We are seeking an Information Security Lead who will serve as the founding security hire and the anchor of Cellares' InfoSec program. This is a hands-on leadership role that blends strategic program development with direct technical execution.
The primary focus of this position will be to build and mature the company's security posture, lead a growing team across geographies, and ensure compliance with relevant regulatory frameworks including 21 CFR Part 11, SOC 2, and ISO 27001.
This is a multidisciplinary role & this individual will further interface across many parts of the company to drive policy and governance. Candidates should enjoy working in a fast-paced, mission-driven environment, and be prepared to tackle a broad selection of challenges as the company grows.
We are seeking an Information Security Lead who will serve as the founding security hire and the anchor of Cellares' InfoSec program. This is a hands-on leadership role that blends strategic program development with direct technical execution.
The primary focus of this position will be to build and mature the company's security posture, lead a growing team across geographies, and ensure compliance with relevant regulatory frameworks including 21 CFR Part 11, SOC 2, and ISO 27001.
This is a multidisciplinary role & this individual will further interface across many parts of the company to drive policy and governance. Candidates should enjoy working in a fast-paced, mission-driven environment, and be prepared to tackle a broad selection of challenges as the company grows.
This is Cellares
Cellares is the first Integrated Development and Manufacturing Organization (IDMO) and takes an Industry 4.0 approach to mass manufacturing the living drugs of the 21st century. The company is both developing and operating integrated technologies for cell therapy manufacturing to accelerate access to life-saving cell therapies. The company’s Cell Shuttle integrates all the technologies required for the entire manufacturing process in a flexible and high-throughput platform that delivers true walk-away, end-to-end automation. Cell Shuttles will be deployed in Cellares’ Smart Factories around the world to meet total patient demand for cell therapies at global scale. Partnering with Cellares enables academics, biotechs, and pharma companies to accelerate drug development and scale out manufacturing, lower process failure rates, lower manufacturing costs, and meet global patient demand.
The company is headquartered in South San Francisco, California with its commercial-scale IDMO Smart Factory in Bridgewater, New Jersey. The company is backed by world-class investors and has raised over $355 million in financing.
Leveling will be based on overall experience, education, and demonstration of knowledge throughout the interview process.
Responsibilities
Design, build, and continuously improve Cellares' Information Security program from the ground up, including policies, standards, and procedures
Develop and maintain a multi-year rolling strategic roadmap aligned to business objectives
Lead day-to-day security operations, working closely with the India-based Security Analysts on monitoring, incident response, and vulnerability management.
Architect and maintain a cloud security framework across AWS, Azure, or GCP environments used by Cellares
Own the security aspects of the software development lifecycle (SDLC), including threat modeling, secure code review, and developer security training
Drive compliance efforts for SOC 2 Type II, ISO 27001, and life sciences-specific frameworks (e.g., 21 CFR Part 11, GxP)
Conduct and manage third-party risk assessments, vendor security reviews, and penetration testing engagements
Collaborate with IT, Engineering, Legal, and Operations to integrate security into all business processes
Manage and mentor the India-based Security Analysts, providing technical guidance, career development, and task prioritization
Lead incident response activities, conduct post-mortems, and implement lessons-learned improvements
Report on security metrics, risks, and program maturity to executive stakeholders
Requirements
Bachelors in Computer Science, or related field
8+ years of progressive information security experience with at least 2 years in a lead or senior individual contributor role
Strong hands-on experience with SIEM tools (e.g., Splunk, Sentinel), EDR platforms, and vulnerability management tools (e.g., Tenable, Qualys)
Deep knowledge of cloud security architecture (AWS, Azure, or GCP) and cloud-native security tools
Experience driving SOC 2, ISO 27001, or NIST CSF compliance programs
Proficiency in scripting and automation (Python, Bash, or PowerShell) for security tooling and response
Excellent communication and stakeholder management skills — capable of translating technical risk into business language
Self-awareness, integrity, authenticity, and a growth/entrepreneurial mindset
