Information Security Lead

We are seeking an Information Security Lead who will serve as the founding security hire and the anchor of Cellares' InfoSec program. This is a hands-on leadership role that blends strategic program development with direct technical execution.

The primary focus of this position will be to build and mature the company's security posture, lead a growing team across geographies, and ensure compliance with relevant regulatory frameworks including 21 CFR Part 11, SOC 2, and ISO 27001.

This is a multidisciplinary role & this individual will further interface across many parts of the company to drive policy and governance. Candidates should enjoy working in a fast-paced, mission-driven environment, and be prepared to tackle a broad selection of challenges as the company grows.

Design, build, and continuously improve Cellares' Information Security program from the ground up, including policies, standards, and procedures

Develop and maintain a multi-year rolling strategic roadmap aligned to business objectives

Lead day-to-day security operations, working closely with the India-based Security Analysts on monitoring, incident response, and vulnerability management.

Architect and maintain a cloud security framework across AWS, Azure, or GCP environments used by Cellares

Own the security aspects of the software development lifecycle (SDLC), including threat modeling, secure code review, and developer security training

Drive compliance efforts for SOC 2 Type II, ISO 27001, and life sciences-specific frameworks (e.g., 21 CFR Part 11, GxP)

Conduct and manage third-party risk assessments, vendor security reviews, and penetration testing engagements

Collaborate with IT, Engineering, Legal, and Operations to integrate security into all business processes

Manage and mentor the India-based Security Analysts, providing technical guidance, career development, and task prioritization

Lead incident response activities, conduct post-mortems, and implement lessons-learned improvements

Report on security metrics, risks, and program maturity to executive stakeholders

Bachelors in Computer Science, or related field

8+ years of progressive information security experience with at least 2 years in a lead or senior individual contributor role

Strong hands-on experience with SIEM tools (e.g., Splunk, Sentinel), EDR platforms, and vulnerability management tools (e.g., Tenable, Qualys)

Deep knowledge of cloud security architecture (AWS, Azure, or GCP) and cloud-native security tools

Experience driving SOC 2, ISO 27001, or NIST CSF compliance programs

Proficiency in scripting and automation (Python, Bash, or PowerShell) for security tooling and response

Excellent communication and stakeholder management skills — capable of translating technical risk into business language

Self-awareness, integrity, authenticity, and a growth/entrepreneurial mindset