Associate Director, Security Portfolio presso Flagship Pioneering, Inc.

Flagship Pioneering is a life sciences innovation enterprise that creates and funds breakthrough companies developing pioneering biotechnologies. Our ecosystem thrives on innovation, and our security strategy is fundamental to protecting our intellectual property and enabling cutting-edge scientific discovery.

Position Summary

Flagship Pioneering is seeking an Associate Director, Security Portfolio to lead and evolve the security posture across Flagship and its family of companies. This role requires a unique blend of strategic oversight and hands-on technical execution, enabling secure operations across both the corporate environment and a dynamic portfolio of biotech startups.

This individual will drive the development and implementation of a scalable, adaptable enterprise security program, ensuring the needs of individual companies are met while advancing Flagship’s broader cybersecurity vision. The ideal candidate will be equally comfortable building cloud security baselines, advising early-stage founders, enabling R&D agility, and aligning leadership teams on risk-informed decisions.

You will lead critical security programs, influence technology and infrastructure decisions, and serve as a strategic partner to stakeholders across IT, cloud, R&D, legal, and executive leadership.

Key Responsibilities

Security Strategy & Enterprise Enablement

• Develop and drive an ecosystem-wide security roadmap that balances consistency and customization across portfolio companies.
• Translate security risks into actionable recommendations for both early-stage ventures and the Flagship enterprise.
• Partner with internal and external stakeholders to align security practices with business priorities and innovation timelines.

Technical Program Leadership

• Lead and execute security initiatives across cloud infrastructure, IT systems, and business applications.
• Architect and implement core technical controls, including endpoint protection, identity & access management, secure cloud configurations, and monitoring.
• Oversee the selection and deployment of security tooling to support foundational and advanced capabilities.

Embedded Security Partnership

• Act as a trusted security advisor to portfolio companies—engaging with scientific, IT, and leadership teams to embed security into company formation and scale-up.
• Help define security operating models, advise on third-party risk, and guide new ventures through their first audits and assessments.
• Provide on-call support and consultation for high-risk issues, breaches, or escalations.

Governance, Risk & Compliance

• Collaborate with GRC leadership to support the development of security policies, risk assessments, and regulatory readiness (e.g., ISO 27001, SOC 2, NIST).
• Help shape and implement consistent security standards and risk frameworks across diverse operating environments.
• Monitor threat landscape and evolving requirements to proactively update the security roadmap.

Metrics & Accountability

• Define and track key performance indicators (KPIs) and OKRs to measure effectiveness of security programs.
• Build reporting dashboards and communication frameworks for leadership, governance committees, and stakeholders.

Security Culture & Awareness

• Lead targeted security awareness programs that educate employees, scientists, and founders in practical, contextualized ways.
• Promote a culture of security enablement that protects innovation without impeding agility.

Qualifications & Experience

• 7+ years of experience in cybersecurity, ideally spanning both technical and strategic domains.
• Proven track record of implementing enterprise-wide security programs with measurable impact.
• Deep technical expertise in areas such as cloud security (AWS preferred), infrastructure hardening, identity and access management, and detection & response.
• Experience supporting security in scientific, R&D, or innovation-driven environments highly desirable.
• Strong leadership, communication, and influencing skills, with the ability to engage both engineering teams and executive stakeholders.
• Familiarity with regulatory and industry frameworks such as ISO 27001, NIST, SOC 2, and HIPAA.
• Industry certifications such as CISSP, CISM, or CCSP are advantageous but not required.

Flagship Pioneering and our ecosystem companies are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status.

Recruitment & Staffing Agencies:  Flagship Pioneering and its affiliated Flagship Lab companies (collectively, “FSP”) do not accept unsolicited resumes from any source other than candidates.  The submission of unsolicited resumes by recruitment or staffing agencies to FSP or its employees is strictly prohibited unless contacted directly by Flagship Pioneering’s internal Talent Acquisition team.   Any resume submitted by an agency in the absence of a signed agreement will automatically become the property of FSP, and FSP will not owe any referral or other fees with respect thereto.

#LI-NM1