Senior Manager, Incident Response

Madrigal is a biopharmaceutical company focused on delivering novel therapeutics for metabolic dysfunction-associated steatohepatitis (MASH), a serious liver disease that can progress to cirrhosis, liver failure, need for liver transplantation and premature mortality. Every member of our Madrigal team is connected by our shared purpose: leading the fight against MASH. Madrigal’s medication, Rezdiffra (resmetirom), is a once-daily, oral, liver-directed THR-β agonist designed to target key underlying causes of MASH. Rezdiffra is the first and only medication approved by both the FDA and European Commission for the treatment of MASH with moderate to advanced fibrosis (F2 to F3). An ongoing Phase 3 outcomes trial is evaluating Rezdiffra for the treatment of compensated MASH cirrhosis (F4c). Our success is driven by our people. We are building a dynamic, inclusive, and high-performing culture that values scientific excellence, operational rigor, and collaboration. To support our continued growth, we are strengthening our workforce strategy to ensure we have the right talent, at the right time, in the right way. The Senior Manager, Incident Response leads the organization’s enterprise-wide cyber incident response capability, ensuring rapid detection, containment, and recovery across cloud, identity, endpoint, and SaaS environments. This role combines hands-on technical leadership with program development, driving continuous improvement in response readiness, forensic rigor, and cross-functional coordination to reduce business risk and strengthen organizational resilience. The ideal candidate brings deep expertise in cloud and identity-driven threats, strong investigative discipline, and the ability to translate complex incidents into clear business impact, regulatory implications, and executive-level decisions. Key Responsibilities Lead the organization’s enterprise cyber incident response capability across cloud, identity, endpoint, SaaS, and email environments, ensuring effective detection, containment, eradication, and recovery. Direct technical investigations and forensic activities to determine root cause, scope, and business impact, including risks to sensitive data, intellectual property, and regulated systems, maintaining defensible evidence handling aligned with legal and regulatory requirements. Own the continuous improvement of the incident response program, including readiness, tooling, and alignment to evolving threat and regulatory landscapes. Develop, maintain, and operationalize incident response playbooks, workflows, and tabletop exercises aligned with NIST and MITRE ATT&CK frameworks, including clearly defined escalation paths and decision-making frameworks. Oversee detection and response to phishing, credential compromise, token abuse, and business email compromise, coordinating identity, endpoint, and cloud response actions. Correlate signals across security platforms (EDR, SIEM, identity and cloud telemetry) to identify coordinated or persistent threats and reduce attacker dwell time. Serve as a senior escalation point during high-severity incidents, translating technical findings into business impact, executive-ready communications, and risk-based recommendations. Define and track incident response metrics (e.g., MTTD, MTTR, dwell time, containment effectiveness), lead post-incident reviews, and drive continuous improvement in response effectiveness, resilience, and program maturity. Partner with Security Operations, Engineering, IT, Compliance, Legal, HR, and Communications to align response strategies, remediation efforts, and enterprise risk reduction. Required & Desired Qualifications Required Qualifications 8+ years of experience in cybersecurity, with significant hands-on focus in incident response, threat detection, or security operations. Proven experience leading security incident response in cloud-first environments, including Azure, AWS, and Microsoft 365. Strong working knowledge of endpoint detection and response (EDR), SIEM platforms, identity and cloud-native logging, and security tooling. Demonstrated expertise in investigating phishing, credential compromise, business email compromise (BEC), and identity-driven attacks. Solid understanding of attacker tactics, techniques, and procedures (TTPs) and frameworks such as MITRE ATT&CK. Experience directing or performing digital forensics, incident documentation, and evidence handling in support of legal, regulatory, and compliance requirements. Ability to lead cross-functional response efforts and make sound decisions under pressure during high-severity incidents. Strong written and verbal communication skills, with the ability to translate technical findings into clear, executive-ready summaries and risk-based recommendations. Proven experience acting as an incident commander or senior decision-maker during high-severity security incidents. Demonstrated ability to assess and communicate business and regulatory impact of cyber incidents. Desired Qualifications Experience building, maturing, or scaling an incident response program in complex or regulated environments. Familiarity with regulatory and compliance frameworks such as HIPAA, SOX, FDA, and GDPR, including breach notification and disclosure requirements. Experience leading tabletop exercises, simulations, or crisis management drills involving executive stakeholders. Prior incident commander experience for major security incidents. Background in security automation, SOAR workflows, or response modernization initiatives. Industry certifications such as GNFA, GCIA, GCED, GCIH, CISSP, CISM, CEH, or equivalent. Experience partnering with external incident response firms, cyber insurance providers, or legal counsel during incident response. Experience responding to identity- and SaaS-based attack patterns (e.g., OAuth abuse, token theft). Madrigal offers a competitive Total Rewards strategy to attract and retain top talent and is inclusive of base pay, bonus, equity, and a generous benefits package. Full-time employees are eligible for base salary, bonus, equity, and a comprehensive benefits suite. Base salary is determined by several factors including the candidate’s qualifications, skills, education, experience, business needs, and market demands. As of the date of this posting, a good faith estimate of the current pay scale for this position, applicable to all candidates, is $159,000- $194,000 per year. We comply with all applicable minimum wage laws. All full-time employees receive equity, which reinforces our ownership culture and offers meaningful opportunity for our employees to share in the success they help create. By aligning individual and company performance, we empower employees to think like owners, giving them a stake in the organization. Full-time employees are also eligible for comprehensive benefits, including flexible paid time off, medical, dental, vision and life/disability insurance, and 401(k) offerings (i.e., traditional, Roth, and employer match) in accordance with applicable plans. We also offer additional voluntary benefits like supplemental life insurance, legal services, and other offerings. In addition, we offer mental health benefits through our Employee Assistance Program for employees and their family. The company also provides other benefits in accordance with applicable federal, state, and local laws. We are committed to providing reasonable accommodations for individuals with disabilities throughout the hiring process. If you need assistance, please contact HR@madrigalpharma.com. Madrigal is an Equal Opportunity Employer. All employment is decided on the basis of qualifications, merit, and business need. Applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex gender identity, sexual orientation, national origin, age, disability, protected veteran or disabled status, or other characteristic protected by applicable federal, state, or local law. Unsolicited resumes from agencies should not be forwarded to Madrigal. Madrigal will not be responsible for any fees arising from the use of resumes through this source. Madrigal will only pay a fee to agencies if a formal agreement between Madrigal and the agency has been established. Applications are being accepted on an ongoing basis and can be submitted through our Madrigal Careers site. Please be aware that we have received reports of individuals misrepresenting themselves as Madrigal Pharmaceuticals’ Hiring Managers, seeking to engage with job candidates through fraudulent online advertisements or job posting sites. These unauthorized individuals are using Madrigal’s name and logo in an attempt to solicit up-front fees and obtain personal information from interested job candidates. Please know that Madrigal does not conduct interviews via text or in chat rooms; conduct interviews via Skype, RingCentral or solely via telephone; charge candidates an advance fee of any kind (e.g., fees for purchasing equipment); nor does it offer positions of employment without undergoing a thorough recruiting process. Please also note that any correspondence with regard to employment would come from an authorized madrigalpharma.com email address or from an email address from one of our trusted search firm partners. We are aware that incorrect/fraudulent email addresses, with Madrigal misspelled, have been utilized in these most recent fraud attempts. If you receive unsolicited employment offers from people claiming to work for or on behalf of Madrigal, we recommend that you: do not respond to their questions; do not open any attachments; and do not click on any hyperlinks. Any questions regarding the legitimacy of job-related contacts can be directed to HR@madrigalpharma.com. Join our growing team focused on transforming the treatment of people with liver diseases. Madrigal is an Equal Opportunity Employer. All employment is decided on the basis of qualifications, merit, and business need. Applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex gender identity, sexual orientation, national origin, age, disability, protected veteran or disabled status, or other characteristic protected by applicable federal, state, or local law.