Director of Information Security

The Director of Information Security reports directly to the Head of Information Technology. This position is a "hands-on" role, responsible for establishing and administering the overall strategies, goals, policies, procedures, and IT risk management program for the information security function. Develops and implements information security and disaster recovery programs in accordance with organizational information security standards. This role evaluates information risk on a regular time schedule and promotes information security awareness within the organization., * Ensures accomplishment of all objectives in accordance with company security strategy, policies, procedures, and regulatory standards governing the company.

• Provide strategic direction and guidance to the information security team, aligning security initiatives with business objectives and risk tolerance.
• Ensure compliance with relevant laws, regulations, and industry standards (e.g., GxP, SOX, GDPR, HIPAA, ISO 27001, NIST).

2. Security Governance and Policy

• Establish and maintain the organization's information security policies, standards, and procedures, including governance for Artificial Intelligence (AI) and Generative AI technologies.
• Develop and oversee effective disaster recovery policies and standards to align with company business continuity management program goals.
• Lead the identification, assessment, and prioritization of information security risks, threats, and vulnerabilities across the organization's IT infrastructure, systems, and AI-enabled technologies..
• Develop risk mitigation strategies and controls to address identified risks effectively.
• Conduct regular security reviews and audits to ensure adherence to policies.

3. Risk Management

• Lead the identification, assessment, and prioritization of information security risks, threats, and vulnerabilities across the organization's IT infrastructure and systems.
• Evaluate potential security breaches, coordinate response, and recommend corrective actions.
• Develop and Implement risk mitigation strategies and controls to address identified risks effectively and ensure business-critical services are recovered in the event of disasters or other incidents.
• Provide direction, support, and in-house consulting in these areas.
• Develop capabilities to manage third-party cybersecurity risks.
• Conduct vulnerability assessments and penetration testing to identify weaknesses.

4. Threat Management (Incident Response and Crisis Management)

• Execute strategies for continuously monitoring network traffic, system logs, and user activities to identify unauthorized or suspicious behavior.
• Review security monitoring tools and technologies to detect and alert potential security incidents and anomalies.
• Maintain incident response plans and procedures to effectively mitigate security incidents.
• Lead the investigation of security breaches and incidents, coordinating response efforts and implementing corrective actions as necessary, including law enforcement and forensic investigators.

5. Leadership and Development

• Build, mentor, and manage the team, including analysts, engineers, and architects.
• Foster a culture of security awareness programs across the organization.
• Provide training and development opportunities to enhance team expertise, establish goals and objectives, improve efficiency, and resolve problems.

6. Security Operations and Technology Architecture

• Oversee the design, implementation, and management of security infrastructure, technologies, and tools, ensuring they effectively identify, protect, detect, respond, and recover from security threats & vulnerabilities (e.g., firewalls, SIEM, endpoint protection).
• Evaluate and deploy emerging security technologies to strengthen the organization's defenses.
• Collaborate with IT and DevOps teams to integrate security into system designs and processes, and AI/ML development lifecycles.
• Coordinate the development of implementation plans and procedures to ensure business-critical services are recovered in the event of disasters or other incidents and provide direction, support, and in-house consulting in these areas.
• Maintains current knowledge of industry and regulatory trends and developments for enterprise technology.

7. Compliance and Audit

• Ensure compliance with internal and external regulatory requirements (e.g., GxP, SOX, GDPR, HIPAA, ISO 27001, NIST).
• Manage relationships with auditors and ensure successful completion of security audits.
• Maintain documentation to demonstrate compliance with standards and frameworks.

8. Third Party Risk Management

• Assess and manage risks associated with third-party vendors and service providers, ensuring contractual obligations and security requirements are met.
• Develop processes for evaluating and monitoring vendor security posture and performance.

9. Reporting and Metrics

• Provide regular technical reports and updates to the executive team on security performance, risks, and incidents.
• Define and monitor key performance indicators (KPIs) and metrics for security operations.
• Create reports that communicate the value and impact of the information security program.

10. Change Management

• Lead the change management for reviewing, approving, and implementing changes and ensuring security controls and configurations are updated and maintained.
• Foster open communication and collaboration among stakeholders, creating forums for dialogue to facilitate decision-making and address concerns related to change initiatives.

The ideal candidate will possess excellent communication skills and information security experience. The Director of Information Security will provide the vision and leadership necessary to manage the organization's risk and ensure business alignment, effective governance, system and product availability, integrity, and confidentiality., * Minimum of ten (10) years of experience in information security, with 5+ years in leadership or managerial experience (public company and enterprise environments preferred), in application development and support, architecture, infrastructure, and digital technology.

• Certifications: Active certifications such as CISSP, CISM, or CISA.
• Proven track record of developing and implementing information security strategies and initiatives in alignment with the NIST Cybersecurity Framework.
• Experience conducting risk assessments, vulnerability assessments, and developing risk mitigation strategies.
• Excellent leadership and communication skills, with the ability to collaborate effectively with cross-functional teams and influence stakeholders at all levels of the organization.
• Strong analytical and problem-solving abilities, with a keen attention to detail and the ability to prioritize and manage multiple tasks simultaneously.
• In-depth knowledge of cybersecurity principles, technologies, and best practices.
• Strong knowledge of cybersecurity frameworks, SOX compliance, Security Operations, risk management, and incident response.
• Excellent leadership, communication, and stakeholder management skills.
• Proven ability to inspire cross-functional teams, build stakeholder relationships, and communicate effectively with technical and non-technical audiences, including executive leadership.
• Background in log analysis, AV/Malware, SIEM, DLP, patch management, and InfoSec dashboard metrics creation.
• Experience implementing governance and security controls for Artificial Intelligence (AI) and Generative AI technologies.
• Knowledge of AI risk management frameworks (e.g., NIST AI RMF) and AI-related threats such as model poisoning, adversarial attacks, and data leakage.

Education

• Bachelor's degree in Computer Science, Information Systems, or a related field.

TG Therapeutics is a fully integrated, commercial stage, biotechnology company focused on the acquisition, development and commercialization of novel treatments for B-cell diseases. In addition to a research pipeline including several investigational medicines, TG has received U.S. Food and Drug Administration (FDA) approval for BRIUMVI® (ublituximab-xiiy), for the treatment of adult patients with relapsing forms of multiple sclerosis (RMS), to include clinically isolated syndrome, relapsing-remitting disease, and active secondary progressive disease, as well as approval by the European Commission (EC) and the Medicines and Healthcare Products Regulatory Agency (MHRA) for BRIUMVI to treat adult patients with RMS who have active disease defined by clinical or imaging features in Europe and the United Kingdom, respectively. TG Therapeutics is headquartered in Morrisville, North Carolina. For more information, visit www.tgtherapeutics.com.