Information Security Lead

We are seeking an Information Security Lead who will serve as the founding security hire and the anchor of Cellares' InfoSec program. This is a hands-on leadership role that blends strategic program development with direct technical execution. The primary focus of this position will be to build and mature the company's security posture, lead a growing team across geographies, and ensure compliance with relevant regulatory frameworks including 21 CFR Part 11, SOC 2, and ISO 27001. This is a multidisciplinary role & this individual will further interface across many parts of the company to drive policy and governance. Candidates should enjoy working in a fast-paced, mission-driven environment, and be prepared to tackle a broad selection of challenges as the company grows. This is Cellares Cellares is the first Integrated Development and Manufacturing Organization (IDMO) and takes an Industry 4.0 approach to mass manufacturing the living drugs of the 21st century. The company is both developing and operating integrated technologies for cell therapy manufacturing to accelerate access to life-saving cell therapies. The company’s Cell Shuttle integrates all the technologies required for the entire manufacturing process in a flexible and high-throughput platform that delivers true walk-away, end-to-end automation. Cell Shuttles will be deployed in Cellares’ Smart Factories around the world to meet total patient demand for cell therapies at global scale. Partnering with Cellares enables academics, biotechs, and pharma companies to accelerate drug development and scale out manufacturing, lower process failure rates, lower manufacturing costs, and meet global patient demand. The company is headquartered in South San Francisco, California with its commercial-scale IDMO Smart Factory in Bridgewater, New Jersey. The company is backed by world-class investors and has raised over $355 million in financing. Leveling will be based on overall experience, education, and demonstration of knowledge throughout the interview process. Responsibilities Design, build, and continuously improve Cellares' Information Security program from the ground up, including policies, standards, and procedures Develop and maintain a multi-year rolling strategic roadmap aligned to business objectives Lead day-to-day security operations, working closely with the India-based Security Analysts on monitoring, incident response, and vulnerability management. Architect and maintain a cloud security framework across AWS, Azure, or GCP environments used by Cellares Own the security aspects of the software development lifecycle (SDLC), including threat modeling, secure code review, and developer security training Drive compliance efforts for SOC 2 Type II, ISO 27001, and life sciences-specific frameworks (e.g., 21 CFR Part 11, GxP) Conduct and manage third-party risk assessments, vendor security reviews, and penetration testing engagements Collaborate with IT, Engineering, Legal, and Operations to integrate security into all business processes Manage and mentor the India-based Security Analysts, providing technical guidance, career development, and task prioritization Lead incident response activities, conduct post-mortems, and implement lessons-learned improvements Report on security metrics, risks, and program maturity to executive stakeholders Requirements Bachelors in Computer Science, or related field 8+ years of progressive information security experience with at least 2 years in a lead or senior individual contributor role Strong hands-on experience with SIEM tools (e.g., Splunk, Sentinel), EDR platforms, and vulnerability management tools (e.g., Tenable, Qualys) Deep knowledge of cloud security architecture (AWS, Azure, or GCP) and cloud-native security tools Experience driving SOC 2, ISO 27001, or NIST CSF compliance programs Proficiency in scripting and automation (Python, Bash, or PowerShell) for security tooling and response Excellent communication and stakeholder management skills — capable of translating technical risk into business language Self-awareness, integrity, authenticity, and a growth/entrepreneurial mindset

{
  "content_hash": "9beb9370ec53017eeb234d8909b6830e411c2d479356a384aa611da70b4d7e89",
  "source_hash": "df8935e9fe00abee292114d859137990f09502b757896c63484b38f53799e025",
  "last_changed_at": "2026-06-06T07:55:28.368Z",
  "active_status": "active"
}

{
  "language": "en",
  "location": {
    "raw": "South San Francisco, CA",
    "city": "South San Francisco",
    "region": "CA",
    "country": "United States",
    "is_remote": false,
    "confidence": 0.9
  },
  "salary_max": 210000,
  "salary_min": 90000,
  "inferred_at": "2026-06-06T19:44:47.724Z",
  "launch_scope": {
    "reason": "english_us_canada",
    "included": true,
    "language": "en",
    "location": {
      "raw": "South San Francisco, CA",
      "city": "South San Francisco",
      "region": "CA",
      "country": "United States",
      "is_remote": false,
      "confidence": 0.9
    },
    "countries": [
      "United States"
    ]
  },
  "remote_policy": null,
  "salary_period": "year",
  "workplace_type": "on_site",
  "salary_currency": "USD"
}

{}

{
  "lists": [
    {
      "text": "Responsibilities",
      "content": "<div>\n\n<li>Design, build, and continuously improve Cellares' Information Security program from the ground up, including policies, standards, and procedures</li>\n<li>Develop and maintain a multi-year rolling strategic roadmap aligned to business objectives</li>\n<li>Lead day-to-day security operations, working closely with the India-based Security Analysts on monitoring, incident response, and vulnerability management.</li>\n<li>Architect and maintain a cloud security framework across AWS, Azure, or GCP environments used by Cellares</li>\n<li>Own the security aspects of the software development lifecycle (SDLC), including threat modeling, secure code review, and developer security training</li>\n<li>Drive compliance efforts for SOC 2 Type II, ISO 27001, and life sciences-specific frameworks (e.g., 21 CFR Part 11, GxP)</li>\n<li>Conduct and manage third-party risk assessments, vendor security reviews, and penetration testing engagements</li>\n<li>Collaborate with IT, Engineering, Legal, and Operations to integrate security into all business processes</li>\n<li>Manage and mentor the India-based Security Analysts, providing technical guidance, career development, and task prioritization</li>\n<li>Lead incident response activities, conduct post-mortems, and implement lessons-learned improvements</li>\n<li>Report on security metrics, risks, and program maturity to executive stakeholders</li>\n\n</div>"
    },
    {
      "text": "Requirements",
      "content": "<div>\n\n<li>Bachelors in Computer Science, or related field</li>\n<li>8+ years of progressive information security experience with at least 2 years in a lead or senior individual contributor role</li>\n<li>Strong hands-on experience with SIEM tools (e.g., Splunk, Sentinel), EDR platforms, and vulnerability management tools (e.g., Tenable, Qualys)</li>\n<li>Deep knowledge of cloud security architecture (AWS, Azure, or GCP) and cloud-native security tools</li>\n<li>Experience driving SOC 2, ISO 27001, or NIST CSF compliance programs</li>\n<li>Proficiency in scripting and automation (Python, Bash, or PowerShell) for security tooling and response</li>\n<li>Excellent communication and stakeholder management skills — capable of translating technical risk into business language</li>\n<li>Self-awareness, integrity, authenticity, and a growth/entrepreneurial mindset</li>\n\n</div>"
    }
  ],
  "country": "US",
  "createdAt": 1775758489800,
  "updatedAt": null,
  "categories": {
    "team": "IT",
    "location": "South San Francisco, CA",
    "commitment": "Full Time",
    "department": "Information Technology",
    "allLocations": [
      "South San Francisco, CA"
    ]
  },
  "salaryRange": {
    "max": 210000,
    "min": 90000,
    "currency": "USD",
    "interval": "per-year-salary"
  },
  "workplaceType": "onsite"
}