Senior manager it security compliance

Location: On-site in Palo Alto, CA or Princeton, NJ

About Summit:

Ivonescimab, known as SMT112, is a novel, potential first-in-class investigational bispecific antibody combining the effects of immunotherapy via a blockade of PD-1 with the anti-angiogenesis effects associated with blocking VEGF into a single molecule. Ivonescimab displays unique cooperative binding to each of its intended targets with multifold higher affinity when in the presence of both PD-1 and VEGF.

Summit has begun its clinical development of ivonescimab in non-small cell lung cancer (NSCLC), with three active Phase III trials:

• HARMONi is a Phase III clinical trial which intends to evaluate ivonescimab combined with chemotherapy compared to placebo plus chemotherapy in patients with EGFR-mutated, locally advanced or metastatic non-squamous NSCLC who have progressed after treatment with a 3rd generation EGFR TKI (e.g., osimertinib).

• HARMONi-3 is a Phase III clinical trial which is designed to evaluate ivonescimab combined with chemotherapy compared to pembrolizumab combined with chemotherapy in patients with first-line metastatic NSCLC.

• HARMONi-7 is a Phase III clinical trial which is intended to evaluate ivonescimab monotherapy compared to pembrolizumab monotherapy in patients with first-line metastatic NSCLC whose tumors have high PD-L1 expression.

Ivonescimab is an investigational therapy that is not approved by any regulatory authority in Summit’s license territories, including the United States and Europe. Ivonescimab was approved for marketing authorization in China in May 2024. Ivonescimab was granted Fast Track designation by the US Food & Drug Administration (FDA) for the HARMONi clinical trial setting .

Overview of Role:

As the Senior Manager, Security, Compliance & Infrastructure, the candidate will be responsible for establishing and leading the Information Technology security program while also supporting core infrastructure operations. This includes designing, implementing, and managing security policies, processes, and controls in alignment with GxP and regulatory requirements, as well as ensuring the stability, scalability, and efficiency of our Microsoft cloud-based infrastructure. The ideal candidate will bring proven expertise in security along with hands-on experience in GxP processes and validated systems.

Role and Responsibilities:

• Establish and lead the Information Technology security program in alignment with the NIST Cybersecurity Framework (CSF).
• Collaborate with technical and non-technical partners to ensure policies, procedures., work instructions, and practices are compliant with various regulatory authorities including but not limited to SOX, FDA pharmaceutical Industry validation (GXP) and 21 CFR Part11, HIPAA, EU data privacy (GDPR), NIST Cyber Security Framework (CSF), etc.
• Scale and optimize Microsoft security tools (Defender, Purview, Sentinel, Intune, Entra ID, etc.) for threat protection, identity management, and data governance.
• Lead data privacy and protection initiatives, ensuring proper controls for sensitive clinical, R&D, and regulated data.
• Develop and enforce policies for responsible AI use within the organization, ensuring compliance, data security, and ethical application of AI technologies.
• Conduct and lead risk assessments, vulnerability management, and incident response programs.
• Ensure readiness for internal and external audits, including FDA/EMA inspection support for GxP-regulated systems.
• Lead and advise on system validation practices for all GXP systems
• Manage the Change control Board (CCB) and all related lifecycle changes to systems to ensure effective controls and compliance
• Drive security awareness, training, and culture across the organization.
• Maintain and pursue relevant security certifications (NIST-focused, CISSP, CISM, CISA, Microsoft security certifications) to enhance organizational credibility and maturity.
• Support and enhance the Microsoft cloud environment (Azure, Microsoft 365, Intune, Teams, SharePoint).
• Partner with the infrastructure team to manage identity, networking, collaboration platforms, and endpoint operations.
• Ensure patching, upgrades, and operational stability across cloud services and SaaS applications.
• Collaborate on projects that improve scalability, performance, and resilience of IT systems.
• Contribute to vendor evaluation, license management, and technology optimization.
• All other duties as assigned.

Experience, Education and Specialized Knowledge and Skills:

• Bachelors degree in Computer Science, MIS, Software Engineering or similar strongly preferred
• Minimum of 8+ years of IT experience, with at least 2 years in security leadership roles.
• A "hands-on" self-starter with managerial/ leadership experience and a demonstrated ability interact with technical and non-technical staff, various levels of management, and external parties, to accomplish goals and objectives
• Proven experience in the pharmaceutical / biopharma industry, with strong knowledge of compliance frameworks (GxP, HIPAA, GDPR, 21 CFR Part 11, and biopharma IT compliance needs).
• Hands-on experience with GxP systems and processes, including validation, documentation, and audit readiness.
• Strong understanding and practical application of the NIST Cybersecurity Framework (CSF).
• Preferred relevant certification in security or compliance such as CISSP, CISM, CISA, NIST CSF, CEH, Security+ or Microsoft Security certifications (Azure Security, Security Operations Analyst, or equivalent).
• Demonstrated expertise in Microsoft cloud security and infrastructure (Azure AD/Entra ID, Microsoft 365, Intune, Defender, Purview, Sentinel).
• Experience in developing and enforcing data privacy, protection, and governance policies for sensitive clinical, R&D, and regulated data.
• Proven ability to develop SOPs, IT policies, and governance frameworks that align with regulatory and organizational needs.
• Knowledge of AI security risks and compliance considerations, with experience in defining policies for responsible AI use in an enterprise or regulated environment.
• Strong background in incident response, risk assessments, and vulnerability management.
• Excellent collaboration skills, with the ability to work cross-functionally with IT, R&D, Clinical, QA, and Compliance teams.
• Outstanding communication, leadership, and vendor management abilities.

The pay range for this role is $153,000-$180,000 annually. Actual compensation packages are based on several factors that are unique to each candidate, including but not limited to skill set, depth of experience, certifications, and specific work location. This may be different in other locations due to differences in the cost of labor. The total compensation package for this position may also include bonus, stock, benefits and/or other applicable variable compensation.

Summit does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact Summit’s Talent Acquisition team at [email protected] to obtain prior written authorization before referring any candidates to Summit.