Associate Director, Cybersecurity in London

Location: On-site (4-days) London/Cambridge office - must be willing to travel

Reporting line: Head of IT Infrastructure, Support Services and Security

Geographical scope: Global

Role Overview

Nxera Pharma is seeking an Associate Director, Cybersecurity to lead and continuously improve cybersecurity across a globally distributed biopharmaceutical environment. This is a senior, hands-on leadership role responsible for protecting Nxera's most valuable digital assets, including research data, intellectual property, scientific platforms, regulated information, corporate systems and commercially sensitive data.

Reporting to the Head of IT Infrastructure, Support Services and Security, the role will act as Nxera's cybersecurity lead, working closely with internal IT teams, business stakeholders and specialist external partners/vendors. The successful candidate will combine strategic cyber risk leadership with practical technical judgement across Microsoft 365, Microsoft Entra ID, Azure, identity, endpoint, cloud, SaaS, data protection and security operations.

The role will partner closely with IT, R&D, Legal, Compliance, Quality and business teams to ensure cybersecurity enables Nxera's mission while reducing risk to the company's data, operations, partners and reputation.

Key responsibilities

• Define, maintain and execute Nxera's cybersecurity strategy, roadmap and operating model, aligned to business priorities and the protection of research data, intellectual property, regulated systems and corporate platforms.
• Own the cybersecurity risk register and act as IT Risk Champion within the company's broader risk management framework, providing clear reporting, metrics and recommendations to IT leadership and senior stakeholders.
• Establish and maintain cybersecurity standards across Microsoft 365, Microsoft Entra ID, Azure, endpoint, network, SaaS, collaboration, identity and cloud services.
• Lead the improvement of core security controls, including multi-factor authentication, Conditional Access, privileged access, endpoint protection, vulnerability management, secure configuration, data loss prevention, encryption, logging and monitoring.
• Provide cybersecurity input into IT projects, infrastructure changes, new SaaS platforms, cloud services and business transformation initiatives, ensuring security controls are practical, supportable and proportionate to risk.
• Partner with R&D, IT, Legal, Compliance, Quality, Privacy and business teams to protect research data, intellectual property, scientific platforms, regulated data and contract-bound information.
• Own and continuously improve Nxera's cyber incident response capability, including playbooks, escalation routes, tabletop exercises, communication protocols and post-incident reviews.
• Manage the relationship and operational effectiveness of external cybersecurity partners/vendors, including SOC/MDR providers, penetration testing providers, security assessors and awareness/training providers.
• Lead vulnerability and exposure management across endpoints, servers, cloud, SaaS, identity, network and externally exposed services.
• Lead proportionate cybersecurity due diligence for key technology suppliers, research partners, SaaS providers, cloud services and outsourced security providers.
• Establish practical cybersecurity guardrails for the safe adoption of AI, machine learning and emerging technologies, particularly where sensitive data, research information or intellectual property may be involved.
• Own, maintain and improve cybersecurity policies, SOPs and control evidence in line with Nxera's compliance framework and applicable obligations.
• Build a pragmatic security culture through targeted awareness, phishing resilience, executive briefings and role-specific guidance for higher-risk groups.
• Drive continuous improvement through lessons learned from incidents, audits, penetration tests, risk assessments and technology changes.

Required qualifications and experience

• Bachelor's or Master's degree in Computer Science, Information Security, Life Sciences or a related discipline, or equivalent professional experience.
• At least seven years' experience in cybersecurity, infrastructure security, security operations or IT risk, including responsibility for security controls across a cloud-first or hybrid enterprise environment.
• Strong working knowledge of Microsoft security technologies, including Microsoft 365, Microsoft Entra ID, Azure security, Intune, Microsoft Defender, Conditional Access, endpoint protection, data loss prevention, logging and monitoring.
• Experience with cybersecurity governance, risk management, incident response, vulnerability management, third-party security assurance and security control improvement.
• Experience managing external cybersecurity partners/vendors, such as SOC/MDR providers, penetration testing providers, security assessors or awareness/training providers.
• Ability to translate technical cybersecurity risks into business impact, pragmatic recommendations and prioritised action plans.
• Excellent communication, stakeholder management and influencing skills, with the ability to work effectively across technical and non-technical teams.
• Strong analytical, planning and delivery skills, with the ability to operate independently as the cybersecurity lead while collaborating across IT and the wider business.
• Fluent English.

Desirable experience

• Experience in biopharma, life sciences, healthcare, R&D or another regulated environment.
• Familiarity with GxP, GLP, GDPR, validated systems, data integrity, research collaborations or contractual partner obligations.
• Experience with recognised cybersecurity frameworks and standards such as NIST CSF, ISO 27001, Cyber Essentials Plus or equivalent.
• Relevant professional certifications such as CISSP, CISM, CCSP, ISO 27001 Lead Implementer/Lead Auditor or equivalent.
• Conversational Japanese would be advantageous.

Personal attributes

• Strategic and pragmatic, with the ability to balance risk management, business enablement and operational practicality.
• Comfortable operating in a hands-on leadership role, moving between strategy, governance, technical detail and incident response as required.
• Confident engaging with both technical and non-technical stakeholders.
• Able to influence without direct authority and build strong relationships across functions and external partners.
• Proactive, self-motivated and able to prioritise effectively in a dynamic environment.
• Strong judgement, discretion and professionalism when handling sensitive information and cybersecurity incidents.

What's in it for you?

• State-of-the-art R&D centre located in the heart of the Cambridge science cluster
• Competitive compensation package including discretionary cash bonuses
• 26 days annual leave in addition to public holidays plus the option to purchase an additional 5 days each year
• Employer contribution to pension
• Private Medical Insurance for employees and family and a cash plan for dental and optical reimbursement
• Health and wellbeing benefits including a subsidised individual gym membership
• Income protection to cover long term absences due to ill health
• Group Death in Service equal to 4x basic annual salary

Opportunity

This is an opportunity to shape and lead cybersecurity across a science-led, globally distributed biopharmaceutical company. The successful candidate will play a critical role in protecting Nxera's research, intellectual property, digital platforms and business operations, while enabling secure collaboration, innovation and growth.

Applications should include a CV and covering letter, providing a short description of the background of your interest in the role.

Interested? Apply and we will be in touch!