Information Security Lead
About the role
This position is based out of Click’s headquarters located in Tribeca, NYC, at the center of one of the fastest-growing digital health communities. We have a hybrid working model that consists of at least 4 days in office each week.
Responsibilities
- Maintain, and continually improve the Information Security Management System (ISMS) to maintain relevant certifications (e.g., ISO 27001, SOC 2, IEC 81001-5-1 and UK Cyber Essentials Plus).
- Lead the technical security aspects of data privacy to ensure compliance with GDPR, CCPA, and HIPAA.
- Lead and mature the company's Security Operations Center (SOC) capabilities, including threat intelligence, monitoring, detection, and analysis.
- Responsible for collecting, analyzing, escalating, and responding to cybersecurity vulnerabilities, threats, and attacks using SIEM and EDR technologies.
- Collaborate with Engineering to ensure Secure Development Lifecycle (SDLC) practices are followed, integrating threat modeling, static/dynamic analysis, fuzz testing, and formal verification into the development process.
- Develop and maintain reporting of Key Performance Indicators (KPIs) of threats and incidents, including incident response timeliness and general observability metrics.
- Oversee security testing activities, including penetration testing and vulnerability scanning.
- Conduct security training and awareness programs for employees to promote a culture of security.
- Oversee all third-party and vendor risk management activities
- Collaborate with Quality and Regulatory on cybersecurity processes
- Support regulatory submissions by generating Cybersecurity Quality Management System (QMS) documentation, ensuring compliance with FDA Cybersecurity Guidance (2025), EU MDR, NIST 800-53, IMDRF, and AAMI TIR57.
Qualifications
- Experience within a highly regulated industry such as medical devices, pharmaceuticals, biotechnology, or healthcare
- Understanding of common security frameworks and standards, including NIST Cybersecurity Framework (CSF), ISO 27001/27002, and SOC 2.
- Knowledge of risk assessment methodologies, threat modeling, network security, cloud security (AWS), application security, and data protection technologies.
- Experience leading or participating in formal security audits.
- Experience in interfacing with engineering teams and running in tiger-teams or embedded SME Scrum teams.
- Leadership and communication skills, with the ability to articulate complex security concepts to technical and non-technical audiences.
Skills
- Embracing technological evolution is central to our DNA. Because AI defines our future, this role requires a proven ability to integrate AI technologies to drive innovation and impact.
Benefits
The role includes great benefits and is an excellent wealth-building opportunity at a fast-growing pre-IPO company in a nascent and extremely exciting space.
Pay
The base salary range for this position is between: $130,000 - $200,000. The final base salary will be dependent upon skills, experience and location. In addition to the base salary, Click Therapeutics offers an annual performance-based cash bonus and a generous equity package.
Schedule
We have a hybrid working model that consists of at least 4 days in office each week.