Director, Security Governance Risk and Compliance

Flagship Pioneering is a bioplatform innovation company that invents and builds platform companies that change the world. We bring together the greatest scientific minds with entrepreneurial company builders and assemble the capital to allow them to take courageous leaps. Those big leaps in human health and sustainability exponentially accelerate scientific progress in areas ranging from cancer detection and treatment to nature-positive agriculture.   

 What sets Flagship apart is our ability to advance biotechnology by uniting life science innovation, company creation, and capital investment under one roof in a way that is largely without precedent. Our scientific founders, entrepreneurial leaders, and professional capital managers are each aligned around an institutionalized process that enables us to innovate and transform for the benefit of people and planet.   

Many of the companies Flagship has founded have addressed humanity’s most urgent challenges: vaccinating billions of people against COVID-19, curing intractable diseases, improving human health, preempting illness, and feeding the world by improving the resiliency and sustainability of agriculture.  

Flagship has been recognized twice on FORTUNE’s “Change the World” list, an annual ranking of companies that have made a positive social and environmental impact through activities that are part of their core business strategies, and has been twice named to Fast Company’s annual list of the World’s Most Innovative Companies.  

The Position 

 We are actively seeking an accomplished and motivated Director of Security Governance, Risk and Compliance who shares our commitment to information security as a cornerstone in safeguarding our organization. In this strategic role, you will oversee Governance, Risk Management, and Compliance initiatives to ensure our security posture aligns seamlessly with business objectives. 

Reporting directly to the Vice President of Information Security, the ideal candidate will possess a strong background in the security landscape, particularly within the realms of governance, risk management, and compliance with flexibility to adjust strategies as the business evolves. We value experience in collaborating with key stakeholders, understanding regulatory requirements, and implementing effective security strategies. 

Key Responsibilities 

Governance: 

• Develop and maintain an information security governance framework. 

• Establish and enforce security policies, standards, and procedures. 

• Provide guidance on security best practices and industry standards. 

• Collaborate with leadership to ensure security strategies align with business objectives. 

Security Risk Management: 

• Lead the security team’s risk management efforts. 

• Conduct risk assessments to identify and evaluate security risks. 

• Develop and implement risk mitigation strategies and action plans. 

• Monitor and report on risk metrics and trends to senior management. 

Compliance: 

• Ensure the organization's compliance with relevant laws, regulations, and industry standards (HITRUST, SOC 2, GDPR, CCPA, FDA Title 21 CFR Part 11). 

• Conduct regular compliance assessments and audits. 

• Collaborate with legal and regulatory affairs to address compliance requirements. 

• Stay abreast of changes in relevant laws and regulations affecting security. 

Security Strategy: 

• Contribute to the development of the organization's overall security strategy. 

• Provide strategic direction for security initiatives and projects. 

• Collaborate with other departments to integrate security into business processes. 

• Assess emerging technologies and trends for their impact on security. 

Security Awareness and Training: 

• Oversee the development and delivery of security awareness programs. 

• Conduct training sessions for employees on security policies and procedures. 

• Foster a security-conscious culture throughout the organization. 

Vendor and Third-Party Risk Management: 

• Assess and manage security risks associated with third-party vendors. 

• Develop and maintain a vendor risk management program. 

• Ensure third-party compliance with security standards. 

Reporting and Communication: 

• Provide regular updates and reports on security, risk, and compliance to senior management. 

• Communicate security strategies and priorities to all stakeholders. 

• Act as a liaison between technical security teams and executive leadership. 

Team Leadership: 

• Build, recruit, lead and manage a team of security professionals. 

• Foster a collaborative and high-performing security team. 

• Provide mentorship and professional development opportunities. 

Continuous Improvement: 

• Identify opportunities for process improvement within the security GRC function. 

• Stay informed about industry trends and best practices. 

• Implement continuous improvement initiatives to enhance security posture. 

 

Qualifications  

• 9+ years experience in information security (or 6 years experience and relevant bachelor’s degree), with a focus on GRC. 

• Strong understanding of governance, risk management, and compliance frameworks. 

• Experience in collaborating with and influencing key stakeholders and ensuring security strategies align with business objectives. 

• Relevant certifications (e.g., CISSP, CISM) are highly desirable. 
• Exceptional communication skills and the ability to convey complex security concepts to non-technical stakeholders. 

This role plays a pivotal part in fortifying our organization's security foundation, ensuring the confidentiality, integrity, and availability of our information assets. If you are a seasoned security professional with a passion for GRC, we invite you to join our dynamic team and contribute to our ongoing commitment to information security excellence. 

Values and Behaviors:

We are seeking individuals with an entrepreneurial spirit, strong communication skills, and comfort working in and contributing to a dynamic and cross-functional team environment. The level of the role will be commensurate with the education and years of experience of the identified candidate.

Flagship Pioneering and our ecosystem companies are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status.

At Flagship, we recognize there is no perfect candidate. If you have some of the experience listed above but not all, please apply anyway. Experience comes in many forms, skills are transferable, and passion goes a long way. We are dedicated to building diverse and inclusive teams and look forward to learning more about your unique background.

Recruitment & Staffing Agencies:  Flagship Pioneering and its affiliated Flagship Lab companies (collectively, “FSP”) do not accept unsolicited resumes from any source other than candidates.  The submission of unsolicited resumes by recruitment or staffing agencies to FSP or its employees is strictly prohibited unless contacted directly by Flagship Pioneering’s internal Talent Acquisition team.   Any resume submitted by an agency in the absence of a signed agreement will automatically become the property of FSP, and FSP will not owe any referral or other fees with respect thereto.

#LI-NM1