Job Description
Description Description Company Profile Trinity Partners, LLC (“Trinity”)
Chief Information Security Officer The Chief Information Security Officer will lead the development and execution of a comprehensive information security strategy for a global pharmaceutical consulting firm. They will act as the strategic leader of Trinity’s cyber defense program as an integral part of the Trinity leadership team. This role will ensure the confidentiality, integrity, and availability of enterprise data, systems, and infrastructure across all geographies. The CISO will collaborate with executive leadership, IT, legal, compliance, and operations to embed security into the company’s culture and business processes.
The CISO will posses the ability to manage the cybersecurity team to identify, assess and prioritize threats and vulnerabilities across all of Trinity’s environment, while effectively influencing and communicating across multiple teams to help create a cohesive security ecosystem. The ideal candidate will be able to build strong relationships across the business to help identify gaps in security controls, as well as direct internal audits. They will possess an ability to ‘think like an adversary’ and promote security throughout the organization.
Key Objectives
Strategic Leadership
- Develop and implement a global information security strategy aligned with business goals and regulatory requirements
- Establish and maintain enterprise-wide security policies, standards, and procedures.
- Lead the information security governance, risk management, including responsibility for audit readiness and post-assessment remediation plans, especially for ISO 27001 and 42001 gaps
- Define and report on key security metrics (e.g., incident response times, vulnerability remediation SLAs, phishing simulation results) to executive leadership and the board
- Lead the development and enforcement of cloud security strategies across Microsoft 365, Azure, AWS, and other SaaS platforms with emphasis on configuration management, monitoring, and incident detection/remediation in cloud environments
- Foster a security-first culture by engaging business leaders and department heads in regular security briefings and risk discussions.
- Lead threat detection, prevention, and response capabilities, including Security Operations Center (SOC) oversight.
- Ensure the timely investigation, response, and remediation of security incidents and breaches.
- Establish and document a framework-aligned, business-integrated security ecosystem for Trinity and enable mechanisms to showcase it to customers on a need basis.
- Lead data protection efforts across Trinity SaaS, Product and Internal environments , including cloud-native services and large-scale repositories .
Software Development Lifecycle Oversight
- Integrate security practices into the full software development lifecycle, including secure architecture, code review, automated testing for vulnerabilities, and DevSecOps principles.
- Collaborate with IT and Product teams to ensure security controls are embedded from project initiation through deployment.
Vendor & Third-Party Risk Management
- Oversee the security review process for third-party vendors, cloud providers, and partners.
- Ensure supply chain security and resilience.
Operational Oversight
- Oversee the design and implementation of technical safeguards including access control, encryption, patch management, and threat detection systems
- Manage the cybersecurity team, including security engineers, analysts, and external vendors (e.g., Managed SOC services)
- Direct incident response planning and execution, including breach investigations and reporting
- Ensure secure configuration and monitoring of cloud-native services, including identity, access, and data protection controls
- Oversee data governance and protection strategies for large-scale data repositories, including SharePoint Online, OneDrive, and Teams
- Orchestrate regular security audits in SaaS ecosystems, to proactively identify vulnerabilities.
- Collaborate with international teams to maintain consistent security posture and incident response readiness globally
- Champion regular security audits and continuous improvement cycles, with a focus on cloud ecosystem vulnerabilities such as drift in Microsoft 365, AWS, Azure, among others.
Compliance & Risk Management
- Work directly with General Counsel and Compliance group to ensure compliance with HIPAA, GDPR, NIST CSF, SOC 2, ISO 27001 and ISO 42001and other global data protection regulations relevant to pharmaceutical consulting
- Conduct regular risk assessments based on NIST RMF and develop mitigation plans
- Lead external security audits and accreditation surveys
- Ensure security practices are adapted to regional regulatory requirements and cultural contexts across North America, Europe, and Asia.
Training & Awareness
- Champion a culture of security awareness across the organization specifically with development teams
- Develop and deliver training programs tailored to different roles and regions
- Demonstrated ability to communicate complex security concepts to the board, non-technical stakeholders, and external customers in plain, persuasive language.
Technology & Innovation
- Evaluate and implement emerging security technologies (e.g., CASB, PAM, GRC tools)
- Align security architecture with frameworks such as NIST CSF, CIS 18, and OWASP
Qualifications Position Requirements:
Education: Bachelor’s or Master’s degree in Information Security, Computer Science, or related field.
Other Skills: Knowledge and/or working skills in the following areas:
- Experience in pharmaceutical, healthcare, or consulting industries preferred
- Certifications such as CISSP, CISM, CEH, GSEC, ECSA, Security+ or CISA strongly preferred
- Proven ability to lead cross-functional teams and manage global security operations
- Strategic thinking and business acumen
- Strong communication and stakeholder engagement skills with demonstrated record of translating technical content for business adoption
- Experience with vendor management and contract negotiation
- Familiarity with cloud security, application security, and data loss prevention
- Understanding of modern threats and exploits
- Ability to understand and communicate attack chains to management and key stakeholders
- Develop, execute and track the performance of security measures to protect information and network infrastructure and computer systems
- Identify, define and document system security requirements and recommend solutions to management
- Identify and document security requirements and recommend solutions to management
- Ownership of remediation activities for ISO and other regulatory gaps.
- Experience managing or working with Managed Security Service Providers (MSSPs) and Security Operations Centers (SOCs).
- Familiarity with Zero Trust architecture and identity-centric security models.
About Us Trinity Life Sciences is a trusted strategic commercialization partner, providing evidence-based solutions for the life sciences. With 25 years of experience, Trinity is committed to revolutionizing the commercial model by providing exceptional levels of service, powerful tools and data-driven insights. Trinity’s range of products and solutions includes industry-leading benchmarking solutions, powered by TGaS Advisors. To learn more about how Trinity is elevating life sciences and driving evidence to action, visit trinitylifesciences.com.
Trinity’s salary bands account for a wide range of factors that are considered in making compensation decisions including but not limited to skill sets and market demand for skills; level of experience and training; specific qualifications, performance, time in role/company, geographic location, and other business and organizational needs. A reasonable estimate of the current range is
$250,000-$300,000 USD. In addition to your base salary, you will also be eligible for an annual discretionary performance bonus.
Trinity’s Commitment to Diversity, Equity & Inclusion Trinity Life Sciences is an Equal Opportunity Employer that prohibits discrimination and harassment of any kind. Trinity is committed to the principles of diversity, equity, and inclusion and to providing employees with a work environment that is free of discrimination and harassment. All employment decisions at Trinity are based on business needs, job requirements and individual qualifications, without regard to race, color, religion, disability, ethnicity, gender identity or expression, family, parental, or veteran status, and/or any other status based on identity or that is protected by the laws or regulations in the locations where we operate. Trinity will not tolerate any form of discrimination or harassment and encourages applicants of all ages and identities.
For more information about Trinity’s commitment to diversity, equity, and inclusion, you can visit our website.
Job Tags
Contract work, Work experience placement,