Senior Director, Information Security & Compliance

Benefits

Additional Information

About Beeline Medicines: Beeline Medicines is a clinical‑stage biotechnology company focused on developing and delivering category-leading precision therapies to transform the lives of people living with autoimmune and inflammatory diseases. With a portfolio of potential best-in-class and first-in-disease therapeutic candidates that directly target key pathways governing dysregulated immunological and inflammatory responses, the Company is developing medicines that have the opportunity to provide durable, life-changing impact. Led by an established executive team and backed by world-class life science investors, each day Beeline Medicines is determined to bring the scientific rigor and operational excellence to get to what matters for patients - realizing a world where people with immune-mediated diseases can live life fully. Job Summary: The Senior Director, Information Security & Compliance is responsible for building, operating, and continuously improving the company's information security program. This role owns security governance, risk management, regulatory compliance, and security operations across all IT systems and data. The Senior Director establishes the security policy framework, manages relationships with managed security service providers, coordinates external security assessments, and ensures the company maintains a security and compliance posture appropriate for a clinical-stage biopharma preparing for public company obligations. This is a hands-on leadership role. At a company of this size, the Senior Director operates as a solo security practitioner with significant leverage through managed security partners (SentinelOne Vigilance MDR, Huntress ITDR/SIEM, Zscaler ZIA) and external assessment firms. The role reports to the VP of IT and works closely with Quality, Legal, Finance, and external auditors to ensure security controls satisfy SOX, GDPR, GxP, and FDA regulatory requirements. Work Arrangement & Location: Remote - This position is designated as remote; the incumbent will be expected to travel to Beeline Medicines' offices on a periodic basis to support in-person collaboration, team engagement, and business operations. The frequency and scheduling of such visits will be determined at the company's discretion based on business need. Essential Duties and Responsibilities: Security Governance & Policy. Own the information security policy framework, including development, maintenance, and periodic review of all security policies, standards, and procedures. Ensure policies align with NIST CSF 2.0, NIST SP 800-53, and applicable regulatory requirements (SOX, GDPR, GxP). Present the security posture and risk landscape to IT leadership and executive stakeholders. Risk Management & Vendor Security. Lead IT risk management activities, including risk identification, assessment, treatment planning, and risk register maintenance. Conduct and coordinate vendor security risk assessments for third-party service providers. Support the company's broader enterprise risk management process with IT-specific risk inputs. Compliance & External Assessments. Own IT General Controls (ITGCs) for SOX compliance readiness, including access controls, change management controls, computer operations, and audit evidence preparation. Coordinate with external SOX auditors, providing documentation, walkthroughs, and remediation of findings. Manage relationships with external firms performing penetration testing, NIST controls mapping, and security control assessments Security Operations & MSSP Management. Manage the company's managed security service provider ecosystem, including SentinelOne Vigilance MDR (endpoint detection and response), Huntress (identity threat detection, SIEM), and Zscaler ZIA (network security). Define alert escalation procedures, review detection efficacy, and ensure coordinated incident response across all providers. Incident Response. Own the security incident response program, including the incident response plan, tabletop exercises, breach notification procedures, and post-incident reviews. Serve as the primary technical incident coordinator, working with managed security providers for detection and containment and with Legal and the external DPO for regulatory notification obligations. Identity & Access Governance. Design and enforce identity and access management controls in Microsoft Entra ID, including Conditional Access policies, privileged access governance, access reviews, and role-based access control. Ensure access controls satisfy SOX ITGC requirements, FDA 21 CFR Part 11 electronic access provisions, and GDPR data access minimization principles. Security Awareness & Training. Own security awareness and training program execution in coordination with KnowBe4, including phishing simulation campaigns, security awareness training content, completion tracking, and remedial training for failed simulations. Maintain training records as audit evidence for SOX and GxP complian

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Beeline Medicines? Share your experience