Staff Information Security Engineer

November 13

Apply Now

Receive Emails with Similar Jobs

Adaptive Biotechnologies Corp.

WebsiteLinkedInAll Job Openings

Biotechnology • Healthcare Insurance • Pharmaceuticals

Adaptive Biotechnologies Corp. is a leader in immune-driven medicine, aiming to revolutionize disease detection and treatment. By utilizing the adaptive immune system, the company develops diagnostic and therapeutic solutions powered by its innovative Immune Medicine platform. They offer clinical diagnostics, particularly in Minimal Residual Disease (MRD) testing, and engage in drug discovery and therapeutic development through adaptive immunosequencing technologies. Their biopharma services support the progression of clinical trials and the development of transformative medicines. Adaptive Biotechnologies leverages the complex biology of the immune system, decoding it to advance medical science and improve patient outcomes.

501 - 1000 employees

Founded 2009

🧬 Biotechnology

⚕️ Healthcare Insurance

💊 Pharmaceuticals

💰 $125M Post-IPO Debt on 2022-09

📋 Description

• Serve as subject matter expert on information security, guiding cross-functional partners and leading enterprise-wide risk committees and security reviews. • Participate in the definition and evolution of Adaptive’s cybersecurity strategy, architecture, and GRC roadmap aligned with business priorities. • Develop and maintain security reference architecture across cloud, hybrid, and on-prem environments • Drive the development and implementation of security policies and ISMS practices, ensuring alignment with ISO 27001, SOC 2, TX-RAMP, HIPAA, and other regulatory frameworks. • Lead internal and external audits and certification efforts. • Collaborate with IT, Privacy, and Engineering to design and implement layered security controls across identity, access, network, endpoint, application, and data environments. Continuously evaluate and integrate emerging technologies to strengthen Adaptive’s security architecture. • Conduct enterprise risk assessments, maintain the risk register, and monitor key indicators to identify and remediate non-compliance. • Support customer audits, contract negotiations, and third-party risk management. • Lead the assessment, management and response efforts for incidents, vulnerabilities, and other security events. • Ensure effective deployment and optimization of security tools (e.g., SIEM, EDR, DLP, IAM), ensuring controls meet GRC requirements and business needs. • Lead control testing, continuous monitoring, and third-party penetration testing engagements. • Develop and maintain KPIs, metrics, dashboards and reporting to measure the effectiveness of information security program activities. • Translate technical risks into business impact for non-technical stakeholders and support customer audits and inquiries.

🎯 Requirements

• Bachelors + 12 years of related experience, or Masters + 8 years of related experience • Understand Risk Management principles and the tools to ensure attention is brought to high-risk areas. • Have solid knowledge of ISO 27001, NIST and other information security standards, with some experience implementing these standards. • Good communicator who is used to working in a dynamic environment. • Solid attention to detail and ability to communicate that detail in summary form. • Ability to multi-task and meet deadlines. • Proven ability to achieve results in a fast moving, dynamic environment. • Proven understanding of information security risk assessment and technology risk management and compliance procedures and methodologies. • Ability to establish and maintain relationships with individuals at all levels of the organization, in the business community and with vendors. • Thorough knowledge of all aspects of information security and compliance including SOC 2, ISO 27001/2, and HIPAA. Life sciences, medical device, or healthcare industry experience ideal, particularly experience with FDA cybersecurity guidance. • Solid understanding of application security, cloud security, security operations, incident response and infrastructure security. • Skilled in translating technical data into business impact information, including for non-technical audiences. • Proven analytical and problem-solving abilities. • Prefer one of the following certifications: certificated internal auditor; certified lead implementor CISSP, CISM, CISA or equivalent experience.

🏖️ Benefits

• equity grant • bonus eligible