Chief Information Security Officer (Part-time Consultant)

Position SummaryRapidly growing biotech is seeking a foundational Chief Information Security Officer (CISO) to build and lead our enterprise security program from the ground up. This is a hands-on, player-coach role responsible for establishing the strategy, operating model, and core controls needed to protect our applications, data, and infrastructure in a regulated life sciences environment.The CISO will partner closely with IT, R&D, Legal, and executive leadership to embed security into business processes while scaling capabilities pragmatically.Key Responsibilities (Condensed)Build the Security Program: Establish security strategy, policies, roadmap, and governance aligned to NIST/ISO frameworksApplication & Product Security: Implement secure SDLC and integrate security into development pipelinesData Protection & Privacy: Define data security controls (classification, encryption, IAM) and support regulatory compliance (HIPAA, GDPR, GxP)Security Operations: Stand up and oversee monitoring, incident response, and vulnerability management (leveraging MSSPs as needed)Cloud & Infrastructure Security: Secure cloud environments and define baseline architecture and controlsThird-Party Risk: Implement vendor security assessments and ongoing monitoringExecutive & Board Engagement: Report on cyber risk, maturity, and investment prioritiesQualifications12+ years in cybersecurity with experience building or scaling a security programBackground in life sciences, biotech, pharma, or healthcareStrong working knowledge of application security, data security, and SecOpsExperience with cloud security (AWS/Azure/GCP)Familiarity with regulatory and compliance frameworks (HIPAA, GxP, GDPR, NIST, ISO 27001)Ability to operate both strategically and hands-onWhat Success Looks LikeCore security program established (policies, tooling, vendors, roadmap)Security embedded in application development and data workflowsFunctional incident response and vulnerability management processes in placeClear visibility into cyber risk for executive leadership