Summit Therapeutics, Inc.
Senior Manager, IT Security, Compliance & Infrastructure
Summit Therapeutics, Inc., Princeton, New Jersey, us, 08543
Senior Manager, IT Security, Compliance & Infrastructure
Location: Onsite in Palo Alto, CA or Princeton, NJ Overview
As the Senior Manager, Security, Compliance & Infrastructure, the candidate will be responsible for establishing and leading the Information Technology security program while also supporting core infrastructure operations. This includes designing, implementing, and managing security policies, processes, and controls in alignment with GxP and regulatory requirements, as well as ensuring the stability, scalability, and efficiency of our Microsoft cloud-based infrastructure. The ideal candidate will bring proven expertise in security along with hands-on experience in GxP processes and validated systems. Role And Responsibilities
Establish and lead the Information Technology security program in alignment with the NIST Cybersecurity Framework (CSF). Collaborate with technical and non-technical partners to ensure policies, procedures, work instructions, and practices are compliant with various regulatory authorities including but not limited to SOX, FDA pharmaceutical Industry validation (GxP) and 21 CFR Part 11, HIPAA, EU data privacy (GDPR), NIST Cyber Security Framework (CSF), etc. Scale and optimize Microsoft security tools (Defender, Purview, Sentinel, Intune, Entra ID, etc.) for threat protection, identity management, and data governance. Lead data privacy and protection initiatives, ensuring proper controls for sensitive clinical, R&D, and regulated data. Develop and enforce policies for responsible AI use within the organization, ensuring compliance, data security, and ethical application of AI technologies. Conduct and lead risk assessments, vulnerability management, and incident response programs. Ensure readiness for internal and external audits, including FDA/EMA inspection support for GxP-regulated systems. Lead and advise on system validation practices for all GXP systems. Manage the Change Control Board (CCB) and all related lifecycle changes to systems to ensure effective controls and compliance. Drive security awareness, training, and culture across the organization. Maintain and pursue relevant security certifications (NIST-focused, CISSP, CISM, CISA, Microsoft security certifications) to enhance organizational credibility and maturity. Support and enhance the Microsoft cloud environment (Azure, Microsoft 365, Intune, Teams, SharePoint). Partner with the infrastructure team to manage identity, networking, collaboration platforms, and endpoint operations. Ensure patching, upgrades, and operational stability across cloud services and SaaS applications. Collaborate on projects that improve scalability, performance, and resilience of IT systems. Contribute to vendor evaluation, license management, and technology optimization. All other duties as assigned. Experience, Education And Specialized Knowledge And Skills
Bachelors degree in Computer Science, MIS, Software Engineering or similar strongly preferred Minimum of 8+ years of IT experience, with at least 2 years in security leadership roles. A "hands-on" self-starter with managerial/ leadership experience and a demonstrated ability interact with technical and non-technical staff, various levels of management, and external parties, to accomplish goals and objectives Proven experience in the pharmaceutical / biopharma industry, with strong knowledge of compliance frameworks (GxP, HIPAA, GDPR, 21 CFR Part 11, and biopharma IT compliance needs). Hands-on experience with GxP systems and processes, including validation, documentation, and audit readiness. Strong understanding and practical application of the NIST Cybersecurity Framework (CSF). Preferred relevant certification in security or compliance such as CISSP, CISM, CISA, NIST CSF, CEH, Security+ or Microsoft Security certifications (Azure Security, Security Operations Analyst, or equivalent). Demonstrated expertise in Microsoft cloud security and infrastructure (Azure AD/Entra ID, Microsoft 365, Intune, Defender, Purview, Sentinel). Experience in developing and enforcing data privacy, protection, and governance policies for sensitive clinical, R&D, and regulated data. Proven ability to develop SOPs, IT policies, and governance frameworks that align with regulatory and organizational needs. Knowledge of AI security risks and compliance considerations, with experience in defining policies for responsible AI use in an enterprise or regulated environment. Strong background in incident response, risk assessments, and vulnerability management. Excellent collaboration skills, with the ability to work cross-functionally with IT, R&D, Clinical, QA, and Compliance teams. Outstanding communication, leadership, and vendor management abilities. The pay range for this role is $153,000-$180,000 annually. Actual compensation packages are based on several factors that are unique to each candidate, including but not limited to skill set, depth of experience, certifications, and specific work location. This may be different in other locations due to differences in the cost of labor. The total compensation package for this position may also include bonus, stock, benefits and/or other applicable variable compensation. Summit does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact Summit’s Talent Acquisition team at recruiting@smmttx.com to obtain prior written authorization before referring any candidates to Summit. Seniority level
Mid-Senior level Employment type
Full-time Job function
Strategy/Planning and Information Technology
#J-18808-Ljbffr
Location: Onsite in Palo Alto, CA or Princeton, NJ Overview
As the Senior Manager, Security, Compliance & Infrastructure, the candidate will be responsible for establishing and leading the Information Technology security program while also supporting core infrastructure operations. This includes designing, implementing, and managing security policies, processes, and controls in alignment with GxP and regulatory requirements, as well as ensuring the stability, scalability, and efficiency of our Microsoft cloud-based infrastructure. The ideal candidate will bring proven expertise in security along with hands-on experience in GxP processes and validated systems. Role And Responsibilities
Establish and lead the Information Technology security program in alignment with the NIST Cybersecurity Framework (CSF). Collaborate with technical and non-technical partners to ensure policies, procedures, work instructions, and practices are compliant with various regulatory authorities including but not limited to SOX, FDA pharmaceutical Industry validation (GxP) and 21 CFR Part 11, HIPAA, EU data privacy (GDPR), NIST Cyber Security Framework (CSF), etc. Scale and optimize Microsoft security tools (Defender, Purview, Sentinel, Intune, Entra ID, etc.) for threat protection, identity management, and data governance. Lead data privacy and protection initiatives, ensuring proper controls for sensitive clinical, R&D, and regulated data. Develop and enforce policies for responsible AI use within the organization, ensuring compliance, data security, and ethical application of AI technologies. Conduct and lead risk assessments, vulnerability management, and incident response programs. Ensure readiness for internal and external audits, including FDA/EMA inspection support for GxP-regulated systems. Lead and advise on system validation practices for all GXP systems. Manage the Change Control Board (CCB) and all related lifecycle changes to systems to ensure effective controls and compliance. Drive security awareness, training, and culture across the organization. Maintain and pursue relevant security certifications (NIST-focused, CISSP, CISM, CISA, Microsoft security certifications) to enhance organizational credibility and maturity. Support and enhance the Microsoft cloud environment (Azure, Microsoft 365, Intune, Teams, SharePoint). Partner with the infrastructure team to manage identity, networking, collaboration platforms, and endpoint operations. Ensure patching, upgrades, and operational stability across cloud services and SaaS applications. Collaborate on projects that improve scalability, performance, and resilience of IT systems. Contribute to vendor evaluation, license management, and technology optimization. All other duties as assigned. Experience, Education And Specialized Knowledge And Skills
Bachelors degree in Computer Science, MIS, Software Engineering or similar strongly preferred Minimum of 8+ years of IT experience, with at least 2 years in security leadership roles. A "hands-on" self-starter with managerial/ leadership experience and a demonstrated ability interact with technical and non-technical staff, various levels of management, and external parties, to accomplish goals and objectives Proven experience in the pharmaceutical / biopharma industry, with strong knowledge of compliance frameworks (GxP, HIPAA, GDPR, 21 CFR Part 11, and biopharma IT compliance needs). Hands-on experience with GxP systems and processes, including validation, documentation, and audit readiness. Strong understanding and practical application of the NIST Cybersecurity Framework (CSF). Preferred relevant certification in security or compliance such as CISSP, CISM, CISA, NIST CSF, CEH, Security+ or Microsoft Security certifications (Azure Security, Security Operations Analyst, or equivalent). Demonstrated expertise in Microsoft cloud security and infrastructure (Azure AD/Entra ID, Microsoft 365, Intune, Defender, Purview, Sentinel). Experience in developing and enforcing data privacy, protection, and governance policies for sensitive clinical, R&D, and regulated data. Proven ability to develop SOPs, IT policies, and governance frameworks that align with regulatory and organizational needs. Knowledge of AI security risks and compliance considerations, with experience in defining policies for responsible AI use in an enterprise or regulated environment. Strong background in incident response, risk assessments, and vulnerability management. Excellent collaboration skills, with the ability to work cross-functionally with IT, R&D, Clinical, QA, and Compliance teams. Outstanding communication, leadership, and vendor management abilities. The pay range for this role is $153,000-$180,000 annually. Actual compensation packages are based on several factors that are unique to each candidate, including but not limited to skill set, depth of experience, certifications, and specific work location. This may be different in other locations due to differences in the cost of labor. The total compensation package for this position may also include bonus, stock, benefits and/or other applicable variable compensation. Summit does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact Summit’s Talent Acquisition team at recruiting@smmttx.com to obtain prior written authorization before referring any candidates to Summit. Seniority level
Mid-Senior level Employment type
Full-time Job function
Strategy/Planning and Information Technology
#J-18808-Ljbffr