Senior Director, Information Security

Flagship Pioneering is a bioplatform innovation company that invents and builds platform companies that change the world. We bring together the greatest scientific minds with entrepreneurial company builders and assemble the capital to allow them to take courageous leaps. Those big leaps in human health and sustainability exponentially accelerate scientific progress in areas ranging from cancer detection and treatment to nature-positive agriculture.   

 What sets Flagship apart is our ability to advance biotechnology by uniting life science innovation, company creation, and capital investment under one roof in a way that is largely without precedent. Our scientific founders, entrepreneurial leaders, and professional capital managers are each aligned around an institutionalized process that enables us to innovate and transform for the benefit of people and planet.   

Many of the companies Flagship has founded have addressed humanity’s most urgent challenges: vaccinating billions of people against COVID-19, curing intractable diseases, improving human health, preempting illness, and feeding the world by improving the resiliency and sustainability of agriculture.  

Flagship has been recognized twice on FORTUNE’s “Change the World” list, an annual ranking of companies that have made a positive social and environmental impact through activities that are part of their core business strategies, and has been twice named to Fast Company’s annual list of the World’s Most Innovative Companies. 

Position Summary

The Sr Director, Information Security will establish and manage a comprehensive cybersecurity program tailored to Flagship’s unique environment. You will oversee all aspects of cybersecurity governance, risk management, and compliance, ensuring alignment with business goals. This role involves hands-on leadership, strategic vision, and executive-level collaboration across Flagship and its affiliated companies.

Key Responsibilities

Strategic Leadership and Governance

• Cybersecurity Strategy: Develop, implement, and monitor a comprehensive cybersecurity strategy aligned with Flagship’s business objectives and the unique requirements of our diverse portfolio.
• Governance Structure: Establish a cybersecurity governance model, including a steering committee to ensure consistent oversight and strategic alignment.
• Reporting and Metrics: Regularly report on the status of cybersecurity efforts to executive leadership and the board, ensuring transparency and accountability.
• Policy Development: Oversee the creation and enforcement of cybersecurity policies and frameworks that address risk, compliance, and operational effectiveness.

Operational Management

• Security Operations: Manage internal and third-party security operations, including threat monitoring, incident response, and the deployment of technical security measures like firewalls, IDS/IPS, and encryption.
• Risk Management: Conduct enterprise-wide risk assessments and oversee mitigation strategies, ensuring compliance with regulations like HIPAA, GDPR, and HITRUST.
• Vendor and Technology Management: Evaluate and oversee security requirements for technology partners, including assessments of potential SaaS and infrastructure providers.
• Incident Response and Business Continuity: Lead the development of disaster recovery and incident response protocols to maintain business continuity.

Collaboration and Communication

• Executive Liaison: Act as the primary cybersecurity advisor for executive leadership, communicating complex security concepts to both technical and non-technical audiences.
• Cross-Functional Collaboration: Work closely with teams across IT, legal, HR, compliance, and operations to ensure a cohesive and secure environment.
• Portfolio Engagement: Serve as a cybersecurity resource for Flagship portfolio companies, advising on security best practices tailored to their stages of growth.

Education and Awareness

• Training Programs: Design and implement security awareness training for all employees, measuring effectiveness and adapting programs to evolving threats.
• Security Culture: Foster a culture of cybersecurity awareness and proactive risk management throughout the organization.

Qualifications

Education and Experience

• Bachelor’s degree in a relevant field or equivalent experience; advanced degrees or professional certifications (CISSP, CISM, CISA) are preferred.
• 7+ years of experience in cybersecurity, with 4+ years in leadership roles within complex organizations.
• Proven experience developing and implementing cybersecurity programs in cloud-native and highly regulated environments (e.g., health sciences, biotechnology).
• Expertise in relevant laws and frameworks, including NIST, ISO/IEC 27001, GDPR, and HIPAA.

Technical and Business Acumen

• Deep knowledge of cybersecurity technologies, risk management practices, and compliance requirements.
• Experience securing distributed, cloud-based infrastructures.
• Demonstrated success in navigating and influencing complex organizational structures.
• Familiarity with AI and ML security challenges and best practices.

Skills and Attributes

• Communication: Exceptional ability to articulate cybersecurity concepts and strategies to diverse audiences.
• Leadership: Strong strategic vision, with a track record of building and managing high-performing cybersecurity teams.
• Collaboration: Skilled in engaging cross-functional teams and external partners to align security practices with business goals.
• Problem-Solving: Analytical thinker who can balance risk and innovation in fast-paced environments.

Why Join Flagship Pioneering?

• Mission-Driven Impact: Contribute to life-changing innovations in healthcare and sustainability.
• Dynamic Learning Environment: Engage with cutting-edge technology and shape security practices for transformative companies.
• Leadership Opportunity: Drive the development of an impactful cybersecurity program from the ground up.

Flagship Pioneering and our ecosystem companies are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status.

At Flagship, we recognize there is no perfect candidate. If you have some of the experience listed above but not all, please apply anyway. Experience comes in many forms, skills are transferable, and passion goes a long way. We are dedicated to building diverse and inclusive teams and look forward to learning more about your unique background.

Recruitment & Staffing Agencies:  Flagship Pioneering and its affiliated Flagship Lab companies (collectively, “FSP”) do not accept unsolicited resumes from any source other than candidates.  The submission of unsolicited resumes by recruitment or staffing agencies to FSP or its employees is strictly prohibited unless contacted directly by Flagship Pioneering’s internal Talent Acquisition team.   Any resume submitted by an agency in the absence of a signed agreement will automatically become the property of FSP, and FSP will not owe any referral or other fees with respect thereto.

#LI-NM1