Director Information Security

Role Summary

Director Information Security will lead security strategy, implement information security policies, manage vendor vetting and auditing, install and manage security software, and serve as the primary point of contact for IT security at Edgewise Therapeutics. This full-time role reports to the Vice President, Head of IT/IS and is based at the corporate headquarters in Boulder, CO.

Responsibilities

• Lead information security practices and monitor computer applications and networks for security issues.
• Develop and communicate security plans for best standards and practices for the company.
• Investigate security breaches and other cybersecurity incidents.
• Develop strategies and make recommendations to senior leadership about security advancements to protect systems.
• Install security measures and operate software to protect systems and information infrastructure, including firewalls and data encryption programs.
• Own the incident response plan and document security breaches and damage assessment.
• Lead the IT team in testing and uncovering network vulnerabilities; fix detected vulnerabilities.
• Evaluate new applications from a security perspective.
• Stay current on IT security trends and news.
• Vet and audit software vendors and suppliers; perform/coordinate penetration testing.
• Assist colleagues in installing security software and understanding information security management.
• Align security solutions with internal data and systems governance requirements.
• Maintain cybersecurity compliance for GxP systems, HIPAA security rule, GDPR and other regulations.
• Read, understand, and comply with workplace health and safety policies and procedures.
• Perform other duties as assigned by supervisor.

Qualifications

• Required: Bachelor's degree in computer science or related field with a minimum of five (10) years leading information security with proven experience developing information security policies; biotech/pharma experience preferred.
• Required: Security Certifications (e.g., CompTIA Security+, CISM).
• Required: Deep understanding of IT security principles, frameworks (NIST, ISO 27001), and best practices.
• Required: Experience in Windows environments and with Microsoft Security tools; familiarity with vendors such as SentinelOne, Zscaler, Avanan, Proofpoint, etc.
• Required: Experience securing and monitoring cloud environments (e.g., Amazon Web Services).
• Required: Experience with computer network penetration testing and techniques; understanding of firewalls, proxies, SIEM, antivirus, and IDPS concepts.
• Required: Ability to mitigate network vulnerabilities and deploy patches in a timely manner with business impact awareness.
• Required: Excellent verbal and written communication skills; strong MS Office skills.

Education

• Bachelor's degree in computer science or related field
• Security Certifications (e.g., CompTIA Security+, CISM)

Additional Requirements

• Occasional evening and weekend work may be required.
• Ability to rapidly respond to security events.
• Role is based at the corporate office in Boulder, CO.