Information Security Lead

We are seeking an Information Security Lead who will serve as the founding security hire and the anchor of Cellares' InfoSec program. This is a hands-on leadership role that blends strategic program development with direct technical execution. The primary focus of this position will be to build and mature the company's security posture, lead a growing team across geographies, and ensure compliance with relevant regulatory frameworks including 21 CFR Part 11, SOC 2, and ISO 27001. This is a multidisciplinary role & this individual will further interface across many parts of the company to drive policy and governance. Candidates should enjoy working in a fast-paced, mission-driven environment, and be prepared to tackle a broad selection of challenges as the company grows.

Responsibilities

Design, build, and continuously improve Cellares' Information Security program from the ground up, including policies, standards, and procedures Develop and maintain a multi-year rolling strategic roadmap aligned to business objectives Lead day-to-day security operations, working closely with the India-based Security Analysts on monitoring, incident response, and vulnerability management. Architect and maintain a cloud security framework across AWS, Azure, or GCP environments used by Cellares Own the security aspects of the software development lifecycle (SDLC), including threat modeling, secure code review, and developer security training Drive compliance efforts for SOC 2 Type II, ISO 27001, and life sciences-specific frameworks (e.g., 21 CFR Part 11, GxP) Conduct and manage third-party risk assessments, vendor security reviews, and penetration testing engagements Collaborate with IT, Engineering, Legal, and Operations to integrate security into all business processes Manage and mentor the India-based Security Analysts, providing technical guidance, career development, and task prioritization Lead incident response activities, conduct post-mortems, and implement lessons-learned improvements Report on security metrics, risks, and program maturity to executive stakeholders

Requirements

Bachelors in Computer Science, or related field 8+ years of progressive information security experience with at least 2 years in a lead or senior individual contributor role Strong hands-on experience with SIEM tools (e.g., Splunk, Sentinel), EDR platforms, and vulnerability management tools (e.g., Tenable, Qualys) Deep knowledge of cloud security architecture (AWS, Azure, or GCP) and cloud-native security tools Experience driving SOC 2, ISO 27001, or NIST CSF compliance programs Proficiency in scripting and automation (Python, Bash, or PowerShell) for security tooling and response Excellent communication and stakeholder management skills — capable of translating technical risk into business language Self-awareness, integrity, authenticity, and a growth/entrepreneurial mindset