Director, IT Governance & Cybersecurity
About The Position
The Director, IT Governance, & Cybersecurity is a senior leadership role responsible for building, leading, and continuously maturing KalVista's information security and IT governance program. This individual will serve as the organization's primary cybersecurity leader, owning the full spectrum of IT governance, risk management, regulatory compliance, data protection, and hands-on cybersecurity operations and strategy. This role partners closely with senior executives and cross-functional leaders across HR, Finance, Legal, Regulatory Affairs, Quality, and IT to align the company's security posture with its business objectives, risk tolerance, and obligations under applicable laws and industry standards. As an emerging biotech, KalVista requires a leader who is equally comfortable setting strategic direction and rolling up their sleeves to execute.
Requirements
- Bachelor’s degree in a related field
- 10+ years in cybersecurity, governance, risk, and compliance
- 4+ years director-level leadership
- Experience scaling cybersecurity in high-growth or resource-constrained settings
- MSSP management experience
- Regulated environment experience (SOX ITGC, GxP, FDA)
- Expert familiarity with NIST CSF, ISO 27001, SOX, GDPR, HIPAA
- Working knowledge of GxP, 21 CFR Part 11
- Experience applying CIS Controls
Nice To Haves
- Master’s degree or MBA with tech focus.
- Life sciences/biotech/pharma experience.
- Strong TPRM experience.
- Certifications: CISSP, CISM, CRISC, CISA
- Microsoft security certifications (SC-100, SC-200, AZ-500)
- Strong executive communication
- Deep Microsoft security stack expertise
- Proficiency with vulnerability management, SIEM, email security, endpoint protection
- Cloud security architecture (Azure preferred), IAM, zero trust
- Experience with Druva or similar backup solutions
Responsibilities
- Own and lead the enterprise cybersecurity function, acting as the organization’s de facto CISO-equivalent
- Define, implement, and mature a cybersecurity strategy aligned to NIST CSF
- Lead and manage MSSP and third-party partners
- Oversee security operations and tooling (Azure Security, SentinelOne, Defender suite, Qualys, Mimecast, EOP, Meraki, Intune, AOVPN, GPOs)
- Develop and lead Incident Response
- Drive threat intelligence and vulnerability management
- Champion security awareness
- Develop and maintain the enterprise IT governance framework.
- Own and execute IT Risk Management.
- Lead BC/DR planning and tabletop exercises.
- Provide risk reporting to leadership and Board.
- Develop and execute compliance strategy across InfoSec, privacy, and IT controls
- Own all security policies and SOPs
- Lead SOX ITGC audit coordination
- Ensure compliance with SOX, GDPR, HIPAA, 21 CFR Part 11, GxP
- Identify and remediate policy gaps
- Partner on data governance and privacy programs.
- Oversee data classification, DLP, access control
- Support privacy-by-design for new systems
- Lead vendor security assessments
- Establish third-party risk management
- Partner with Procurement and Legal on vendor security terms
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Director
Number of Employees
11-50 employees
