Director Cybersecurity Operations and Threat Intelligence - 4623
Company: GRAIL Inc
Location: Menlo Park
Posted on: February 8, 2026
|
|
|
Job Description:
Our mission is to detect cancer early, when it can be cured. We
are working to change the trajectory of cancer mortality and bring
stakeholders together to adopt innovative, safe, and effective
technologies that can transform cancer care. We are a healthcare
company, pioneering new technologies to advance early cancer
detection. We have built a multi-disciplinary organization of
scientists, engineers, and physicians and we are using the power of
next-generation sequencing (NGS), population-scale clinical
studies, and state-of-the-art computer science and data science to
overcome one of medicine’s greatest challenges. GRAIL is
headquartered in the bay area of California, with locations in
Washington, D.C., North Carolina, and the United Kingdom. It is
supported by leading global investors and pharmaceutical,
technology, and healthcare companies. For more information, please
visit grail.com We are seeking a strategic and battle-tested
Director of Cybersecurity Operations and Threat Intelligence to
lead our defensive security strategy. In this pivotal role, you
will own the "shield" of the organization, overseeing the Security
Operations Center (SOC), Incident Response (IR), and Cyber Threat
Intelligence (CTI) functions. You will be responsible for
detecting, analyzing, and neutralizing sophisticated cyber threats
while proactively gathering intelligence to predict future attacks.
This is a leadership role requiring a balance of deep technical
expertise in defensive operations and the ability to communicate
risk to executive leadership. This role requires more than
technical proficiency. We are looking for a leader who models
GRAIL’s core values, embodies our LEAD leadership attributes, and
delivers results with integrity, inclusivity, and strategic
insight. This role is based in Menlo Park, California, and will
move to Sunnyvale, California in Fall 2026. It offers a flexible
work arrangement, with the ability to work from GRAIL's office or
from home. Our current flexible work arrangement policy requires
that a minimum of 60%, or 24 hours , of your total work week be
on-site. Your specific schedule, determined in collaboration with
your manager, will align with team and business needs and could
exceed the 40% requirement for the site. At our Menlo Park campus,
Tuesdays and Thursdays are the key days where we encourage on-site
presence to engage in events and on-site activities.
Responsibilities Security Operations (SecOps) Leadership SOC
Management: Direct the 24/7 Security Operations Center (internal or
MSSP/MDR), ensuring rapid detection and containment of threats.
Incident Response: Serve as the primary commander during
high-severity security incidents. Develop and maintain the Incident
Response Plan (IRP) and conduct regular tabletop exercises. Tooling
& Architecture: Oversee the deployment and optimization of security
tooling, including SIEM, SOAR, EDR/XDR, and IDS/IPS systems.
Automation: Drive the adoption of automation to reduce alert
fatigue and decrease Mean Time to Detect (MTTD) and Mean Time to
Respond (MTTR). Threat Intelligence & Hunting Intelligence Program:
Build and mature a Cyber Threat Intelligence (CTI) program that
aggregates strategic, operational, and tactical intelligence.
Threat Hunting: Lead proactive threat hunting initiatives to
identify indicators of compromise (IOCs) that evade automated
detection tools. Adversary Analysis: Map threat actor TTPs
(Tactics, Techniques, and Procedures) against the MITRE ATT&CK
framework to identify gaps in coverage. Vulnerability Management:
Collaborate with engineering teams to prioritize patching based on
active threat intelligence rather than just CVSS scores. Key
responsibilities include: Strategy & Leadership : Develop and
execute the Cybersecurity Operations and Threat Intelligence
strategy. Lead a team of security professionals and foster a
security-aware culture. Cloud Native Defenses: Lead the monitoring
and defense of our AWS environment. Oversee the configuration of
AWS Security Hub, GuardDuty, Shield, and container security tools
(EKS/K8s). SaMD Monitoring: Establish post-market surveillance and
monitoring for our Software as a Medical Device (SaMD) platforms,
ensuring alignment with FDA pre- and post-market cybersecurity
guidance. Data Integrity: Implement specific monitoring controls to
detect unauthorized changes to genomic datasets (integrity attacks)
and analysis pipelines. Lab Ops Defense: Secure the "physical"
edge. Monitor and protect Laboratory Information Management Systems
(LIMS), DNA sequencers, and liquid handling robots. Network
Segmentation: Ensure the segmentation between corporate IT, the
Cloud Product environment, and the high-sensitivity Lab OT network
signal are feeding into SoC. Legacy Device Management: Develop
"compensating controls" and monitoring strategies for lab equipment
that cannot be patched or runs on legacy OS. Bio-Espionage Focus:
Develop a Threat Intelligence program specifically tuned to detect
IP theft, industrial espionage, and state-sponsored threats
targeting genomic data. Proactive Hunting: Lead threat hunts across
petabytes of genomic data storage and compute environments to
identify dormant threats or supply chain compromises. Vulnerability
Prioritization: Contextualize vulnerabilities based on clinical
risk. (e.g., “Does this vulnerability impact the accuracy of a
patient report?” ). Clinical Continuity: Design Incident Response
(IR) plans that prioritize patient safety and lab uptime. Run
tabletop exercises simulating ransomware in the lab or data
corruption in the cloud. Forensics: Lead forensic investigations
with a chain-of-custody approach suitable for regulatory reporting
(HIPAA/GDPR) and potential legal action. Compliance & Governance:
Ensure product adherence to relevant security regulations and
industry standards. Stay updated on security trends and work with
security, IT and legal teams. Incident Management: Work with the
Incident Management team to integrate Lab, Software and Enterprise
cyber threats into incident response procedures into enterprise
Cyber Incident Response Plan (C-IRP). Reporting and Performance
Monitoring: Define product security KPIs and present Cybersecurity
operations and threat intelligence reports to senior management.
Collaboration & Communication: Partner with various teams to
integrate security into the cybersecurity operations and threat
intelligence roadmap. Communicate security topics effectively and
build relationships with internal and external partners.
Collaboration with Stakeholders: Build strong relationships with
IT, product, software, quality and security team, internal
departments and external parties, and third-party vendors, to
ensure effective governance and compliance practices. Continuous
Improvement: Evaluate current product security processes, and
identify opportunities for enhancements to improve efficiency and
effectiveness. Strategic Execution & Business Impact Translate
business objectives into technical strategies that reduce risk,
align with regulations, and enable innovation. Build and evolve
stakeholder and team relationships across business units and
geographies, ensuring the delivery of tailored, high-value
solutions. Serve as lead for key cybersecurity initiatives and
milestones , while ensuring stakeholder preparedness and training
for execution. Team Leadership & People Development Inspire and
build inclusive, high-performing teams that thrive in fast-paced
and ambiguous environments. Mentor future leaders, create growth
pathways, and embed feedback-rich, talent-building practices.
Promote a collaborative culture that empowers individuals and
celebrates curiosity and impact. LEADership Attributes in Action
This Director level role is expected to lead through the LEAD
framework: L: Lead by Example? - Model trust, consistency, and
resilience. Navigate ambiguity and manage conflict constructively.
E: Engage Others? - Inspire mission alignment, communicate
effectively across all levels, and develop talent through coaching
and feedback. A: Achieve Results? - Drive execution through
accountability, collaboration, and a clear sense of ownership—even
when facing setbacks. D: Develop the Business? - Address complex
problems with clarity and innovation. Balance the needs of
patients, clients, and partners in every decision. GRAIL Core
Values & Expected Behaviors This Director level leader must live
GRAIL’s values in every engagement: Be Courageous? - Challenge the
status quo, step up to address difficult issues, and support others
who do the same. Solve Problems Together? - Collaborate across
boundaries, bring in diverse skillsets, and work with rigor, speed,
and a data-driven mindset. Think BIG!? - Pursue ambitious goals
with focused execution and bring in external perspectives to shape
future solutions. Embrace Change? - Navigate ambiguity, anticipate
the future, and turn complexity into opportunity. Bring an Open
Mind? - Cultivate curiosity, listen actively to diverse voices, and
challenge assumptions to unlock innovation. These responsibilities
summarize the role’s primary responsibilities and are not an
exhaustive list. They may change at the company’s discretion.
Required Qualifications 12 years in Information Security , with
significant leadership experience in Biotech, Pharma, MedTech or
Healthcare. We may also consider individuals with experience in
innovative manufacturing backgrounds (like Tesla). Cloud Expertise:
Deep operational experience with AWS (Amazon Web Services) security
stacks and serverless/containerized architectures. Regulatory
Knowledge: Strong familiarity with HIPAA, GDPR, FDA Cybersecurity
Guidance for Medical Devices, and GxP (Good Practice) requirements.
Hybrid Environments: Experience securing mixed environments
containing both modern cloud tech and on-premise hardware/IoT (Lab
equipment, manufacturing, or OT). SIEM/SOAR: Experience
architecting detection logic in modern platforms (e.g., Splunk,
Sumo Logic, Datadog Security, or AWS Lake Formation). Frameworks:
Deep understanding of MITRE ATT&CK (specifically for Cloud and
ICS/Medical) and NIST CSF. DevSecOps: Ability to integrate security
operations into CI/CD pipelines to monitor infrastructure-as-code
(IaC). Bachelor’s degree in Computer Science, Bioinformatics, or
Cybersecurity or equivalent. Certifications: CISSP or CISM
required. Specialized Certifications (Highly Preferred): AWS
Certified Security – Specialty, HCISPP (Healthcare), or GICSP
(Industrial Cyber Security). Strong communication and stakeholder
management skills —from technical leads to C-suite executives
Global perspective from working with international stakeholders or
teams Preferred Qualifications Experience leading cyber innovation
initiatives across government and commercial sectors Skilled at
building cross-functional alignment and translating technical risks
into business implications Strong interpersonal, coaching, and
influence skills What We Offer What We Offer A leadership platform
with the ability to shape cybersecurity strategy at scale
Meaningful work in a company that values courage, impact, and
inclusion Competitive compensation, executive bonus structure, and
global exposure Access to mission-driven, life-changing innovation
through GRAIL’s transformative work?. The expected, full-time,
annual base pay scale for this position is $224-322k. Actual base
pay will consider skills, experience, and location. This role may
be eligible for other forms of compensation, including an annual
bonus and/or incentives, subject to the terms of the applicable
plans and Company discretion. This range reflects a good-faith
estimate of the range that the Company reasonably expects to pay
for the position upon hire; the actual compensation offered may
vary depending on factors such as the candidate’s qualifications.
Employees in this role are also eligible for GRAIL’s comprehensive
and competitive benefits package, offered in accordance with our
applicable plans and policies. This package currently includes
flexible time-off or vacation; a 401(k) retirement plan with
employer match; medical, dental, and vision coverage; and carefully
selected mindfulness programs. GRAIL is an equal employment
opportunity employer, and we are committed to building a workplace
where every individual can thrive, contribute, and grow. All
qualified applicants will receive consideration for employment
without regard to race, color, religion, national origin, sex,
gender, gender identity, sexual orientation, age, disability,
status as a protected veteran, , or any other class or
characteristic protected by applicable federal, state, and local
laws. Additionally, GRAIL will consider for employment qualified
applicants with arrest and conviction records in a manner
consistent with applicable law and provide reasonable
accommodations to qualified individuals with disabilities. Please
contact us at [email protected] if you require an accommodation to
apply for an open position. GRAIL maintains a drug-free workplace.
We welcome job-seekers from all backgrounds to join us!
Keywords: GRAIL Inc, Fremont , Director Cybersecurity Operations and Threat Intelligence - 4623, IT / Software / Systems , Menlo Park, California
