Associate Director, IT Cyber Security
Apply NowCompany: Erasca
Location: San Diego, CA 92154
Description:
Erasca is a clinical-stage precision oncology company focused on discovering, developing and commercializing medicines for the benefit of patients with cancer. Our programs take novel approaches to shutting down one of cancer's most commonly mutated signaling cascades, the RAS/MAPK pathway, which affects approximately 5.5 million lives each year worldwide. The name "Erasca" has an important embedded meaning: it is a contraction of our audacious hope to "erase cancer" that drives our mission and everything that we do on behalf of patients with cancer.
Position Summary:
Reporting to the Director IT & Operations, the Associate Director IT Cyber Security will be responsible for designing and implementing robust security strategies to protect our organization's assets and employees. The ideal candidate will have a strategic mindset and a deep understanding of Cyber Security, Security Protocols, Security Operations Centers (SOC), Risk Management, Compliance, Vulnerability Management, Patch Management, Penetration Testing and Auditing, and Disaster Recovery. Additionally, the Associate Director IT Cyber Security will play a key role in assisting with the revamp of our Security Strategic Roadmap.
You will work closely with the Head of IT and the Systems Team to ensure that all security initiatives align with the company's goals and regulatory requirements. You will lead organization-wide data security objectives, enforce compliance across all departments, and develop and deliver comprehensive security training programs. The successful candidate will have a proven track record in security management, strong leadership skills, and the ability to perform effectively under pressure. This role requires an effective communicator with a proactive, solutions-driven approach to identifying and mitigating security threats. Experience in the biotech sector (or related life-science industries) is strongly preferred, given the need to comply with industry-specific regulations and standards such as GxP.
Essential Duties and Responsibilities:
Security Governance & Strategy
Data Security Objectives & Cross-Departmental Compliance
Security Operations
Risk Management & Assessments
Incident Response & Investigations
Regulatory Compliance, Reporting & Audit Committee Involvement
Budget & Resource Management
Team Leadership & Training
Cross-Functional Collaboration
Physical & Event Security
Required Education and Experience:
The anticipated salary range for this position is $185,000 to $207,500. The final salary offered to a successful candidate will be dependent on several factors that may include but are not limited to the type and length of experience within the job, type and length of experience within the industry, education, etcetera. In addition to base salary, the hired applicant will be eligible to receive an annual bonus and an equity grant at hire and annually in the form of the option to purchase stock in the future for a specified price.
Along with our casual, collaborative, and fun work and the chance to make your mark in our mission to erase cancer, Erasca offers a comprehensive and competitive benefits package that includes: Paid Time Off, Holiday, and Sick Leave, Medical, Dental and Vision Plans, Short- and Long-Term Disability, Basic and Voluntary Life/AD&D Coverage, Flexible Spending Accounts (FSA, HSA, and Commute), Critical Illness and Accident Coverage, Pet Insurance, Employee Assistance Program, 401(k) Plan with Erasca contribution, and the opportunity to participate in an Employee Stock Purchase Program.
Erasca, Inc., is an Equal Opportunity Employer and takes pride in maintaining a diverse and inclusive environment. We do not discriminate in recruitment, hiring, training, promotion or other employment practices for reasons of sex , race, religion, national origin, ancestry, physical or mental disability, protected medical condition, genetic information, marital status, registered domestic partner status, age, sexual orientation, military and veteran status or any other basis protected by federal, state or local law or ordinance or regulation.
Position Summary:
Reporting to the Director IT & Operations, the Associate Director IT Cyber Security will be responsible for designing and implementing robust security strategies to protect our organization's assets and employees. The ideal candidate will have a strategic mindset and a deep understanding of Cyber Security, Security Protocols, Security Operations Centers (SOC), Risk Management, Compliance, Vulnerability Management, Patch Management, Penetration Testing and Auditing, and Disaster Recovery. Additionally, the Associate Director IT Cyber Security will play a key role in assisting with the revamp of our Security Strategic Roadmap.
You will work closely with the Head of IT and the Systems Team to ensure that all security initiatives align with the company's goals and regulatory requirements. You will lead organization-wide data security objectives, enforce compliance across all departments, and develop and deliver comprehensive security training programs. The successful candidate will have a proven track record in security management, strong leadership skills, and the ability to perform effectively under pressure. This role requires an effective communicator with a proactive, solutions-driven approach to identifying and mitigating security threats. Experience in the biotech sector (or related life-science industries) is strongly preferred, given the need to comply with industry-specific regulations and standards such as GxP.
Essential Duties and Responsibilities:
Security Governance & Strategy
- Develop and implement security policies and procedures to safeguard organizational assets.
- Lead the creation and execution of a comprehensive Security Program, focusing on Security Information and Incident Management (SIEM).
- Assist in the development and continuous improvement of the Security Strategic Roadmap, ensuring alignment with business objectives.
Data Security Objectives & Cross-Departmental Compliance
- Lead organization-wide data security initiatives-defining objectives, metrics, and performance indicators to measure success.
- Enforce data security compliance across all departments, working with departmental heads to ensure alignment with relevant regulations (e.g., HIPAA, GDPR, GxP, SOX).
- Develop and deliver security awareness and training programs, ensuring every employee understands and follows security best practices and regulations.
Security Operations
- Oversee daily security operations, including the management of tools and systems such as:
- Microsoft Security Tools (Sentinel, Microsoft Defender, Purview, XDR, EDR)
- Anti-virus and endpoint protection tools
- Security Information and Event Management (SIEM)
- Firewalls, Intrusion Detection and Prevention Systems (IDS/IPS)
- Cloud infrastructure and application security
- Patch and Vulnerability Management
- Coordinate with security vendors as needed to enhance system functionality.
Risk Management & Assessments
- Perform regular risk assessments, security audits, and vulnerability assessments to proactively identify and address security risks.
- Apply NIST and CIS risk scoring methodologies to prioritize remediation efforts and measure risk levels over time.
- Review and update Information Security Standard Operating Procedures (SOPs) to ensure they align with evolving threats and industry best practices.
Incident Response & Investigations
- Maintain and update emergency response plans and incident handling procedures for swift and coordinated action during security events.
- Lead crisis management and incident response efforts, ensuring timely resolution of security issues. Test and refine emergency recovery plans for readiness.
- Investigate security breaches, incidents, and potential threats, ensuring appropriate mitigation measures are taken.
Regulatory Compliance, Reporting & Audit Committee Involvement
- Ensure compliance with relevant industry regulations and standards (e.g., HIPAA, GDPR, GxP, SOX).
- Serve as a key liaison, communicating security-related matters to IT leadership and C-level executives.
- Collaborate closely with the Cyber Audit Committee, preparing and presenting detailed security reports on risk posture, incident trends, and recommendations for continuous improvement.
- Provide regular updates on cybersecurity initiatives, regulatory compliance status, and significant threat developments to the Audit Committee.
Budget & Resource Management
- Assist with managing the security budget, ensuring efficient allocation of resources to address security needs.
- Evaluate and recommend enhancements to security systems, tools, and technologies, ensuring they remain up-to-date and cost-effective.
Team Leadership & Training
- Provide ongoing training and development opportunities for IT staff to enhance their skills and raise awareness of emerging threats.
- Lead security awareness initiatives (e.g., phishing campaigns using KnowBe4) to educate employees on industry best practices and internal security policies.
Cross-Functional Collaboration
- Collaborate with other departments to strengthen overall organizational security and risk management.
- Coordinate with law enforcement and external security agencies when necessary, during security incidents or breaches.
- Foster strong relationships with external security vendors and partners to ensure effective collaboration and support.
Physical & Event Security
- Implement and manage access control systems and surveillance measures to ensure proper monitoring and access protocols.
- Oversee the security and safety of company events, activities, and external engagements to protect personnel and assets.
Required Education and Experience:
- Bachelor's degree in Information Security, Security Management, Cyber Security, or a related field preferred.
- Minimum of 10 years of experience in IT security management.
- One or more of the following IT Cyber Security certifications: CISSP (Certified Information Systems Security Professional), CEH (Certified Ethical Hacker), CHFI (Certified Hacking Forensic Investigator), CISA (Certified Information Systems Auditor), GIAC (Global Information Assurance Certification)
- Experience in a biotech or related life-science industry, with specialized knowledge of GxP compliance requirements preferred.
- Proven track record in developing, implementing, and overseeing IT security strategies.
- In-depth knowledge of security protocols, risk management, and best practices.
- Extensive experience with security technologies and systems, including SIEM, firewalls, IDS/IPS, and endpoint security.
- Proven knowledge of NIST and CIS risk scoring methodologies for prioritizing vulnerability remediation and tracking risk levels.
- Knowledge of relevant security regulations and standards (e.g., GDPR, HIPAA, SOX, GxP).
- Experience in crisis management, incident response, and disaster recovery with the ability to remain calm and make informed decisions under pressure.
- Experience managing security budgets and allocating resources efficiently.
- Strong leadership abilities with experience managing teams.
- Strong analytical and problem-solving skills with the ability to identify and mitigate security threats.
- Ability to collaborate across departments and align security efforts with business objectives.
- Strong organizational and time management skills, with the ability to prioritize tasks effectively.
- Ability to handle confidential information with discretion and integrity.
- Excellent communication, interpersonal, and presentation skills, including the proven ability to translate complex technical information into clear, business-focused language for executives, stakeholders, and cross-functional teams.
- Strong attention to detail and a commitment to thoroughness in all aspects of security operations.
- A commitment to continuous learning and professional development to stay ahead of emerging security threats and technologies.
- Ability to travel as needed for business requirements between company-sponsored conferences, multiple sites, and data centers.
- Strong learning orientation, curiosity, and commitment to science and patients.
The anticipated salary range for this position is $185,000 to $207,500. The final salary offered to a successful candidate will be dependent on several factors that may include but are not limited to the type and length of experience within the job, type and length of experience within the industry, education, etcetera. In addition to base salary, the hired applicant will be eligible to receive an annual bonus and an equity grant at hire and annually in the form of the option to purchase stock in the future for a specified price.
Along with our casual, collaborative, and fun work and the chance to make your mark in our mission to erase cancer, Erasca offers a comprehensive and competitive benefits package that includes: Paid Time Off, Holiday, and Sick Leave, Medical, Dental and Vision Plans, Short- and Long-Term Disability, Basic and Voluntary Life/AD&D Coverage, Flexible Spending Accounts (FSA, HSA, and Commute), Critical Illness and Accident Coverage, Pet Insurance, Employee Assistance Program, 401(k) Plan with Erasca contribution, and the opportunity to participate in an Employee Stock Purchase Program.
Erasca, Inc., is an Equal Opportunity Employer and takes pride in maintaining a diverse and inclusive environment. We do not discriminate in recruitment, hiring, training, promotion or other employment practices for reasons of sex , race, religion, national origin, ancestry, physical or mental disability, protected medical condition, genetic information, marital status, registered domestic partner status, age, sexual orientation, military and veteran status or any other basis protected by federal, state or local law or ordinance or regulation.