What are the responsibilities and job description for the Security & Compliance Manager position at Sequel Medical Technology?
About Sequel
Sequel Med Tech is an early-stage company developing the next generation of precision drug delivery devices.
Job Overview
The Security and Compliance Lead will report to the Associate Director of IT and be responsible for developing, implementing, and managing the organization's cybersecurity and compliance initiatives. This role will support achieving and maintaining regulatory certifications, strengthening data governance, enhancing incident response capabilities, and securing the company's data, identities, and applications. The Security and Compliance Lead will play a pivotal role in advancing the organization's cybersecurity maturity and operational resilience.
Job Responsibilities and Essential Duties
Required Knowledge, Skills and Abilities
Sequel Med Tech provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.
Sequel Med Tech is an early-stage company developing the next generation of precision drug delivery devices.
Job Overview
The Security and Compliance Lead will report to the Associate Director of IT and be responsible for developing, implementing, and managing the organization's cybersecurity and compliance initiatives. This role will support achieving and maintaining regulatory certifications, strengthening data governance, enhancing incident response capabilities, and securing the company's data, identities, and applications. The Security and Compliance Lead will play a pivotal role in advancing the organization's cybersecurity maturity and operational resilience.
Job Responsibilities and Essential Duties
- Cybersecurity Frameworks:
- Support and maintain HITRUST e1, SOC 2 Type 2, and NIST 800-171 certifications.
- Define and execute strategies for future compliance with HITRUST R2, NIST 800-53, and GDPR.
- Security Strategy Development:
- Develop and execute a robust security strategy aligned with principles of confidentiality, integrity, and availability.
- Implement data retention policies and security controls within Microsoft Purview to align with organizational data management goals.
- Monitor and audit compliance with data retention policies quarterly to ensure 100% adherence by year-end.
- Identity and Access Management (IAM):
- Oversee day-to-day IAM requests and administration of Single Sign-On (SSO) applications.
- Implement and enforce role-based access controls (RBAC) and least privilege access policies.
- Incident Response:
- Act as a lead member of the Incident Response Team (IRT), coordinating containment, remediation, and reporting for security incidents.
- Develop and test an incident response framework to ensure resolution of critical security events within 24 hours, validated through live simulations.
- Business Continuity and Disaster Recovery (BCDR):
- Lead and facilitate BCDR tabletop exercises to evaluate and enhance readiness for business disruption scenarios.
- Collaborate with cross-functional teams to finalize a comprehensive BCDR plan by Q2 2025.
- General IT Operations Security:
- Ensure IT operations follow security best practices and support business goals.
- Collaborate with IT and compliance teams to secure SharePoint, confidential data, and other critical systems.
- Bachelor’s degree in cybersecurity, information technology or a related field.
- 5 years of experience in cybersecurity or a related role
Required Knowledge, Skills and Abilities
- Strong understanding of HITRUST, SOC 2, and NIST security frameworks.
- Expertise in IAM, SSO systems, and Microsoft Purview.
- Proven ability to lead and manage incident response efforts.
- Experience implementing data governance strategies and security solutions.
- Excellent communication, organizational, and crisis management skills.
- Familiarity with cloud security tools and future-focused frameworks like GDPR and HITRUST R2, SOC 2, NIST preferred.
Sequel Med Tech provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.
