Job Description

About Madrigal:
Madrigal is a biopharmaceutical company pursuing novel therapeutics for non-alcoholic steatohepatitis (NASH), also known as metabolic dysfunction associated steatohepatitis (MASH). Our first therapy, Rezdiffra (resmetirom), was granted accelerated approval by the U.S. Food and Drug Administration (FDA) for the treatment of adults with NASH with moderate to advanced liver fibrosis (consistent with stages F2 to F3 fibrosis) and is being studied in a Phase 3 trial for the treatment of NASH with compensated cirrhosis.

Role Overview:
Chief Information Security Officer (CISO)
As the Chief Information Security Officer (CISO) at Madrigal Pharmaceuticals you will be responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. You will lead the development and implementation of a comprehensive cybersecurity program to mitigate risks, enhance compliance, and safeguard the company’s data, applications, and infrastructure.

Position Responsibilities:  

Strategic Leadership & Governance:

• Develop, implement, and maintain an enterprise-wide information security strategy aligned with business objectives and regulatory requirements.
• Establish cybersecurity policies, standards, and frameworks to protect critical business and customer data.
• Lead the development of a risk management program, identifying vulnerabilities and implementing appropriate mitigation measures.
• Ensure compliance with industry standards and regulatory frameworks (e.g., HIPAA, GDPR, NIST, ISO 27001, SOC 2).
• Report regularly to executive leadership on security risks and mitigation strategies.

Cybersecurity Operations & Risk Management:

• Oversee the security operations center (SOC) and manage incident response, ensuring rapid detection, investigation, and mitigation of security threats.
• Direct the threat intelligence program, ensuring proactive monitoring of emerging cyber threats.
• Conduct regular security assessments, audits, and penetration testing to identify vulnerabilities and strengthen defenses.
• Implement and oversee a business continuity and disaster recovery plan to ensure resilience in case of cyber incidents.
• Develop and oversee security awareness training programs for employees to mitigate insider threats.

Technology & Infrastructure Security :

• Ensure secure design, implementation, and monitoring of cloud-based and on-premises IT infrastructure.
• Lead identity and access management (IAM) strategies, ensuring proper authentication and authorization policies.
• Oversee the development and enforcement of data protection strategies, including encryption, endpoint security, and network security.
• Work closely with IT and engineering teams to integrate security best practices into software development (DevSecOps).
• Evaluate and implement next-generation cybersecurity technologies, such as AI-driven threat detection and zero-trust architecture.

Cross-Functional Collaboration & Compliance :

• Partner with legal, compliance, and risk management teams to ensure adherence to data protection laws and regulatory requirements.
• Work with business leaders, IT teams, and third-party vendors to align security strategies with corporate objectives.
• Establish security requirements and vendor risk management processes for third-party services and cloud providers.
• Drive the adoption of security-focused culture across all business units through education and training programs.

Qualifications and Skills Required:

• Bachelor’s or Master’s degree in Information Security, Computer Science, Engineering, or a related field.
• 15+ years of experience in IT security, including 10+ years in a leadership role overseeing cybersecurity operations / programs.
• Deep expertise in cybersecurity frameworks, compliance standards, and risk management (e.g., NIST, ISO 27001, HIPAA, GDPR, SOC 2).
• Strong background in incident response, threat intelligence, penetration testing, and vulnerability management.
• Hands-on experience with security technologies (e.g., SIEM, firewalls, EDR, IDS/IPS, IAM, DLP).
• Strong knowledge of cloud security architectures (AWS, Azure, Google Cloud) and zero-trust frameworks.
• Familiarity with machine learning / AI-driven security tactics and analytics.
• Excellent communication and presentation skills, with experience reporting to executive leadership.
• Industry-recognized certifications preferred: CISSP, CISM, CISA, CRISC, CCISO, or equivalent.
• Fluency in English.

Relocation assistance available for qualified candidates. 
Compensation:
Base salary is determined by several factors that include, but are not limited to, a successful candidate's qualifications, skills, education, experience, business needs, and market demands. The role may also be eligible for bonus, equity, and comprehensive benefits, which include flexible paid time off (PTO), medical, dental, vision, and life and disability insurance.

Madrigal is an Equal Opportunity Employer. All employment is decided on the basis of qualifications, merit, and business need. Applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex gender identity, sexual orientation, national origin, age, disability, protected veteran or disabled status, or other characteristic protected by applicable federal, state, or local law.

Unsolicited resumes from agencies should not be forwarded to Madrigal. Madrigal will not be responsible for any fees arising from the use of resumes through this source. Madrigal will only pay a fee to agencies if a formal agreement between Madrigal and the agency has been established.

Please be aware that we are currently receiving numerous reports of individuals misrepresenting themselves as Madrigal Pharmaceuticals’ Hiring Managers, seeking to engage with job candidates through fraudulent online advertisements or job posting sites. These unauthorized individuals are using Madrigal’s name and logo in an attempt to solicit up-front fees and obtain personal information from interested job candidates. Please know that Madrigal does not conduct interviews via text or in chat rooms; conduct interviews via Skype, RingCentral or solely via telephone; charge candidates an advance fee of any kind (e.g., fees for purchasing equipment); nor does it offer positions of employment without undergoing a thorough recruiting process. Interviews with Madrigal are conducted via the Zoom platform.

Please also note that any correspondence with regard to employment would come from an authorized madrigalpharma.com email address or from an email address from one of our trusted search firm partners. We are aware that incorrect/fraudulent email addresses, with Madrigal misspelled, have been utilized in these most recent fraud attempts. If you receive unsolicited employment offers from people claiming to work for Madrigal we recommend that you: do not respond to their questions; do not open any attachments; and do not click on any hyperlinks.

Job Tags

Full time, Local area, Relocation package, Flexible hours,

Similar Jobs