General Information

Location: Cary, NC, Remote

Organization: WCG

Job Type: Full Time - Regular

Description and Requirements


ABOUT WCG: WCG’s clinical solutions are built on a foundation of best-in-class clinical services companies. We deliver transformational solutions that stimulate growth, foster compliance, and maximize efficiency for those performing clinical trials. WCG is proud to serve individuals on the frontlines of science and medicine, and the organizations striving to develop new products and therapies to improve the quality of human health. It is our role to empower them to accelerate advancement, while ensuring the risks of progress never outweigh the value of human life.

WHY WE LOVE WCG: At WCG, our employees are our most valuable asset and as with all our assets, we invest in them with an eye toward future success. We provide each eligible employee with a comprehensive set of benefits designed to protect their personal and financial health and to help them make the most of their future.

  • Comprehensive Benefits package - Health, Dental, Vision, Life Disability, 401k with match, and flexible spending accounts
  • Employee Assistance Programs and additional work/life resources
  • Referral Bonuses and Tuition Reimbursement
  • Flexible PTO
  • Volunteer Time Off to benefit the community
  • Opportunities for career development with on-the-job training, certification assistance and continuing education reimbursement

The expected base salary range for this position is $82,080 to $127,500. This salary range may vary based on the candidate's qualifications, experience, skills, education, and geographic location.

JOB SUMMARY: The Cybersecurity Manager is a key member of the Information Security team, directly supporting the Chief Information Security Officer (CISO) in the design, implementation, and ongoing operation of the organization's security program. This role holds primary accountability for maintaining compliance with SOC 2 and ISO 27001 frameworks, facilitating governance committee activities, and acting as a liaison between the security program, internal project teams, and external customers. The Security Manager combines technical knowledge with strong organizational and communication skills to protect the organization's information assets while enabling business objectives.

ESSENTIAL DUTIES/RESPONSIBILITIES:

Framework Compliance – SOC 2 & ISO 27001:

  • Own and manage the organization's SOC 2 (Type I & II) and ISO 27001 compliance programs end-to-end, including control design, evidence collection, gap assessments, and remediation tracking.
  • Serve as the primary point of contact with external auditors and certification bodies; coordinate audit readiness activities and ensure timely responses to audit requests.
  • Maintain and continuously improve the Information Security Management System (ISMS) in alignment with ISO 27001 requirements.
  • Monitor the regulatory and standards landscape for updates to SOC 2 Trust Services Criteria and ISO 27001:2022 and translate changes into actionable program updates.
  • Develop, review, and maintain information security policies, standards, and procedures that satisfy framework requirements.
  • Track and report on control effectiveness metrics, audit findings, and remediation status to the CISO and senior leadership.
Governance & Committee Management:

  • Plan, schedule, and facilitate Information Security Committee meetings, including agenda preparation, material distribution, minute-taking, and action item tracking.
  • Coordinate cross-functional participation in governance bodies (e.g., Risk Committee, Change Advisory Board) and ensure security representation and follow-through.
  • Prepare governance dashboards, risk registers, and Key Risk Indicator (KRI) / Key Performance Indicator (KPI) reports for committee review.
  • Drive accountability across business units by tracking and escalating open security action items through appropriate governance channels.
Security Program Management:

  • Support the CISO in the development, execution, and reporting of the annual information security roadmap and strategic plan.
  • Maintain the security program portfolio, including project status, milestones, dependencies, risks, and resource utilization.
  • Contribute to security initiatives such as vulnerability management, third-party risk management, security awareness training, and incident response planning.
  • Develop and maintain a security metrics program that provides visibility into the health and maturity of the information security function.
  • Support budget planning and vendor management activities relevant to security tools, assessments, and services.
  • Identify and evaluate unsanctioned or emerging AI tool use across the organization (shadow AI), and support processes to assess and approve AI applications in alignment with security and privacy requirements.
  • Track developments in the AI risk and regulatory landscape — including the NIST AI Risk Management Framework (AI RMF) and emerging AI-specific regulations — and surface implications for the security program to the CISO.
Collaboration with Internal Stakeholders:

  • Act as the embedded security resource and advisor for internal project teams throughout the project lifecycle, from initiation through closure.
  • Conduct security reviews and risk assessments for new projects, system changes, and technology implementations; provide documented risk guidance and approval recommendations to project managers.
  • Ensure security requirements are captured and tracked in project plans, and that security sign-off is obtained prior to production releases.
  • Participate in project steering committees and sprint reviews as needed to surface and address security risks in a timely manner.
  • Serve as a liaison and coordination point between CISO’s office and internal security disciplines, including Security Architecture, Risk and Compliance, and Cybersecurity Operations, ensuring alignment on priorities, initiatives, and program goals.
  • Partner with Security Architecture to ensure new designs and technology decisions incorporate security requirements and comply with established frameworks and policies.
  • Work closely with the Risk and Compliance to align risk assessment activities, control mapping, and audit evidence with the broader enterprise risk management program.
  • Coordinate with Cybersecurity Operations on threat monitoring, incident escalation procedures, and operational security metrics, ensuring operational insights inform the program's strategic posture.
  • Collaborate with Security Architecture and Cybersecurity Operations to assess and address AI-specific threat vectors — including prompt injection, model poisoning, adversarial inputs, and AI-enabled social engineering such as deepfakes — as the organization adopts AI-powered tools and services.
  • Collaborate with other departments — including Legal, HR, IT, Product, and Finance — to embed security requirements into business processes, contracts, and organizational change activities.
  • Act as an extension of the CISO within cross-functional forums, representing the security organization's position and priorities while facilitating productive working relationships across teams.
Customer & External Stakeholder Engagement:

  • Respond to customer security questionnaires, due diligence requests, and RFP security sections in an accurate, professional, and timely manner.
  • Serve as a subject-matter expert during customer security reviews, audits, and contract negotiations, working closely with Sales, Legal, and Account Management.
  • Maintain and continuously improve a customer-facing security trust package (e.g., security overview, FAQs, certifications, penetration test summaries).
  • Build and nurture positive relationships with customer security teams, fostering trust and demonstrating the organization's commitment to data protection.
  • Incorporate AI-related security considerations into customer due diligence responses and vendor assessments, including evaluating how third-party AI vendors handle customer data, model training practices, and associated contractual protections.
CISO Support & Additional Responsibilities:

  • Provide direct coordination and strategic support to the CISO, including preparing briefings, board presentations, and executive reports.
  • Monitor the threat intelligence landscape and summarize relevant developments for CISO review and communication to senior leadership.
  • Oversee and coordinate the security awareness and training program.
  • Support the development and testing of the Incident Response and Business Continuity plans, ensuring Business Impact Analysis facilitates cyber tabletop exercises.
  • Collaborator in third-party and vendor risk assessments, ensure an efficient and security proficient process is support.
  • Stay current on emerging security trends, regulations, and industry best practices; recommend program enhancements as appropriate.
  • Coordinate with Legal and Privacy teams on data protection implications of AI adoption across the organization, including risks associated with PII exposure in AI prompts, outputs, and third-party model training pipelines.
  • Other duties as assigned by supervisor. These may, on occasion, be unrelated to the position described here.
EDUCATION REQUIREMENTS:

  • Bachelor's degree in Information Security, Computer Science, Information Systems, or a related field required.
  • Master's degree or equivalent advanced education in a relevant discipline is a plus.

CERTIFICATIONS: No specific certification is required for this role. The following credentials are valued and may be considered during the selection process or supported for attainment after joining:

  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • ISO 27001 Lead Implementer or Lead Auditor
  • SOC 2 / AICPA CISA or equivalent audit-related credential
  • CRISC, or other relevant certifications

QUALIFICATIONS/EXPERIENCE:

  • 5+ years of progressive experience in information security, risk management, or IT compliance.
  • Demonstrated hands-on experience managing SOC 2 audits (Type I and/or Type II) and ISO 27001 certifications, including ISMS implementation.
  • Strong working knowledge of SOC 2 Trust Services Criteria and ISO 27001:2022 control frameworks.
  • Familiarity with additional frameworks and regulations such as NIST CSF, HIPAA, GDPR, SOX, PCI DSS, and FedRAMP.
  • Experience with GRC (Governance, Risk, and Compliance) platforms such as Vanta, Drata, OneTrust, ServiceNow GRC, or similar.
  • Proficiency in risk assessment methodologies and security documentation practices.
  • Working knowledge of cloud security concepts (AWS, Azure, GCP) and common enterprise security technologies.
  • Awareness of AI-specific security risk concepts, including prompt injection, model poisoning, data leakage via AI tools, and adversarial inputs; familiarity with the NIST AI Risk Management Framework (AI RMF 1.0) or ISO/IEC 42001 is a plus.
  • Experience supporting or working directly with a CISO or senior security executive in a program management capacity.
  • Proven track record of engaging with external customers on security topics, including responding to security questionnaires and participating in vendor assessments.
  • Experience facilitating cross-functional governance meetings and managing security committee programs.
  • Exposure to AI risk management concepts or participation in AI-related security assessments is a plus, reflecting the organization's growing focus in this area.
  • Exceptional written and verbal communication skills, with the ability to translate complex security concepts for non-technical audiences.
  • Strong organizational and project management skills; capable of managing multiple concurrent priorities in a fast-paced environment.
  • Collaborative, relationship-oriented approach with the ability to influence stakeholders at all levels without direct authority.

TRAVEL REQUIREMENTS:   

0% – 5%

5% - 10%

10% - 20%

20% - 50%

>50%

Physical and Sensory Requirements:  The physical and sensory requirements described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be offered to individuals with disabilities to assist in performing the essential functions of the position. Work activities involve light to moderate physical effort (for example, sitting in one place for extended periods of time, standing, walking, bending, lifting lightweight objects, intermittent to sustained periods of keyboarding).  Majority of time is spent in a seated position with frequent opportunity to move about at will.  Activities require a variety of easy muscle movements.  Work activities involve a frequent need to concentrate on a variety of sensory inputs for moderate to lengthy durations at a time requiring diligence and attention to interpret effectively.  There will be a need to attend to single or simultaneous tasks where accuracy of details is important.  The need for detailed and precise work is high.  

#LI-Remote

WCG is proud to be an equal opportunity employer – Qualified applicants will receive consideration for employment based on merit and without regard to race, color, national origin or ancestry, religion or creed, sex, sexual orientation, gender expression, gender identity, age, marital status, family or parental status, disability, genetic information, citizenship, veteran status, or any other legally recognized basis or status protected by federal, state, or local law. WCG complies with the Vietnam Era Veterans' Readjustment Act and Section 503 of the Rehabilitation Act. We promote a "One WCG" culture where all are welcome, respected, valued, and empowered to make a difference every day to advance clinical research.

< Back to search results