Director of IT Security and Risk Management

Seven Bridges
Job Location
Cambridge, MA
Job Description


We are building the leading platform for analysis of genomic data in the cloud. As part of this, we store and process sensitive genetic information on behalf of our major enterprise clients, such as pharmaceutical and biotech companies, and research universities. Our clients’ trust is one of our most valuable assets, and regulatory compliance is a constant priority. In this role, you will establish a state-of-the-art information security compliance program that will provide our clients with the highest level of assurance that all information assets are safe with Seven Bridges.

As the Director of Information Security, you will ensure that Seven Bridges stays compliant with applicable security frameworks: both regulatory frameworks such as FISMA and FedRAMP, and voluntary standards such as ISO 27001 and SSAE 16. You will work with our Information Security Team and the rest of the staff to develop and enforce policies, procedures, and technical controls and supervise the overall information security management system. You will also coordinate required internal audits of security compliance, prepare Seven Bridges for external audits, and act as the face of the company’s security and compliance efforts to clients and the broader community.


  • Lead regulatory compliance and standards certification-and-accreditation efforts for information security.
  • Manage the operation of the company’s information security management system.
  • Define and maintain a corporate risk register through a well-organized assessment methodology and coordinate security risk assessments for new projects, technologies and partnerships along with Legal and Business Development teams..
  • Create and maintain an effective communication program for the organization, including understanding of new and existing security documents (i.e. policies, standards, guidelines, procedures, and processes), education/awareness.
  • Consult with Legal as needed to resolve potential legal compliance issues and proactively advise Seven Bridges on how to maintain compliance with information security standards and regulations.
  • Lead external-facing meetings and work with Communications team on public communications regarding information security and compliance.


  • Bachelor’s degree in information assurance, security, management information systems, risk management, or equivalent work experience is acceptable.
  • Past senior management or director-level experience managing teams of security professionals is required.
  • 8+ years of related security risk assessment, vulnerability management, or audit work experience is required.
  • Experience guiding an organization through external audits of information security and risk management is required.
  • Strong analytical and product management skills are required, including a thorough understanding of how to interpret customer business needs and translate them into application and operational requirements.
  • An ideal candidate has experience with information security standards such as HIPAA, FISMA, FedRAMP, ISO 27001, NIST 800-53, and SSAE 16 (SOC 2).

And we also think that:

  •    CISSP, CISM, or similar certification is a plus.
  •    Experience working with SaaS providers is a plus, particularly those built on third-party cloud infrastructure.
  •    A thorough understanding of network and application security architecture is a plus.
  •    Familiarity with penetration testing, firewalls, intrusion detection systems, and other best-practice technical controls is a plus.  
  •    Experience working in a fast-paced start-up environment is a plus.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity or national origin.  

How to Apply

To apply please submit your resume and cover letter here.

About Our Organization


Seven Bridges is the biomedical data analysis company accelerating breakthroughs in genomics research for cancer, drug development and precision medicine. We democratize genomics by enabling researchers anywhere to process and understand genomic data quickly and efficiently, at any scale.

Thousands of researchers in government, biotech, pharmaceutical and academic labs use Seven Bridges, including three of the largest genomics projects in the world: U.S. National Cancer Institute’s Cancer Genomics Cloud pilot, the Million Veteran Program, and Genomics England’s 100,000 Genomes Project. As the NIH’s only commercial Trusted Partner, Seven Bridges authenticates and authorizes access to one of the world’s largest cancer genomics dataset.

Our biomedical data analysis platform will be used by the Cancer Moonshot’s Blood Profiling Atlas project, designed to accelerate the development and approval of simple, accurate, and reliable blood tests for cancer diagnosis and precision treatment.

Named one of the world's smartest companies by MIT Technology Review, Seven Bridges has offices in Cambridge, Mass., San Francisco, London, Belgrade, and Istanbul.


An analysis appearing in PeerJ finds that social media mentions of a paper may lead to increased citations.

NIH's Michael Lauer looks at the number of grants, their amount, and funding success rates at the agency for last year.

At Nature, Johns Hopkins' Gundula Bosch describes her graduate program that aims to get doctoral students thinking about the big picture.

Patricia Fara writes about childcare funding, and women in science and science history at NPR.