users and administrators. Strong understanding of core security domains: IAM, endpoint security, network security, cloud security, vulnerability management, logging/monitoring, and incident response. Excellent written communication skills, including ability to draft clear policies, standards, and procedures. Preferred Qualifications Relevant certifications such as CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer/Auditor, or similar. Experience with security and compliance frameworks such as NIST CSF, NIST 800-53, ISO 27001, SOC 2, and/or COBIT. Experience with cloud platforms (e.g., AWS, Azure, GCP) and SaaS security controls. Experience with GRC tooling (risk registers, control libraries, evidence management, vendor risk platforms). Experience supporting customer security questionnaires and audits. Experience building and scaling security programs in high-growth organizations. Key Competencies Ability to translate regulatory and security requirements into practical, scalable processes. Strong project/program management and prioritization skills; comfortable operating with ambiguity. Strong communication skills and the ability to present risk, tradeoffs, and remediation plans to leadership and stakeholders. High integrity and sound judgment when handling sensitive information. Collaborative approach with the ability to influence without authority across IT and business stakeholders. Detail-oriented approach to controls, evidence, and documentation while maintaining a risk-based mindset. Exact Compensation may vary based on skills, experience and location. Pay range
$164,000—$200,000 USD
- A leading cybersecurity firm is seeking a Strategic Account Manager to manage high-value accounts and drive customer success using AI-powered systems. The role requires a deep understanding of B2B dynamics in cybersecurity, strong relationships with executives, and the...SeniorFull time
$155k - $190k
...Risk Advisory team is looking for a Senior Manager to join our Cybersecurity practice. The Senior Manager is... ...assessments, network and security reviews, compliance, assessments, and system... ...with clients’ Information Technology (IT) team to implement Information Security...SeniorWork at officeLocal areaRemote workVisa sponsorshipWork visaFlexible hoursDay shift- Megaport is looking for a Senior Cyber Security Analyst to join their Brisbane team, focusing on governance, risk, and compliance. This role involves leading security compliance certification activities like ISO27001:2022 and SOC 2 Type 2, mentoring analysts, and preparing...SeniorFlexible hours
$124k - $280k
...Specialty/Competency: Cybersecurity & Privacy Industry/Sector: Not Applicable... ...PwC, our people in risk and compliance focus on maintaining regulatory compliance and managing risks for clients, providing... ..., AI-driven solutions. As a Senior Manager, you will lead large...SeniorFull timeH1b- BCG Attorney Search is seeking a Midlevel/Senior Associate specializing in Regulatory (Consumer Protection) in San Francisco, California... ...experience with data protection legal frameworks and privacy compliance. The role requires 5-6 years of experience in regulatory...Senior
- Stafl Systems, LLC is seeking a Senior Systems Engineer in South San Francisco to design and implement advanced systems solutions for... ...encompass system architecture definition, functional safety, and compliance across the product lifecycle. This position offers competitive...Senior
- ...South San Francisco. You will serve as the subject matter expert for industry standards, define system requirements, and ensure compliance throughout the product lifecycle. Ideal candidates have over 5 years of relevant experience and a strong technical background. The...Senior
$165k - $200k
...system solutions for electric vehicle powertrains in South San Francisco. This role emphasizes systems architecture, regulatory compliance, and functional safety, ideal for candidates passionate about innovative EV technology. Responsibilities include defining system...Senior- Allergan is seeking a Manager, Statistics to provide statistical expertise for clinical trials and research. This hybrid role requires collaboration with multifunctional teams to ensure high-quality output and scientific soundness. Candidates should have an MS or PhD in...Senior
- ...San Francisco to spearhead its global cybersecurity partnership strategy. In this pivotal role... ...teams on product strategies and compliance requirements. The ideal candidate should... ...cybersecurity, demonstrating success in managing complex partnerships, and should be deeply...Senior
- B Capital is seeking a Senior and Lead Security Engineer for the Secure AI team. You will assess and maintain AI tooling security, ensuring compliance with Salesforce requirements while identifying emerging threats. Your role encompasses conducting security assessments,...Senior
- Stripe is seeking a Software Engineer in South San Francisco to lead technical discussions and implement solutions for fraud and compliance. This role requires a Bachelor's degree in Computer Science and three years of experience, with a focus on building software in the...SeniorRemote work
- ...DevSecOps Lead in San Francisco to enhance the security of our voice AI platform. You'll collaborate with multiple teams to ensure compliance and strong security for enterprise clients, including Fortune 500 companies. This hands-on role emphasizes proactive security...Senior
$81.4k - $151.8k
BMO in San Francisco is seeking a Senior Azure Cloud Engineer to support core business IT initiatives. You will design and implement cloud solutions, ensuring security and compliance. The ideal candidate will have significant experience with Azure services and strong programming...Senior$168k - $213k
A leading financial services AI platform is seeking a Senior Infrastructure Engineer to manage Kubernetes infrastructure and ensure compliance. You'll work on automating secure infrastructure and addressing high-performance regulatory requirements while collaborating with...Senior$205.38k - $327.84k
...risk advisory? Baker Tilly (BT) as an Cybersecurity & IT Risk Director ! Our Risk Advisory... ...of risk, governance, internal audit, compliance, IT, and cybersecurity best practices.... ...role in helping our clients proactively manage their cybersecurity risks by assessing...Work experience placementLocal area$87.8k - $160.9k
...identifying, evaluating, and managing cyber risks across the... ...working closely with IT, security teams, and... ...teams to ensure that cybersecurity policies and... ...reports and dashboards to senior management and the board... ...of directors. Ensure compliance with relevant laws, regulations...SeniorContract workSummer holidayWork at officeFlexible hours- Neura Market is seeking a Senior Security Assurance Engineer to lead compliance certification efforts for the U.S. Federal Government initiatives, such as FedRAMP and DISA CC SRG. The successful candidate will manage evidence for audits, develop ATO packages, and ensure...Senior
$115k - $163k
WeaveGrid, Inc. in San Francisco, CA is seeking an Information Security and IT Professional to lead the company's security functions. You will manage IT vendors, oversee compliance such as SOC 2 Type II, and drive AI and technology adoption within the company. The ideal...Senior- A financial compliance technology firm is seeking a talented professional to automate compliance processes with AI agents. The ideal candidate will design integration layers, manage client-specific quirks, and ensure seamless product deployment in live environments. This...Senior
$285k - $355k
A leading financial technology company is seeking a Senior Director of Technical Program Management in San Francisco. This role involves leading the Technical Program Management function, driving strategic planning, and enhancing operational processes across multiple teams...SeniorRemote job- Drata, a leader in compliance software innovation, is hiring an Applied Research Engineer based in San Francisco. This role focuses on enhancing AI systems for compliance through rigorous research and experimentation. The ideal candidate has over 10 years of experience...Senior
- Crusoe is seeking a Senior Director, Technical Accounting to shape accounting policies and ensure compliance with US GAAP. You will lead audit preparations and provide accounting guidance to finance teams. This role requires 10+ years of experience in accounting, a Bachelor...Senior
- A cutting-edge healthcare technology firm in San Francisco is seeking a Senior Machine Learning Engineer to develop automation solutions for complex healthcare compliance workflows. This role focuses on turning unstructured data into reliable outputs using machine learning...Senior
- Intercom seeks a Systems Engineer to enhance our IT infrastructure with a focus on automation and compliance. This role offers the chance to work in cutting-edge environments while leveraging SaaS solutions. Your responsibilities will include solving integration problems...Senior
- A technology company is looking for a Senior / Staff Product Manager to lead their Ray Data initiative in San Francisco. This pivotal role involves managing the product roadmap and ensuring a balance between open source growth and commercial features. The ideal candidate...Senior
$115k - $163k
...seeking a mission-driven Information Security and IT professional to lead its InfoSec functions. Responsibilities include managing the company's IT vendor, maintaining... ...posture in AWS, and ensuring SOC 2 Type II compliance. Candidates should have over 7 years of information...Senior- Careers at Drata are seeking a Senior IT Engineer in San Francisco who will play a key role in managing security and improving internal operations. You will leverage... ...automation and enhance our infrastructure to ensure compliance and security as Drata continues to scale. The...SeniorWork at office
- ...development of infrastructure that powers AI features within the compliance platform. This hybrid role involves collaborating closely with cross-functional teams to enhance agent orchestration and manage the production AI stack. Ideal candidates will have extensive experience...Senior
- Crowe is seeking a Financial Crime Internal Audit & AML Testing Manager to join their Financial Crime Compliance team in San Francisco. This role involves managing teams, developing client relationships, and ensuring compliance with AML regulations. The ideal candidate...Senior
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Senior Manager, IT Cybersecurity & Compliance. Be the first to apply!
- compliance director South San Francisco, CA
- regulatory manager South San Francisco, CA
- senior director regulatory affairs South San Francisco, CA
- head compliance South San Francisco, CA
- compliance manager South San Francisco, CA
- senior regulatory manager South San Francisco, CA
- regulatory affairs manager pharmaceutical South San Francisco, CA
- manager regulatory affairs South San Francisco, CA
- sr. manager regulatory compliance South San Francisco, CA
- training and compliance manager South San Francisco, CA


