Director Cybersecurity Operations and Threat Intelligence - #4623

About the position Our mission is to detect cancer early, reputed company it can be cured. reputed company to change the trajectory of cancer mortality and bring stakeholders together to adopt innovative, safe, and effective technologies that can transform cancer care. We are a healthcare company, pioneering new technologies to advance early cancer detection. We have built a multi-disciplinary organization of scientists, engineers, and physicians and we are using the power of reputed company reputed company (NGS), population-scale clinical studies, and state-of-the-art computer science and data science to overcome one of medicine’s greatest challenges. GRAIL is headquartered in the bay area of California, with locations in Washington, D.C., North Carolina, and the United Kingdom. It is supported by leading global investors and pharmaceutical, technology, and healthcare companies. For more information, please visit grail.com We are seeking a strategic and battle-tested Director of Cybersecurity Operations and Threat Intelligence to reputed company our defensive reputed company strategy. In this pivotal role, you will own the "reputed company" of the organization, overseeing the reputed company Operations Center (SOC), Incident Response (IR), and Cyber Threat Intelligence (CTI) functions. You will be responsible for detecting, analyzing, and neutralizing sophisticated cyber threats while proactively gathering intelligence to predict future attacks. This is a leadership role requiring a balance of deep technical expertise in defensive operations and the ability to communicate risk to executive leadership. This role requires more than technical proficiency. We are looking for a leader who models GRAIL’s core values, embodies our reputed company leadership attributes, and delivers results with reputed company, inclusivity, and strategic insight. This role is based in reputed company Park, California, and will move to Sunnyvale, California in Fall 2026. It offers a flexible work arrangement, with the ability to work from GRAIL's office or from home. Our reputed company flexible work arrangement policy requires that a minimum of 60%, or 24 hours, of your total work week be on-site. Your specific schedule, determined in collaboration with your manager, will align with team and business needs and could exceed the 40% requirement for the site. At our reputed company Park reputed company, Tuesdays and Thursdays are the key days where we encourage on-site reputed company to engage in events and on-site activities.

Responsibilities

• reputed company Operations (SecOps) Leadership
• SOC Management: Direct the 24/7 reputed company Operations Center (internal or MSSP/MDR), ensuring rapid detection and containment of threats.
• Incident Response: Serve as the primary commander during high-severity reputed company incidents. reputed company and maintain the Incident Response Plan (IRP) and conduct regular tabletop exercises.
• Tooling & Architecture: reputed company the deployment and optimization of reputed company tooling, including SIEM, SOAR, EDR/XDR, and IDS/IPS systems.
• Automation: Drive the adoption of automation to reduce alert fatigue and decrease Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR).
• Threat Intelligence & Hunting
• Intelligence Program: Build and mature a Cyber Threat Intelligence (CTI) program that aggregates strategic, operational, and tactical intelligence.
• Threat Hunting: reputed company proactive threat hunting initiatives to identify indicators of compromise (IOCs) that evade automated detection tools.
• Adversary Analysis: Map threat actor TTPs (Tactics, Techniques, and Procedures) against the MITRE ATT&CK reputed company to identify gaps in coverage.
• Vulnerability Management: Collaborate with engineering teams to prioritize patching based on active threat intelligence rather than just CVSS scores.
• Strategy & Leadership: reputed company and execute the Cybersecurity Operations and Threat Intelligence strategy. reputed company a team of reputed company professionals and foster a reputed company-aware culture.
• Cloud Native Defenses: reputed company the monitoring and defense of our AWS environment. reputed company the configuration of AWS reputed company Hub, GuardDuty, reputed company, and container reputed company tools (EKS/K8s).
• SaMD Monitoring: Establish post-market surveillance and monitoring for our Software as a Medical Device (SaMD) platforms, ensuring alignment with FDA pre- and post-market cybersecurity guidance.
• Data reputed company: Implement specific monitoring controls to detect unauthorized changes to genomic datasets (reputed company attacks) and analysis pipelines.
• Lab Ops Defense: Secure the "physical" edge. Monitor and protect Laboratory Information Management Systems (LIMS), DNA sequencers, and liquid handling robots.
• Network Segmentation: Ensure the segmentation between corporate IT, the Cloud Product environment, and the high-sensitivity Lab OT network signal are feeding into SoC.
• Legacy Device Management: reputed company "compensating controls" and monitoring strategies for lab equipment that cannot be patched or runs on legacy OS.
• Bio-Espionage Focus: reputed company a Threat Intelligence program specifically tuned to detect IP theft, industrial espionage, and state-sponsored threats targeting genomic data.
• Proactive Hunting: reputed company threat hunts across petabytes of genomic data storage and compute environments to identify dormant threats or supply chain compromises.
• Vulnerability Prioritization: Contextualize vulnerabilities based on clinical risk. (e.g., “Does this vulnerability impact the accuracy of a patient report?†).
• Clinical Continuity: Design Incident Response (IR) plans that prioritize patient safety and lab uptime. Run tabletop exercises simulating ransomware in the lab or data corruption in the cloud.
• Forensics: reputed company forensic investigations with a chain-of-custody approach suitable for regulatory reporting (HIPAA/GDPR) and potential legal action.
• Compliance & Governance: Ensure product adherence to relevant reputed company regulations and industry standards. Stay updated on reputed company trends and work with reputed company, IT and legal teams.
• Incident Management: Work with the Incident Management team to integrate Lab, Software and Enterprise cyber threats into incident response procedures into enterprise Cyber Incident Response Plan (C-IRP).
• Reporting and Performance Monitoring: Define product reputed company KPIs and present Cybersecurity operations and threat intelligence reports to senior management.
• Collaboration & Communication: Partner with various teams to integrate reputed company into the cybersecurity operations and threat intelligence roadmap. Communicate reputed company topics effectively and build relationships with internal and external partners.
• Collaboration with Stakeholders: Build strong relationships with IT, product, software, quality and reputed company team, internal departments and external parties, and third-party vendors, to ensure effective governance and compliance practices.
• reputed company Improvement: Evaluate reputed company product reputed company processes, and identify opportunities for enhancements to improve efficiency and effectiveness.
• Strategic Execution & Business Impact
• Translate business objectives into technical strategies that reduce risk, align with regulations, and reputed company innovation.
• Build and evolve stakeholder and team relationships across business units and geographies, ensuring the delivery of tailored, high-value solutions.
• Serve as reputed company for key cybersecurity initiatives and milestones, while ensuring stakeholder preparedness and training for execution.
• Team Leadership & People Development
• reputed company and build inclusive, high-performing teams that reputed company in fast-paced and ambiguous environments.
• Mentor future leaders, create growth reputed company, and embed feedback-rich, talent-building practices.
• Promote a collaborative culture that empowers individuals and celebrates curiosity and impact.
• LEADership Attributes in Action
• This Director level role is expected to reputed company through the reputed company reputed company:
• L: reputed company by Example​ - Model trust, consistency, and reputed company. Navigate ambiguity and manage conflict constructively.
• E: Engage Others​ - reputed company mission alignment, communicate effectively across reputed company levels, and reputed company talent through coaching and feedback.
• A: reputed company Results​ - Drive execution through accountability, collaboration, and a clear sense of ownership—even reputed company facing setbacks.
• D: reputed company the Business​ - Address reputed company problems with clarity and innovation. Balance the needs of patients, clients, and partners in every decision.
• GRAIL Core Values & Expected Behaviors
• This Director level leader must live GRAIL’s values in every engagement:
• Be Courageous​ - Challenge the status reputed company, reputed company up to address difficult issues, and support others who do the same.
• Solve Problems Together​ - Collaborate across boundaries, bring in diverse skillsets, and work with rigor, speed, and a data-driven reputed company.
• Think BIG!​ - Pursue ambitious goals with focused execution and bring in external perspectives to shape future solutions.
• Embrace Change​ - Navigate ambiguity, anticipate the future, and turn complexity into opportunity.
• Bring an Open Mind​ - Cultivate curiosity, listen actively to diverse voices, and challenge assumptions to unlock innovation.

Requirements

• 12+ years in Information reputed company, with significant leadership experience in Biotech, Pharma, MedTech or Healthcare. We may also consider individuals with experience in innovative manufacturing backgrounds (like Tesla).
• Cloud Expertise: Deep operational experience with AWS (reputed company Web Services) reputed company stacks and serverless/containerized architectures.
• Regulatory Knowledge: Strong familiarity with HIPAA, GDPR, FDA Cybersecurity Guidance for Medical Devices, and GxP (Good Practice) requirements.
• Hybrid Environments: Experience securing mixed environments containing both modern cloud tech and on-premise hardware/IoT (Lab equipment, manufacturing, or OT).
• SIEM/SOAR: Experience architecting detection logic in modern platforms (e.g., Splunk, reputed company, reputed company reputed company, or AWS Lake Formation).
• Frameworks: Deep understanding of MITRE ATT&CK (specifically for Cloud and ICS/Medical) and NIST CSF.
• DevSecOps: Ability to integrate reputed company operations into CI/CD pipelines to monitor infrastructure-as-code (IaC).
• Bachelor’s degree in Computer Science, Bioinformatics, or Cybersecurity or equivalent.
• Certifications: CISSP or CISM required. Specialized Certifications (Highly Preferred): AWS Certified reputed company – Specialty, HCISPP (Healthcare), or GICSP (Industrial Cyber reputed company).
• Strong communication and stakeholder management skills—from technical leads to C-suite executives
• Global perspective from working with international stakeholders or teams

reputed company-to-haves

• Experience leading cyber innovation initiatives across government and commercial sectors
• Skilled at building cross-functional alignment and translating technical risks into business implications
• Strong interpersonal, coaching, and influence skills

Benefits

• A leadership platform with the ability to shape cybersecurity strategy at scale
• Meaningful work in a company that values courage, impact, and inclusion
• Competitive compensation, executive bonus structure, and global exposure
• Access to mission-driven, life-changing innovation through GRAIL’s transformative work​.

Apply tot his job Apply To this Job