VP Head of Information & Data Security (CISO)

GeneDx (Nasdaq: WGS) delivers personalized and actionable health insights to inform diagnosis, direct treatment, and improve drug discovery. The company is uniquely positioned to accelerate the use of genomic and large-scale clinical information to enable precision medicine as the standard of care. GeneDx is at the forefront of transforming healthcare through its industry-leading exome and genome testing and interpretation services, fueled by the world’s largest, rare disease data sets. For more information, please visit www.genedx.com.

Head of Information and Data Security (CISO)

The Head of Information and Data Security (CISO designation) is responsible for developing and executing the enterprise-wide cybersecurity strategy to protect the company’s intellectual property, information, data, and technology assets. This leader will define and drive Information Security strategy and governance, Information Security Risk Management and Compliance, Security Architecture and Operations, and Executive Reporting and Cross Functional Collaboration while ensuring security practices are embedded in business operations. The CISO will serve as the key advisor to executive leadership and the Board of Directors on cybersecurity risks and industry best practices.

This role requires a strategic, business-oriented security leader with expertise in managing cybersecurity in a biotech or highly regulated environment, committed to continuously driving improvements that protect sensitive data while enabling business growth. The CISO will report to the COO and will work closely with Technology, Product, Infrastructure, Innovation, Compliance, Legal, and other key teams. Key Responsibilities include:

Security Strategy & Governance

• Define and execute an enterprise-wide cybersecurity strategy that aligns with business priorities, regulatory requirements, and emerging threats.
• Establish and oversee security governance frameworks, policies, and controls to protect company assets, including sensitive patient and research data, and confidential IP.
• Partner with executive leadership to align security investments with business risk appetite and operational needs.
• Present cybersecurity risks, initiatives, and incident updates to the Board of Directors and Executive Leadership Team.
• Develop and implement a data classification, tagging, and governance program for all GeneDx data to enable advanced security strategies to keep GeneDx Data safe.

• Stay ahead of emerging threats and technologies, including new AI capabilities, to continuously evolve the company’s security posture.

Information Security Risk Management & Security Compliance

• Lead enterprise cyber security risk management efforts, including threat intelligence, risk assessments, and mitigation strategies.
• Ensure compliance with HIPAA, SOC2, PCI, ISO 27001, SOX, and other industry regulations, embedding security controls into corporate operations and collaborating with compliance and privacy teams on shared outcomes.
• Oversee third-party security risk management, ensuring vendors and partners comply with security standards.
• Drive security audits, penetration testing, and vulnerability assessments to proactively identify and mitigate risks.

Security Architecture & Operations

• Oversee the security architecture for cloud, on-prem, and hybrid environments, ensuring scalable and resilient security frameworks.
• Lead incident response and crisis management efforts, ensuring rapid detection, containment, and recovery from cybersecurity events.
• Direct the Managed Security Operations Center, SIEM, Threat Intelligence, and Endpoint Protection programs to safeguard digital assets.

Executive Engagement & Cross-Functional Collaboration

• Act as a trusted advisor to the Executive team and business leaders, embedding security into corporate strategy and digital transformation efforts.
• Be a collaborative leader who builds trust and inspires security-focused behaviors across all levels of the organization including Innovation, Infrastructure, Legal, Compliance, Technology, and Product teams to secure proprietary research, patient data, and digital products.
• Lead employee cybersecurity awareness programs and evaluations, ensuring a culture of security across the enterprise.
• Partner with corporate Technology and Infrastructure teams on business continuity and disaster recovery planning to ensure resilience.

Leadership & Team Development

• Build and lead a high-performing security organization of internal and external resources.
• Foster an inclusive, innovative security culture that balances risk mitigation with business enablement.
• Oversee security budgeting, resource allocation, and investment planning to align with business needs.

Qualifications

• 10+ years of experience in information security or IT risk management, with at least 8 years in a leadership role.
• Proven ability to build cybersecurity programs in a healthcare or biotech environment.
• Deep expertise in regulatory and security compliance frameworks including HIPAA, GDPR, ISO 27001, PCI, SOX, FDA cybersecurity guidelines.
• Strong experience with cloud security (e.g. AWS, Azure, OCI), IAM, SIEM.
• Influential communicator with the ability to translate complex cybersecurity risks into business impact insights for executives, investors, and teammates.
• Hands-on experience leading security incident response and forensic investigations.
• Background in securing digital products & platforms.
• Bachelor’s or Master’s degree in Cybersecurity, Computer Science, Management of Information Systems, or a related field.
• Industry certifications such as CISSP, CCISO

#LIREMOTE