Chief Information Security Officer - Trinity Life Sciences : Job Details

Overview

Chief Information Security Officer role at Trinity Life Sciences. The Chief Information Security Officer will lead the development and execution of a comprehensive information security strategy for a global pharmaceutical consulting firm. They will act as the strategic leader of Trinity's cyber defense program as an integral part of the Trinity leadership team. This role will ensure the confidentiality, integrity, and availability of enterprise data, systems, and infrastructure across all geographies. The CISO will collaborate with executive leadership, IT, legal, compliance, and operations to embed security into the company's culture and business processes.

About Trinity

Trinity Partners, LLC ( Trinity ).

The Chief Information Security Officer will lead the development and execution of a comprehensive information security strategy for a global pharmaceutical consulting firm. They will act as the strategic leader of Trinity's cyber defense program as an integral part of the Trinity leadership team. This role will ensure the confidentiality, integrity, and availability of enterprise data, systems, and infrastructure across all geographies. The CISO will collaborate with executive leadership, IT, legal, compliance, and operations to embed security into the company's culture and business processes. The CISO will possess the ability to manage the cybersecurity team to identify, assess and prioritize threats and vulnerabilities across all of Trinity's environment, while effectively influencing and communicating across multiple teams to help create a cohesive security ecosystem. The ideal candidate will be able to build strong relationships across the business to help identify gaps in security controls, as well as direct internal audits. They will possess an ability to 'think like an adversary' and promote security throughout the organization.

Key Objectives

• Develop and implement a global information security strategy aligned with business goals and regulatory requirements
• Establish and maintain enterprise-wide security policies, standards, and procedures
• Lead information security governance, risk management, including audit readiness and post-assessment remediation plans, especially for ISO 27001 and 42001 gaps
• Define and report on key security metrics (e.g., incident response times, vulnerability remediation SLAs, phishing simulation results) to executive leadership and the board
• Lead the development and enforcement of cloud security strategies across Microsoft 365, Azure, AWS, and other SaaS platforms with emphasis on configuration management, monitoring, and incident detection/remediation in cloud environments
• Foster a security-first culture by engaging business leaders and department heads in regular security briefings and risk discussions
• Lead threat detection, prevention, and response capabilities, including Security Operations Center (SOC) oversight
• Ensure the timely investigation, response, and remediation of security incidents and breaches
• Establish and document a framework-aligned, business-integrated security ecosystem for Trinity and enable mechanisms to showcase it to customers on a need basis
• Lead data protection efforts across Trinity SaaS, Product and Internal environments, including cloud-native services and large-scale repositories

Software Development Lifecycle Oversight

• Integrate security practices into the full software development lifecycle, including secure architecture, code review, automated testing for vulnerabilities, and DevSecOps principles
• Collaborate with IT and Product teams to ensure security controls are embedded from project initiation through deployment

Vendor & Third-Party Risk Management

• Oversee the security review process for third-party vendors, cloud providers, and partners
• Ensure supply chain security and resilience

Operational Oversight

• Oversee the design and implementation of technical safeguards including access control, encryption, patch management, and threat detection systems
• Manage the cybersecurity team, including security engineers, analysts, and external vendors (e.g., Managed SOC services)
• Direct incident response planning and execution, including breach investigations and reporting
• Ensure secure configuration and monitoring of cloud-native services, including identity, access, and data protection controls
• Oversee data governance and protection strategies for large-scale data repositories, including SharePoint Online, OneDrive, and Teams
• Orchestrate regular security audits in SaaS ecosystems, to proactively identify vulnerabilities
• Collaborate with international teams to maintain consistent security posture and incident response readiness globally
• Champion regular security audits and continuous improvement cycles, with a focus on cloud ecosystem vulnerabilities such as drift in Microsoft 365, AWS, Azure

Compliance & Risk Management

• Work directly with General Counsel and Compliance group to ensure compliance with HIPAA, GDPR, NIST CSF, SOC 2, ISO 27001 and ISO 42001 and other global data protection regulations relevant to pharmaceutical consulting
• Conduct regular risk assessments based on NIST RMF and develop mitigation plans
• Lead external security audits and accreditation surveys
• Ensure security practices are adapted to regional regulatory requirements and cultural contexts across North America, Europe, and Asia

Training & Awareness

• Champion a culture of security awareness across the organization, specifically with development teams
• Develop and deliver training programs tailored to different roles and regions
• Demonstrated ability to communicate complex security concepts to the board, non-technical stakeholders, and external customers in plain, persuasive language

Technology & Innovation

• Evaluate and implement emerging security technologies (e.g., CASB, PAM, GRC tools)
• Align security architecture with frameworks such as NIST CSF, CIS 18, and OWASP

Qualifications

Position Requirements:

Education: Bachelor's or Master's degree in Information Security, Computer Science, or related field.

• Work Experience: 10+

Other Skills: Knowledge and/or working skills in the following areas:

• Experience in pharmaceutical, healthcare, or consulting industries preferred
• Certifications such as CISSP, CISM, CEH, GSEC, ECSA, Security+ or CISA strongly preferred
• Proven ability to lead cross-functional teams and manage global security operations
• Strategic thinking and business acumen
• Strong communication and stakeholder engagement skills with demonstrated record of translating technical content for business adoption
• Experience with vendor management and contract negotiation
• Familiarity with cloud security, application security, and data loss prevention
• Understanding of modern threats and exploits
• Ability to understand and communicate attack chains to management and key stakeholders
• Develop, execute and track the performance of security measures to protect information and network infrastructure and computer systems
• Identify, define and document system security requirements and recommend solutions to management
• Identify and document security requirements and recommend solutions to management
• Ownership of remediation activities for ISO and other regulatory gaps
• Experience managing or working with Managed Security Service Providers (MSSPs) and Security Operations Centers (SOCs)
• Familiarity with Zero Trust architecture and identity-centric security models

Diversity & Inclusion

Trinity Life Sciences is an Equal Opportunity Employer and is committed to diversity, equity, and inclusion. All employment decisions are based on business needs, job requirements and individual qualifications, without regard to protected characteristics.

Salary range: $250,000-$300,000 USD. In addition to base salary, eligible for annual discretionary performance bonus.

How to Apply

Referrals increase your chances of interviewing at Trinity Life Sciences. Get notified about new Chief Information Security Officer jobs in Waltham, MA.