Senior Director, Information Security

The Senior Director Global Information Security and Risk is the senior-most leader accountable for the organizations enterprise-wide information security posture risk management and compliance maturity. Reporting to the CIO this role provides strategic direction technical authority and operational oversight for security across enterprise IT cloud platforms research environments and external partnerships.

Operating at the intersection of academia and industry the Senior Director ensures that security enables scientific innovation while meeting the expectations of commercial partners regulators and funding organizations. This role translates executive risk tolerance and institutional priorities into a coherent defensible and scalable security program and ensures consistent execution through strong domain leadership across Enterprise & Cloud Security Security Operations and Risk management.

The Senior Director is the primary authority on security risk control effectiveness and program maturity and serves as a trusted advisor to executive leadership on the organizations readiness to engage in increasingly complex industry partnerships.

This role is a hybrid position requiring 3 days a week onsite at our office in Cambridge MA.

What You Will Be Doing

• Define own and continuously mature the organizations global information security and risk strategy aligning security investments with institutional mission growth objectives and partnership requirements.
• Establish and maintain a multi-year security roadmap that integrates enterprise cloud application data and operational security capabilities.
• Own the enterprise security risk management program including risk identification assessment prioritization and reporting and maintain the authoritative enterprise risk register.
• Translate executive and board-level risk tolerance into actionable security architectures control frameworks and operational priorities.
• Provide oversight and direction to Associate Directors and senior leaders across Enterprise & Cloud Security Security Operations and GRC ensuring clear accountability and consistent execution.
• Build mentor and sustain a high-performing security leadership team with strong technical depth and management capability.
• Own the overall Information Security budget including planning prioritization forecasting and investment decision-making.
• Govern strategic security tooling vendor relationships and managed service providers to ensure architectural coherence and measurable value.
• Lead the maturation of the organizations compliance and assurance posture supporting frameworks such as HIPAA NIST ISO 27001 SOC 2 FISMA and related standards.
• Ensure security controls are not only compliant but operationally effective repeatable and auditable supporting both regulatory obligations and partner due diligence.
• Serve as the senior technical authority during audits assessments and industry partner security reviews.
• Act as the primary security advisor to the CIO and executive leadership providing clear accurate insight into security posture risk trends and investment needs.
• Develop and deliver executive- and board-level reporting on security risk incidents program maturity and strategic initiatives.
• Own executive-level oversight of security incident response ensuring preparedness effective coordination and durable remediation.
• Partner with Legal Compliance and Data Privacy Research Engineering IT Finance and external stakeholders to embed security into institutional initiatives by design.
• Drive continuous improvement and security transformation through automation standardization and scalable security platforms.

What You Bring Along

• Bachelors degree in Computer Science Information Security Engineering or equivalent professional experience.
• 15 years of progressive experience in information security with at least 10 years leading large multi-domain security programs and teams.
• Demonstrated experience operating at the senior executive level in complex regulated and research-driven environments.
• Deep understanding of enterprise and cloud security architectures identity and access management data protection detection and response and vulnerability management.
• Proven expertise in regulatory and assurance frameworks including HIPAA NIST ISO 27001 SOC 2 FISMA and related standards particularly in life sciences contexts.
• Track record of building and leading senior security leadership teams and influencing organizational change at scale.
• Experience managing significant security budgets complex vendor ecosystems and enterprise-wide security initiatives.
• Strong executive communication skills with the ability to clearly articulate technical risk and security posture to non-technical leaders and boards.
• Pragmatic risk-based approach to security that balances protection usability and scientific velocity.
• CISSP required; additional certifications such as CISM CRISC or cloud security credentials are strongly preferred.

The Broad will not support sponsorship for this position.