Senior Director, CISO – Remote
Curia provides global contract research and manufacturing services to the pharmaceutical and biotechnology industries.
The Senior Director, Chief Information Security Officer (CISO), under the direction of the Chief Information Officer (CIO), is responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. The CISO will lead efforts to safeguard the organization's information systems against cyber threats, manage compliance with regulatory requirements, and foster a culture of security awareness. This role is will manage security operations and vulnerability management of infrastructure, platforms and applications. This position will work with key IT and Business Unit stakeholders to conduct technical analysis and respond to security issues, as well as threats and incidents, vulnerability assessments and remediation, security investigations, end-user computer protection and first and third-party security incident investigations.
Join our talented workforce, where a commitment to excellence and a customer focused attitude is everything. We pursue excellence because our work has the power to improve patients’ lives with the pharmaceuticals we develop and manufacture.
We proudly offer
• Generous benefit options (eligible first day of employment)
• Paid training, vacation and holidays (vacation accrual begins on first day of employment)
• Career advancement opportunities
• Education reimbursement
• 401k program
• Learning platform
• And more!
Key Responsibilities
Strategic Leadership
• Develop, implement, and maintain a comprehensive information security strategy aligned with business objectives
• Collaborate with executive leadership to identify and prioritize security initiatives
• Provide regular updates on cybersecurity risks, incidents, and mitigation strategies to Curia leadership and board of directors
Risk Management and Security Operations
• Assess, monitor, and mitigate information security risks across the organization
• Implement security frameworks such as NIST, ISO 27001, or others as applicable
• Lead security risk assessments, audits, and vulnerability management to ensure compliance and system integrity
• Manage Cybersecurity operations, threat and vulnerability management programs
• Develop and monitor key performance indicator (KPI) metrics; track and report on overall information security performance
Incident Response & Recovery
• Establish and oversee incident response protocols and teams to address potential cybersecurity breaches.
• Lead post-incident reviews to strengthen defenses and update policies.
• Ensure business continuity and disaster recovery plans are robust and tested.
Compliance & Governance
• Ensure compliance with relevant regulations and standards (e.g., GDPR, HIPAA, SOX)
• Establish and maintain policies, procedures, and guidelines to protect sensitive data and intellectual property
• Oversee security awareness training programs for employees
Technology Management
• Evaluate, procure, and deploy security technologies to address emerging threats
• Monitor advancements in cybersecurity tools and techniques to maintain cutting-edge defenses.
• Partner with IT teams to integrate security measures into system design and architecture
Team Leadership
• Build and manage a high-performing information security team
• Foster a culture of accountability, innovation, and continuous learning within the security organization
• Mentor and develop security personnel to enhance organizational capabilities operations function within the company
Qualifications
• Bachelor’s degree in information security or Computer Science or related field
• 10-15 years of experience in Cybersecurity or Cyber Incident Response or Information Technology
• 3+ years of experience in managing Incident Response and Vulnerability Management or other security operations areas
• GCIA, GCIH, GIAC, CISSP, CISA, CEH, or similar certification
• Demonstrated experience applying security and risk frameworks, and regulations such as NIST CSF/800-53/800-171, Cyber Kill Chain, MITRE ATT&CK, OWASP, CSA, etc.
• Deep technical knowledge and experience in SIEM technology, threat intelligence platforms, vulnerability assessment tools, cloud platforms, EDR, Cyber threats and attack vectors, exploitation methods, and IOC and TTP’s
• Experience in threat modeling, threat hunting and intelligence, incident response tabletop exercises, and process automation
• Experience with penetration testing, threat assessments, and vulnerability assessments
• Experience in cybersecurity architecture, cloud security, risk assessment and management, network Security, identity and access management, data security and governance
• Experience managing compliance with global regulatory requirements
Pay Range: $164,000-$212,730/year
Education, experience, location and tenure may be considered along with internal equity when job offers are extended.
We do not accept unsolicited assistance from any headhunters or recruitment firms for any of our job openings. All resumes or profiles submitted by search firms to any employee at Curia, in any form without a valid, signed search agreement by an authorized signatory in place for the specific position, approved by Talent Acquisition, will be deemed the sole property of Curia. No fee will be paid in the event the candidate is hired by Curia because of the unsolicited referral.
All interested applicants must apply online. Please be aware of scammers. Curia will only send offer letters and requests for sensitive personal information from a curiaglobal.com email address. Curia is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability. Curia is an E-Verify employer.