Senior Manager, IT Cybersecurity & Compliance
Kardigan · Princeton, New Jersey, United States, South San Francisco, California, United States · Posted Jul 1, 2026
Apply on company site Track it in JobSkout
About Us
Kardigan is a heart health company working to make cardiovascular disease preventable, curable and no longer the leading cause of death in the world.
It is Kardigan’s mission to develop multiple targeted treatments in parallel that bring people with cardiovascular diseases to the cures they deserve.
Led by Tassos Gianakakos, Jay Edelberg, M.D., Ph.D., and Bob McDowell, Ph.D., Kardigan’s co-founders have reunited after leading MyoKardia to discover and develop mavacamten, the first cardiac myosin inhibitor, resulting in an acquisition by Bristol Myers Squibb in 2020.
We have a cutting-edge discovery and translational research platform, a pipeline of late-stage candidates, and an industry-leading team that is driven to improve the lives of patients.
At Kardigan, we are motivated by our values which guide how we work, interact, and achieve our goals. Driven by patients and their families , we are deeply committed to improving the lives of patients and prioritizing their needs above all else. We believe in being authentic —leading with truth to bring out the best in others by creating an environment where every person knows they will be fully accepted. With an eagerness to learn , we encourage the highest levels of curiosity and are open to changing our minds. We are committed to winning as a team with urgency, excellence, and intention, and support each other no matter what role we play or where we sit. Lastly, we strive to enable the impossible because patients are counting on us. We are not afraid to take risks to unlock innovation and advance scientific discoveries.
These values are the foundation of our work, empowering us to make a real difference, every day.
Position Title: Senior Manager, IT Cybersecurity Compliance
Department: Information Technology
Reports To: Senior Director, IT Infrastructure
Location: South San Francisco, CA (preferred) or Princeton, NJ – On-site 4 days per week (Mon to Thurs)
Job Overview
We are seeking a Senior Manager, IT Cybersecurity and Compliance to manage and strengthen our information security, privacy, and IT compliance programs. Reporting to the Senior Director, IT Infrastructure, this role manages the day-to-day security risk management process, runs security awareness and training, and helps ensure compliance with applicable regulations and internal policies (including SOX, GDPR, and GxP). The Senior Manager serves as a primary IT point of contact for audits and assessments, maintains IT security policies and standards, oversees vulnerability management and vendor security reviews, and prepares evidence and attestations for IT General Controls (ITGCs) and related governance processes.
Key Responsibilities
Security governance and program leadership: Help define and execute the IT security and compliance roadmap and operating processes; maintain metrics, reporting, and continuous improvement activities.
Security policies and standards: Maintain and obtain approvals for IT security policies, standards, and procedures (e.g., vulnerability management, patching, configuration baselines, identity and access management, encryption, logging/monitoring, secure remote access, incident response, and third-party risk management), and recommend updates as needed.
Vendor and third-party security assessments: Conduct security due diligence and ongoing monitoring for vendors (SaaS, cloud, MSPs, consultants, and critical suppliers), including risk tiering, questionnaires, evidence review (e.g., SOC 1/2, ISO 27001), remediation tracking, and security addendum requirements in partnership with Legal and Procurement.
Security awareness and training: Run user security training and awareness programs (onboarding, annual training, targeted campaigns, phishing simulations, role-based training), and measure effectiveness through reporting and follow-up actions.
SOX compliance (ITGC): Support and maintain IT General Controls in scope for SOX (access controls, change management, computer operations, system development where applicable). Provide timely evidence, coordinate walkthroughs, respond to auditor requests, and execute remediation and management action plans.
Privacy and regulatory compliance: Partner with Privacy/Legal to support GDPR and other applicable privacy requirements, including security controls, data protection impact inputs, and vendor processing/security reviews.
GxP/regulated environment compliance: Help ensure IT controls and practices support GxP expectations (e.g., validated systems, data integrity/ALCOA+ principles, audit trails, controlled access, change control, backup/restore, and incident handling) in partnership with Quality.
Identity, access, and permissions governance: Operate access governance processes (role design, least privilege, segregation of duties, periodic access reviews). Provide ITGC-related attestations for appropriate roles and permissions, including evidence of approvals and review completion.
Risk management: Maintain …