Director, Cybersecurity and Compliance
With deep expertise in chemistry, Nuvalent is creating selective medicines to address the needs of patients with cancer. Nuvalent is an exciting early-stage company, bringing together experienced scientists and industry veterans with a proven track record in drug discovery, oncology drug development, and company building.
The Director of Cyber Security & Compliance is responsible for developing comprehensive strategic, operational, and tactical solutions to enhance and support the security and compliance needs of Nuvalent. These solutions drive key initiatives supporting secure, sustainable business growth while ensuring operational control and technology and business activities oversight. This role will significantly oversee security, compliance, and privacy. This individual will report to the Vice President of Information Technology.
- Safeguards information system assets by identifying and solving potential and actual security problems.
- Protects system by defining access privileges, control structures, and resources.
- Recognizes problems by identifying abnormalities, reporting violations.
- Implements security improvements by assessing current situation; evaluating trends; anticipating requirements.
- Determines security violations and inefficiencies by conducting periodic audits.
- Upgrades system by implementing and maintaining security controls.
- Keeps users informed by preparing performance reports, communicating system status.
- Maintains quality service by following organization standards.
- Maintains technical knowledge by attending educational workshops, reviewing publications.
- Assists in the development of privacy safeguards and practices to assure compliance with US and international.
- Establishes, in concert with Legal and Quality, a records retention program.
- Excellent problem solving, communication, and organization skills are required.
- Flexibility with changing priorities, ability to work well under pressure, and take on unfamiliar tasks is required.
- Ability to saliently communicate with end users is required.
- Ability to strategically plan, organize, and manage multiple projects simultaneously is required.
- Strong work ethic with an ability to meet deadlines is required.
- Some off-hours or evening work may be required.
- Periodic travel may be required.
- Bachelor or advanced degree in information technology/business solutions or equivalent work experience is required.
- Minimum of 10 years of hands-on technical Cybersecurity and Compliance experience, 5 of which should have been in the biotech/pharmaceutical industry.
- Extensive experience with in-depth defense concepts and supporting security technologies, including but not limited to; endpoint protection, network access control, data loss protection, application security controls, and identity management.
- Strong knowledge and hands-on experience with securing public cloud environments.
- Expert in InfoSec policy creation, information and data security, and business risk mitigation and management.
- Solid working knowledge of US and international privacy regulations.
- Preferably have either a CISM or CISSP certification or are actively working toward one.
- Strong understanding of identity governance, authentication, and authorization.
Nuvalent provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to religion, race, creed, color, sex, sexual orientation, alienage or citizenship status, national origin, age, marital status, pregnancy, disability, veteran or military status, predisposing genetic characteristics or any other characteristic protected by applicable federal, state or local law.
Nuvalent is aware that many companies are dealing with fraudulent job postings on third-party employment search sites and/or individual(s) or entities claiming to be employees of such companies. Those involved are offering fraudulent employment opportunities to applicants, often asking for sensitive personal and financial information, and using such information for criminal activities.
Please be advised that all legitimate correspondence from a Nuvalent employee will come from “@nuvalent.com” email accounts. Automated system response emails from our Greenhouse applicant tracking system come from a “email@example.com” email address. There are no variations of these email addresses and Nuvalent would not request personal and/or financial information via email. Job opportunities would only be extended after a completed job application is submitted by a candidate and a thorough interview process including 1:1 and/or group interviews via phone, video conferencing and/or in-person.
If you believe you have been contacted by anyone misrepresenting themselves as an employee of Nuvalent, please contact Nuvalent at 857-357-7000. Thank you.