IT Security Manager

About Subsense

Subsense is a deep-tech company developing the world’s first non-surgical, bidirectional brain-computer interface powered by plasmonic and magnetoelectric nanoparticles. Our mission is to unlock direct communication between the human brain and AI — starting with medical applications such as stroke recovery and moving toward cognitive enhancement for healthy users. Headquartered in Palo Alto, Subsense brings together leading scientists and engineers to redefine the future of human–machine interaction.

The Opportunity

We are seeking an experienced and proactive IT Security Manager to build and lead the security foundation that protects Subsense’s people, data, research, and systems. This role is responsible for designing and operationalizing our security infrastructure from the ground up, ensuring that all environments — corporate, cloud, and laboratory — are secure, compliant, and resilient.

You will partner closely with the Operations team to implement best-in-class security practices aligned with the sensitivity of our scientific work and long-term product roadmap. This position is ideal for someone who thrives in early-stage environments, combines strategic security leadership with hands-on implementation, and can scale systems and processes as the company grows.

Responsibilities

• Design, implement, and maintain foundational IT security systems, including identity and access management, endpoint protection, secure networking, vulnerability scanning, and logging/monitoring.
• Develop and enforce access protocols for cloud systems, lab equipment, AI tools, research data, and corporate systems; ensure least-privilege principles and secure provisioning/deprovisioning.
• Assess requirements for biotech, R&D, and enterprise compliance frameworks (SOC 2, ISO 27001, HIPAA, FDA/GLP-adjacent expectations). Build documentation and begin phased rollout.
• Establish a formal incident response plan, define escalation pathways, and run tabletop exercises to validate readiness and resilience.
• Evaluate security posture across SaaS, cloud providers, university partners, and R&D tools. Maintain an up-to-date risk register with remediation plans.
• Deploy security training and ongoing reminders tailored to a hybrid scientific and corporate environment.
• Work closely with R&D, Operations, and Product to ensure security is part of workflows, cloud systems, and device management.
• Provide structured plans, metrics, and updates to the CEO and leadership team around major risks, system maturity, and security investments.

Qualifications

• 5 years of experience in IT security, cybersecurity engineering, or security operations.
• Ability to design and run security programs in early-stage or high-growth technical environments.
• Experience securing cloud infrastructure (AWS, GCP, or Azure) and modern SaaS environments.
• Strong understanding of identity and access management, endpoint security, and secure networking.
• Proven ability to implement security controls that balance risk reduction, usability, and speed.
• Experience building documentation for audits and compliance frameworks (SOC 2, ISO 27001, or similar).
• Skilled in incident response, root-cause analysis, and risk assessment.
• Excellent communication skills, with the ability to partner across scientific, engineering, and business teams.
• Startup mindset – adaptable, resourceful, hands-on, and highly execution-focused.
• Fluent in written and spoken English.

Location: Palo Alto