Director, IT Governance & Cybersecurity
Scorpion Therapeutics, Framingham, MA, United States
About KalVista Pharmaceuticals, Inc.
KalVista is a global pharmaceutical company dedicated to delivering life-changing oral therapies for individuals affected by rare diseases with significant unmet needs. KalVista developed EKTERLY®—the first and only oral on-demand treatment for hereditary angioedema (HAE)—and collaborates with the global HAE community to improve treatment and care worldwide. For more information about KalVista, please visit KalVista.com and follow us on LinkedIn, X, Facebook, and Instagram. About the Role
The Director, IT Governance, & Cybersecurity is a senior leadership role responsible for building, leading, and maturing KalVista\'s information security and IT governance program. This individual will serve as the organization\'s primary cybersecurity leader, owning the full spectrum of IT governance, risk management, regulatory compliance, data protection, and hands-on cybersecurity operations and strategy. This role partners closely with senior executives and cross-functional leaders across HR, Finance, Legal, Regulatory Affairs, Quality, and IT to align the company\'s security posture with its business objectives, risk tolerance, and obligations under applicable laws and industry standards. As an emerging biotech, KalVista requires a leader who is equally comfortable setting strategic direction and executing planful work. RESPONSIBILITIES
Cybersecurity Leadership Own and lead the enterprise cybersecurity function, acting as the organization\'s de facto CISO-equivalent Define, implement, and mature a cybersecurity strategy aligned to NIST CSF Lead and manage MSSP and third-party partners Oversee security operations and tooling (Azure Security, SentinelOne, Defender suite, Qualys, Mimecast, EOP, Meraki, Intune, AOVPN, GPOs) Develop and lead Incident Response Drive threat intelligence and vulnerability management Champion security awareness IT Governance & Risk Management Develop and maintain the enterprise IT governance framework. Own and execute IT Risk Management. Lead BC/DR planning and tabletop exercises. Provide risk reporting to leadership and Board. Compliance & Audit Develop and execute compliance strategy across InfoSec, privacy, and IT controls Own all security policies and SOPs Lead SOX ITGC audit coordination Ensure compliance with SOX, GDPR, HIPAA, 21 CFR Part 11, GxP Identify and remediate policy gaps Data Protection & Privacy Partner on data governance and privacy programs. Oversee data classification, DLP, access control Support privacy-by-design for new systems Vendor & Third-Party Security Lead vendor security assessments Establish third-party risk management Partner with Procurement and Legal on vendor security terms BASIC QUALIFICATIONS
Bachelor’s degree in a related field 10+ years in cybersecurity, governance, risk, and compliance 4+ years director-level leadership Experience scaling cybersecurity in high-growth or resource-constrained settings MSSP management experience Regulated environment experience (SOX ITGC, GxP, FDA) PREFERRED QUALIFICATIONS
Master’s degree or MBA with tech focus Life sciences/biotech/pharma experience Strong TPRM experience Certifications: CISSP, CISM, CRISC, CISA Microsoft security certifications (SC-100, SC-200, AZ-500) Strong executive communication Deep Microsoft security stack expertise Proficiency with vulnerability management, SIEM, email security, endpoint protection Cloud security architecture (Azure preferred), IAM, zero trust Experience with Druva or similar backup solutions Frameworks & Regulatory Knowledge Expert familiarity with NIST CSF, ISO 27001, SOX, GDPR, HIPAA Working knowledge of GxP, 21 CFR Part 11 Experience applying CIS Controls EXPECTATIONS & COMPETENCIES
Exceptional communication and executive presentation skills Strong cross-functional collaboration and influence Strategic and operational mindset High integrity, sound judgment, decisiveness under pressure Maintain CSF-aligned cybersecurity roadmap and risk register Lead mature IR program with playbooks and exercises Ensure strong oversight of MSSP and partners Maintain enforceable policies and close audit findings Embed privacy-by-design and least privilege principles OUR VISION
We Deliver Novel Therapies That Empower People To Live Better Lives. OPERATING PRINCIPLES
Define Success – And Then Deliver. Be Data Driven And Openly Debate – But Be Decisive. Have An Ownership Mentality. Be Internally Collaborative And Externally Competitive. Good People = Great Company. Pay Range
Pay Range: $198,300 — $242,375 USD
#J-18808-Ljbffr
KalVista is a global pharmaceutical company dedicated to delivering life-changing oral therapies for individuals affected by rare diseases with significant unmet needs. KalVista developed EKTERLY®—the first and only oral on-demand treatment for hereditary angioedema (HAE)—and collaborates with the global HAE community to improve treatment and care worldwide. For more information about KalVista, please visit KalVista.com and follow us on LinkedIn, X, Facebook, and Instagram. About the Role
The Director, IT Governance, & Cybersecurity is a senior leadership role responsible for building, leading, and maturing KalVista\'s information security and IT governance program. This individual will serve as the organization\'s primary cybersecurity leader, owning the full spectrum of IT governance, risk management, regulatory compliance, data protection, and hands-on cybersecurity operations and strategy. This role partners closely with senior executives and cross-functional leaders across HR, Finance, Legal, Regulatory Affairs, Quality, and IT to align the company\'s security posture with its business objectives, risk tolerance, and obligations under applicable laws and industry standards. As an emerging biotech, KalVista requires a leader who is equally comfortable setting strategic direction and executing planful work. RESPONSIBILITIES
Cybersecurity Leadership Own and lead the enterprise cybersecurity function, acting as the organization\'s de facto CISO-equivalent Define, implement, and mature a cybersecurity strategy aligned to NIST CSF Lead and manage MSSP and third-party partners Oversee security operations and tooling (Azure Security, SentinelOne, Defender suite, Qualys, Mimecast, EOP, Meraki, Intune, AOVPN, GPOs) Develop and lead Incident Response Drive threat intelligence and vulnerability management Champion security awareness IT Governance & Risk Management Develop and maintain the enterprise IT governance framework. Own and execute IT Risk Management. Lead BC/DR planning and tabletop exercises. Provide risk reporting to leadership and Board. Compliance & Audit Develop and execute compliance strategy across InfoSec, privacy, and IT controls Own all security policies and SOPs Lead SOX ITGC audit coordination Ensure compliance with SOX, GDPR, HIPAA, 21 CFR Part 11, GxP Identify and remediate policy gaps Data Protection & Privacy Partner on data governance and privacy programs. Oversee data classification, DLP, access control Support privacy-by-design for new systems Vendor & Third-Party Security Lead vendor security assessments Establish third-party risk management Partner with Procurement and Legal on vendor security terms BASIC QUALIFICATIONS
Bachelor’s degree in a related field 10+ years in cybersecurity, governance, risk, and compliance 4+ years director-level leadership Experience scaling cybersecurity in high-growth or resource-constrained settings MSSP management experience Regulated environment experience (SOX ITGC, GxP, FDA) PREFERRED QUALIFICATIONS
Master’s degree or MBA with tech focus Life sciences/biotech/pharma experience Strong TPRM experience Certifications: CISSP, CISM, CRISC, CISA Microsoft security certifications (SC-100, SC-200, AZ-500) Strong executive communication Deep Microsoft security stack expertise Proficiency with vulnerability management, SIEM, email security, endpoint protection Cloud security architecture (Azure preferred), IAM, zero trust Experience with Druva or similar backup solutions Frameworks & Regulatory Knowledge Expert familiarity with NIST CSF, ISO 27001, SOX, GDPR, HIPAA Working knowledge of GxP, 21 CFR Part 11 Experience applying CIS Controls EXPECTATIONS & COMPETENCIES
Exceptional communication and executive presentation skills Strong cross-functional collaboration and influence Strategic and operational mindset High integrity, sound judgment, decisiveness under pressure Maintain CSF-aligned cybersecurity roadmap and risk register Lead mature IR program with playbooks and exercises Ensure strong oversight of MSSP and partners Maintain enforceable policies and close audit findings Embed privacy-by-design and least privilege principles OUR VISION
We Deliver Novel Therapies That Empower People To Live Better Lives. OPERATING PRINCIPLES
Define Success – And Then Deliver. Be Data Driven And Openly Debate – But Be Decisive. Have An Ownership Mentality. Be Internally Collaborative And Externally Competitive. Good People = Great Company. Pay Range
Pay Range: $198,300 — $242,375 USD
#J-18808-Ljbffr