Who You Are

Altos Labs is looking for an experienced and dynamic leader to oversee our cybersecurity initiatives, which include IT security, policies, protocols, and procedures to ensure the safety of the company’s employees, assets, and facilities. The ideal candidate will possess a strong technical background and have extensive experience in managing and implementing diverse IT security controls to address the current landscape of cybersecurity threats. The Cybersecurity leader will account for the development and implementation of an Altos-wide Cybersecurity program to protect, monitor, respond to, and inform on the availability, integrity, and confidentiality of data, applications, and infrastructure. Responsibility includes network security across our data centers, cloud infrastructure, and mobile workforce.

What You Will Contribute to Altos

Responsibilities

• Lead the IT Security team in day-to-day operations, providing technical guidance, and ensuring continuous team development.
• Understand our business and our culture. Collaborate with key stakeholders to align IT security with the overall business objectives. Provide guidance and training to our employees on Cybersecurity risks and best practices.
• Develop, implement, and monitor comprehensive internal and external IT security policies and procedures to ensure the confidentiality, integrity, and availability of all data in partnership with Compliance. In addition, this role will work very closely with the Compliance team at Altos and provide input on compliance policies and programs where applicable.
• Identify potential risks and vulnerabilities in the system and create strategic response plans to mitigate them.
• Conduct regular system reviews to ensure the smooth and efficient operation of security infrastructure. Work internally and with 3rd parties’ auditors to preempt, mitigate, and swiftly respond to any audit findings that require action.
• Provide technical expertise and guidance in establishing and maintaining network architecture and infrastructure. Design, configure, and document Altos’ Firewalls, IDS, IPS, proxy, cloud access and encryption, DMZ architecture, SIEM, logging, anti-virus and anti-malware, endpoint detection and response, host-based firewall, application whitelisting, file integrity monitoring, and data loss prevention.
• Establish disaster recovery procedures and business continuity plans, and conduct drills to ensure the effectiveness of these procedures.
• Keep abreast of the latest security and technology developments to ensure that the company's IT infrastructure is up-to-date and secure.
• Handle the selection and negotiation of IT-related contracts and vendors for cybersecurity services.
• Lead incident response planning as well as the investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches.
• This is a full-time position and may require occasional travel. The nature of the role may require availability outside standard office hours to respond to critical incidents or emergencies.

Qualifications

• Certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or similar from a recognized body (e.g., SANS, ISC2, ISACA) are preferred.
• Extensive knowledge of healthcare regulations, drug development processes, and patient privacy laws like HIPAA is essential. Familiarity with regulations, including GDPR and CCPA, and compliance frameworks such as SOC 2, is required.
• Comprehensive understanding of network architecture, database security, security systems, and latest security protocols and procedures.
• Proven experience with Incident Response planning and execution. Including red team/ blue team exercises.
• Must have demonstrated technical hands-on experience implementing security initiatives that require partnerships with other IT areas and business units.
• Strong knowledge of cybersecurity risk management and IT governance.
• Excellent problem-solving and leadership skills, with the ability to guide and motivate a team.
• Proven experience with change management and leading an organization through change.
• Excellent verbal and written communication skills. Ability to present/communicate to senior leadership and board as needed.
• Flexibility to adjust to changing priorities, timelines, and international time zones.

Education and Experience

• BS in IT Security, Computer Science, or Engineering is required, and MS is preferred.
• 15+ years of IT security and network technical and professional experience are required. Life Sciences and/or Pharma experience is preferred.
• Experience applying HIPAA, GDPR, CCPA, and SOC2 regulations to cybersecurity, creating policies to protect sensitive health data, and ensuring regulatory compliance.
• Experience with Cybersecurity in the Cloud and SaaS applications is required. AWS experience is preferred.

The salary range for this position is $289,000 to $391,000

#LI-LY1