Director, IT Governance & Cybersecurity
KalVista Pharmaceuticals, Inc., Framingham, MA, United States
KalVista is a global pharmaceutical company dedicated to delivering life-changing oral therapies for individuals affected by rare diseases with significant unmet needs. The KalVista team discovered and developed EKTERLY®—the first and only oral on-demand treatment for hereditary angioedema (HAE)—and continues to work closely with the global HAE community to improve treatment and care for this disease around the world.
For more information about KalVista, please visit www.kalvista.com and follow us on LinkedIn, X, Facebook and Instagram.
ABOUT THE ROLE The Director, IT Governance, & Cybersecurity is a senior leadership role responsible for building, leading, and continuously maturing KalVista's information security and IT governance program. This individual will serve as the organization's primary cybersecurity leader, owning the full spectrum of IT governance, risk management, regulatory compliance, data protection, and hands‑on cybersecurity operations and strategy.
This role partners closely with senior executives and cross‑functional leaders across HR, Finance, Legal, Regulatory Affairs, Quality, and IT to align the company's security posture with its business objectives, risk tolerance, and obligations under applicable laws and industry standards. As an emerging biotech, KalVista requires a leader who is equally comfortable setting strategic direction and rolling up their sleeves to execute.
RESPONSIBILITIES Cybersecurity Leadership
Own and lead the enterprise cybersecurity function, acting as the organization’s de facto CISO-equivalent
Define, implement, and mature a cybersecurity strategy aligned to NIST CSF
Lead and manage MSSP and third‑party partners
Oversee security operations and tooling (Azure Security, SentinelOne, Defender suite, Qualys, Mimecast, EOP, Meraki, Intune, AOVPN, GPOs)
Develop and lead Incident Response
Drive threat intelligence and vulnerability management
Champion security awareness
IT Governance & Risk Management
Develop and maintain the enterprise IT governance framework.
Own and execute IT Risk Management.
Lead BC/DR planning and tabletop exercises.
Provide risk reporting to leadership and Board.
Compliance & Audit
Develop and execute compliance strategy across InfoSec, privacy, and IT controls
Own all security policies and SOPs
Ensure compliance with SOX, GDPR, HIPAA, 21 CFR Part 11, GxP
Identify and remediate policy gaps
Data Protection & Privacy
Partner on data governance and privacy programs.
Oversee data classification, DLP, access control
Support privacy‑by‑design for new systems
Vendor & Third‑Party Security
Lead vendor security assessments
Establish third‑party risk management
Partner with Procurement and Legal on vendor security terms
BASIC QUALIFICATIONS
Bachelor’s degree in a related field
10+ years in cybersecurity, governance, risk, and compliance
4+ years director‑level leadership
Experience scaling cybersecurity in high‑growth or resource‑constrained settings
Regulated environment experience (SOX ITGC, GxP, FDA)
PREFERRED QUALIFICATIONS
Master’s degree or MBA with tech focus.
Strong TPRM experience.
Certifications: CISSP, CISM, CRISC, CISA
Microsoft security certifications (SC‑100, SC‑200, AZ‑500)
Strong executive communication
Deep Microsoft security stack expertise
Proficiency with vulnerability management, SIEM, email security, endpoint protection
Cloud security architecture (Azure preferred), IAM, zero trust
Experience with Druva or similar backup solutions
Frameworks & Regulatory Knowledge
Expert familiarity with NIST CSF, ISO 27001, SOX, GDPR, HIPAA
Working knowledge of GxP, 21 CFR Part 11
Experience applying CIS Controls
EXPECTATIONS & COMPETENCIES
Exceptional communication and executive presentation skills
Strong cross‑functional collaboration and influence
Strategic and operational mindset
High integrity, sound judgment, decisiveness under pressure
Maintain CSF‑aligned cybersecurity roadmap and risk register
Lead mature IR program with playbooks and exercises
Ensure strong oversight of MSSP and partners
Maintain enforceable policies and close audit findings
Embed privacy‑by‑design and least privilege principles
OUR VISION We Deliver Novel Therapies That Empower People To Live Better Lives.
OPERATING PRINCIPLES Our OPERATING PRINCIPLES , referenced below, guide our behaviors and decisions:
Define Success – And Then Deliver Act with outcomes in mind. Have high expectations. Details Matter.
Be Data Driven And Openly Debate – But Be Decisive Time is valuable. Say the thing you can’t say. Understand timelines and meet them.
Have An Ownership Mentality This is your company; treat it that way. Protect our resources, reputation, and results.
Be Internally Collaborative And Externally Competitive We go further, faster, together. Have a bias for action, but bring others along. Offer solutions, not just problems.
Good People = Great Company Act with integrity. Assume positive intent. Be Kind.
Important Notice to Third‑Party Recruiters & Staffing Agencies The current job openings advertised on this website are for the sole purpose of candidates to apply directly. Unsolicited and anonymous CVs submitted in any manner to KalVista employees, including to employee personal e‑mail accounts, are considered to be the property of KalVista and will not qualify for a fee to be paid. Referral fees will only be payable where KalVista has agreed with an agency to work on a specific appointment, and then only in conjunction with a fully‑executed contract for service.
If any Agency representative contacts a KalVista Hiring Manager or company employee, other than a member of the KalVista Talent Acquisition team, to solicit an appointment to engage on a job opening, that Agency will not be considered for that specific job opening or future opportunities with KalVista.
Thank you for your understanding and cooperation.
#J-18808-Ljbffr
For more information about KalVista, please visit www.kalvista.com and follow us on LinkedIn, X, Facebook and Instagram.
ABOUT THE ROLE The Director, IT Governance, & Cybersecurity is a senior leadership role responsible for building, leading, and continuously maturing KalVista's information security and IT governance program. This individual will serve as the organization's primary cybersecurity leader, owning the full spectrum of IT governance, risk management, regulatory compliance, data protection, and hands‑on cybersecurity operations and strategy.
This role partners closely with senior executives and cross‑functional leaders across HR, Finance, Legal, Regulatory Affairs, Quality, and IT to align the company's security posture with its business objectives, risk tolerance, and obligations under applicable laws and industry standards. As an emerging biotech, KalVista requires a leader who is equally comfortable setting strategic direction and rolling up their sleeves to execute.
RESPONSIBILITIES Cybersecurity Leadership
Own and lead the enterprise cybersecurity function, acting as the organization’s de facto CISO-equivalent
Define, implement, and mature a cybersecurity strategy aligned to NIST CSF
Lead and manage MSSP and third‑party partners
Oversee security operations and tooling (Azure Security, SentinelOne, Defender suite, Qualys, Mimecast, EOP, Meraki, Intune, AOVPN, GPOs)
Develop and lead Incident Response
Drive threat intelligence and vulnerability management
Champion security awareness
IT Governance & Risk Management
Develop and maintain the enterprise IT governance framework.
Own and execute IT Risk Management.
Lead BC/DR planning and tabletop exercises.
Provide risk reporting to leadership and Board.
Compliance & Audit
Develop and execute compliance strategy across InfoSec, privacy, and IT controls
Own all security policies and SOPs
Ensure compliance with SOX, GDPR, HIPAA, 21 CFR Part 11, GxP
Identify and remediate policy gaps
Data Protection & Privacy
Partner on data governance and privacy programs.
Oversee data classification, DLP, access control
Support privacy‑by‑design for new systems
Vendor & Third‑Party Security
Lead vendor security assessments
Establish third‑party risk management
Partner with Procurement and Legal on vendor security terms
BASIC QUALIFICATIONS
Bachelor’s degree in a related field
10+ years in cybersecurity, governance, risk, and compliance
4+ years director‑level leadership
Experience scaling cybersecurity in high‑growth or resource‑constrained settings
Regulated environment experience (SOX ITGC, GxP, FDA)
PREFERRED QUALIFICATIONS
Master’s degree or MBA with tech focus.
Strong TPRM experience.
Certifications: CISSP, CISM, CRISC, CISA
Microsoft security certifications (SC‑100, SC‑200, AZ‑500)
Strong executive communication
Deep Microsoft security stack expertise
Proficiency with vulnerability management, SIEM, email security, endpoint protection
Cloud security architecture (Azure preferred), IAM, zero trust
Experience with Druva or similar backup solutions
Frameworks & Regulatory Knowledge
Expert familiarity with NIST CSF, ISO 27001, SOX, GDPR, HIPAA
Working knowledge of GxP, 21 CFR Part 11
Experience applying CIS Controls
EXPECTATIONS & COMPETENCIES
Exceptional communication and executive presentation skills
Strong cross‑functional collaboration and influence
Strategic and operational mindset
High integrity, sound judgment, decisiveness under pressure
Maintain CSF‑aligned cybersecurity roadmap and risk register
Lead mature IR program with playbooks and exercises
Ensure strong oversight of MSSP and partners
Maintain enforceable policies and close audit findings
Embed privacy‑by‑design and least privilege principles
OUR VISION We Deliver Novel Therapies That Empower People To Live Better Lives.
OPERATING PRINCIPLES Our OPERATING PRINCIPLES , referenced below, guide our behaviors and decisions:
Define Success – And Then Deliver Act with outcomes in mind. Have high expectations. Details Matter.
Be Data Driven And Openly Debate – But Be Decisive Time is valuable. Say the thing you can’t say. Understand timelines and meet them.
Have An Ownership Mentality This is your company; treat it that way. Protect our resources, reputation, and results.
Be Internally Collaborative And Externally Competitive We go further, faster, together. Have a bias for action, but bring others along. Offer solutions, not just problems.
Good People = Great Company Act with integrity. Assume positive intent. Be Kind.
Important Notice to Third‑Party Recruiters & Staffing Agencies The current job openings advertised on this website are for the sole purpose of candidates to apply directly. Unsolicited and anonymous CVs submitted in any manner to KalVista employees, including to employee personal e‑mail accounts, are considered to be the property of KalVista and will not qualify for a fee to be paid. Referral fees will only be payable where KalVista has agreed with an agency to work on a specific appointment, and then only in conjunction with a fully‑executed contract for service.
If any Agency representative contacts a KalVista Hiring Manager or company employee, other than a member of the KalVista Talent Acquisition team, to solicit an appointment to engage on a job opening, that Agency will not be considered for that specific job opening or future opportunities with KalVista.
Thank you for your understanding and cooperation.
#J-18808-Ljbffr