Senior Manager, IT Information Security

Company introduction:

Compass Pathways plc (Nasdaq: CMPS) is a biotechnology company dedicated to accelerating patient access to evidence-based innovation in mental health. The Company is headquartered in London, UK, with offices in New York City in the US. We focus on developing novel treatments that have the potential to improve the lives of those who are suffering with mental health conditions and who are not helped by current treatments.

We are pioneering a new paradigm for treating mental health conditions focused on rapid and durable responses through the development of our investigational COMP360 synthetic psilocybin treatment, potentially a first in class treatment. COMP360 has Breakthrough Therapy designation from the US Food and Drug Administration (FDA) and has received Innovative Licensing and Access Pathway (ILAP) designation in the UK for treatment-resistant depression (TRD) due to the pressing unmet need in this area.

We are currently in phase 3 for TRD, have completed phase 2 studies for both post-traumatic stress disorder (PTSD) and anorexia nervosa and are planning a further late-stage study in PTSD. We envision a world where mental health means not just the absence of illness but the ability to thrive. - Compass Pathways.

Job overview:

Compass Pathways is entering a critical phase as we prepare for commercial launch and expansion of our data and technology footprint. We are seeking a hands-on, execution-focused Senior Manager, IT Information Security to lead the development, implementation, and day-to-day operation of the company's cybersecurity program.

This role is responsible for protecting company systems, data, and users, ensuring compliance with regulatory requirements (including GxP, SOX ITGCs, and data privacy obligations), and strengthening the organization's security posture as we scale.

The role operates with a high degree of ownership while collaborating closely with IT leadership, and external partners.

Reports to: VP, Information Technology.

Location: US (East Coast) or UK (London area).

Roles and responsibilities

(Include but are not limited to):

• Security Program Leadership & Execution

• Lead implementation and improvement of the cybersecurity program

• Develop security policies, standards, and procedures

• Support transition to a risk-based security model

• Threat Detection, Monitoring & Incident Response

• Oversee monitoring and alerting with SOC partners

• Manage incident response processes and reporting

• Coordinate response and reporting of security events

• Vulnerability Management & Security Operations

• Lead vulnerability management lifecycle

• Partner with IT teams on remediation

• Ensure controls across endpoints, cloud, and applications

• Support identity and access controls

• Establish and manage cyber security KPI's and metrics

• Compliance, Risk & Data Protection

• Support SOX ITGC controls and audits

• Ensure protection of sensitive data

• Participate in cyber security risk assessments and vendor assessments

• Security Awareness & Training

• Lead awareness programs and phishing simulations

• Promote security culture

• Vendor & Stakeholder Management

• Manage third-party security vendors

• Partner with IT, Legal, and Compliance

• Report on security posture and risks

Candidate Profile:

• Bachelor's degree in IT, Cyber security, or related field
• 8-10 years of IT experience with 4+ years in security
• Hands-on experience across key security domains
• Experience in regulated environments
• Knowledge of security frameworks (NIST, ISO 27001)
• Experience with SOC or MSP providers

Preferred Qualifications

• Experience supporting commercialization
• Familiarity with GxP and SOX controls
• Experience securing healthcare or patient data
• Experience with Microsoft 365 security
• Certifications (CISSP, CISM, Security+)

Key Competencies

• Execution focus
• Risk-based mindset
• Strong communication
• Cross-functional collaboration
• Attention to detail

【For NYC】Compensation Description (annually):

Please note that the base salary range is a guideline, and individual total compensation will vary based on factors such as qualifications, skill level, competencies, and work location.

Base pay is one part of the Total Package that is provided to compensate and recognise employees for their work and any role at Compass, regardless of the location, is eligible for additional discretionary bonuses and equity.

【Base salary per annum】:

$150,000 - $190,000 USD

Benefits & Compensation:

For an overview of our benefits package and compensation information, please visit "Working at Compass".

Equal opportunities:

Reasonable accommodation

We are committed to building a workplace where everyone's wellbeing matters. If you need reasonable accommodation during the interview process to be at your best, please let our recruiting team know.

UK applicants

We are proud of our commitment to diversity and equality (pursuant to the Equality Act 2010). We do not discriminate based upon race, religion or belief, colour, nationality, ethnic or national origin, gender, pregnancy or maternity, marital or civil partner status, sexual orientation, gender reassignment, age or disability.

US applicants

Compass Pathways is proud to be an equal opportunity employer. All employment decisions are based on business needs, job requirements, and individual qualifications, without regard to race, religion, color, national origin, sex (including pregnancy, childbirth, and related medical conditions), ethnicity, age, disability, sexual orientation, gender identity, gender expression, military service, genetic information, familial or marital status, or any other status, category, or characteristic protected by applicable law.

Sponsorship:

Unfortunately, we cannot sponsor employment visas and can only accept applications if you have employment rights in the country to which you are applying.

Data Privacy:

All data is confidential and protected by all legal and data privacy requirements, please see our recruitment Privacy Notice to learn more about how we process personal data.