Lucira Health
  • Emeryville, CA, USA
  • Full Time

About Lucira Health

Lucira Health is a medical technology company focused on the development and commercialization of transformative infectious disease test kits. We have developed a testing platform that produces centralized-laboratory-accurate molecular testing in a single-use and consumer-friendly test kit that is powered by two AA batteries and fits in the palm of a hand. Our LUCIRA Check It (OTC) and LUCIRA COVID-19 All-In-One Test Kit (Rx) are designed to provide a clinically relevant COVID-19 result within 30 minutes from sample collection.

Location: Emeryville, CA or Fully Remote


The Director, IT Security Compliance will be responsible for the delivery of all Information Security and IT compliance initiatives to enable business capabilities and services across the enterprise, as well as, help shape operating processes with value-add recommendations and regulatory guidance. This position has an external facing component assisting with execution and tracking of audit and risk assessments as required by our suppliers, vendors and regulatory bodies. Additionally, this position will collaborate with other business functions in the development and revision of standard IT operating procedures, business process workflows, work instructions and process narratives that will be the basis for periodic audits as required by the business.


  • Sets the strategy of the Information Security and IT Compliance organization to maximize the success of business and IT enterprise initiatives
  • Develops and maintains a document framework of continuously up-to-date information security policies, standards and guidelines. Oversees the approval and publication of these information security policies and practices
  • Works with the IT senior leadership team on the service portfolio and governance required to prioritize resources, including budget
  • Develops, implements, and monitors a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled or/and processed by the organization
  • Coordinates Sarbanes-Oxley IT documentation, testing and readiness working in collaboration with internal stakeholders and subject matter experts
  • Plays an active role in the completion and associated remediation activities for SOX, PCI, HIPAA, GDPR, CCPA and cybersecurity assessments. Assists in the preparation and dissemination of supporting evidence for audits
  • Manages corporate information security systems including firewalls, intrusion detection, cryptography, SIEM, EDR, DLP, e-mail and endpoint security systems. Oversees investigation and resolution of issues and security incidents
  • Monitors and analyzes information security logs and alerts generated by security, server, storage and network devices, databases and applications (including Cloud) and automates monitoring, notification, and reporting
  • Coordinates execution of incident response and disaster recovery walkthroughs, process updates and associated documentation
  • Supervises the design and execution of vulnerability assessments, penetration tests and security audits
  • Supervises investigations into problematic security, compliance, and data privacy activities and communicates risks and remediation strategies to senior management
  • Serves as primary contact and subject matter expert for IT cybersecurity, compliance and data privacy related requests and advocates them during IT solution evaluations with IT infrastructure and application teams and business functions
  • Creates a risk-based process for the assessment and mitigation of any information security risk in the ecosystem consisting of supply chain partners, vendors, consumers and any other third parties
  • Works with the compliance staff to ensure that all information owned, collected, or controlled by or on behalf of the company is processed and stored in accordance with applicable laws and other global regulatory requirements, such as data privacy
  • Manages relationships and support in the areas of cybersecurity, IT compliance, and data privacy with IT vendors, consultants and auditors
  • Manages and contains information security incidents and events to protect corporate IT assets, intellectual property, regulated data and the company's reputation
  • Monitors the external threat environment for emerging threats, and advises relevant stakeholders on the appropriate courses of action
  • Ensures that security is embedded in the project delivery process by providing the appropriate information security policies, practices, and guidelines


  • Effective influencing and negotiation skills in an environment where resources required for success may not be in direct control of this role
  • Ability to build consensus, making decisions based on many variables, and gain support for major initiatives
  • Strong sense of self, ethics and effort, as well as the willingness to go the extra mile to achieve important goals
  • Excellent verbal and written communication skills, including the ability to explain technical concepts and technologies to business leaders, and business concepts to team members


  • Bachelors degree
  • Demonstrated experience of influencing key stakeholders across the organization and within complex contexts
  • Demonstrated experience and success in senior leadership roles in risk management, information security
  • In-depth knowledge of SOX, HIPAA/HITECH, FDA, GDPR, CCPA regulations and their requirements
  • Knowledge of and experience with cybersecurity frameworks such as SOC2, CIS, NIST, ISO 27001, PCI, SEC, Top 20
  • Experience securing enterprise business applications such as ERP, CRM, and QMS
  • Conversant in recent state, federal and international developments that impact cybersecurity, compliance, and privacy initiatives both generally and specifically in the medical device industry.
  • Excellent understanding of business processes and to be able to work effectively with employees at all levels in a fast-growing mid-size international organization with 350+ users.
  • Proven experience or demonstrated capability in leading IT transformational initiatives in complex, dynamic environments where agile was applied at scale
  • Managed a team of IT professionals, through coaching, mentoring and performance feedback
  • Expertise in budget planning and financial management
  • Knowledgeable in how to apply Information Security capabilities to achieve regulatory or statutory compliance requirements
  • Experienced in leading cloud adoption (at scale), including establishing governance mechanisms, delivering migration projects
  • Experience of developing governance practices to track and measure the quality of services, and maintain service improvement plans
  • Strong third-party management skills, working closely with sourcing and vendor managers
  • Strong knowledge of IT GRC (BCDR, ITSM/ITIL, SOX, ISO, PCI, HIPAA, GMP, GDPR, FDA 21 CFR Part 11)
  • Desired, but not required:
    • Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials

Lucira Health is an equal opportunity employer and is committed to a diverse workforce. Employment decisions regarding recruitment and selection will be made without discrimination based on race, color, religion, national origin, gender, age, sexual orientation, physical or mental disability, genetic information or characteristic, gender identity and expression, veteran status or any other consideration made unlawful by federal, state, or local law.

Lucira Health
  • Apply Now

    with our quick 3 minute Application!

  • * Fields Are Required

    What is your full name?

    How can we contact you?

  • Sign Up For Job Alerts!

  • Share This Page
  • Facebook Twitter LinkedIn Email
Logo The Test Kit The Science How it Works Luci Pass Consumers - Buy Now Healthcare Providers - Buy Now