Head of IT Quality, Security and Compliance (QSC)



IT, Legal, Quality Assurance
San Carlos, CA, USA
Posted on Wednesday, October 18, 2023
Company Profile:
Vaxcyte, Inc. (Nasdaq: PCVX) is a vaccine innovation company engineering high-fidelity vaccines to protect humankind from the consequences of bacterial diseases. The Company is developing broad-spectrum conjugate and novel protein vaccines to prevent or treat bacterial infectious diseases. Vaxcyte’s lead candidate, VAX-24, is a 24-valent, broad-spectrum, carrier-sparing pneumococcal conjugate vaccine (PCV) being developed for the prevention of invasive pneumococcal disease (IPD). The Company is re-engineering the way highly complex immunizations are made through modern synthetic techniques, including advanced chemistry and our exclusively licensed XpressCFTM cell-free protein synthesis platform. Unlike conventional cell-based approaches, the Company’s system for producing difficult-to-make proteins and antigens is intended to accelerate its ability to efficiently create and deliver high-fidelity vaccines with enhanced immunological benefits. Vaxcyte’s pipeline also includes VAX-31, a 31-valent PCV candidate; VAX-A1, a prophylactic vaccine candidate designed to prevent Group A Strep infections; VAX-PG, a therapeutic vaccine candidate designed to slow or stop the progression of periodontal disease; and VAX-GI, a vaccine program designed to prevent Shigella. The Company is driven to eradicate or treat invasive bacterial infections, which have serious and costly health consequences when left unchecked. For more information, visit www.vaxcyte.com.
Vaxcyte, headquartered in San Carlos, CA, went public in June 2020 and currently has a team of approximately 180 employees and anticipates continued, significant growth. Following equity offerings in October 2022 and April 2023, which generated over $1.1 billion in net proceeds, the Company’s balance sheet is further strengthened to advance its pipeline of novel vaccines, including VAX-24. These financings followed positive data readouts from Vaxcyte’s Phase 1/2 proof-of-concept study evaluating VAX-24 in adults aged 18-64 and Phase 2 study in adults 65 and older. The Company believes these results support a best-in-class potential for VAX-24, which was designed to replace the current standard-of-care in adults and children. VAX-24 is being investigated for the prevention of IPD, which can be most serious for infants, young children, older adults and those with immune deficiencies or certain chronic health conditions. Given the global impact of pneumococcal disease remains significant, the public health community continues to advocate for vaccines that can offer broader protection to prevent IPD. Vaxcyte’s PCV franchise, consisting of VAX-24 and VAX-31, is designed specifically to address this need and has the potential to deliver the broadest protection for this very serious disease. We believe that our PCVs could receive regulatory approval based on successful completion of clinical studies utilizing well-defined surrogate immune endpoints, consistent with how other PCVs have obtained regulatory approval in the past, rather than requiring clinical field efficacy studies.
Vaxcyte is seeking an experienced, dynamic, and pragmatic professional to join our team as the Head of IT Quality, Security and Compliance (QSC). In this critical leadership role you will be responsible for developing, implementing and maintaining strategies, policies and procedures across IT QSC functions. You will play a pivotal role in ensuring that our technology solutions, systems, and practices meet high quality standards, are appropriately hardened, and comply with all applicable regulatory requirements. The ideal candidate must possess a strong background in software quality assurance practices, have a solid understanding of information technology and security, and demonstrate proven knowledge across a wide range of IT compliance requirements. Expertise working in cloud-first IT environments is required.

Essential Functions:

  • Develop strategic plans for IT Quality, Security, and Compliance functions. Plans align with business objectives, regulatory requirements, and best-practice IT needs.
  • Define, assign, and oversee IT QSC roles and responsibilities across IT, business, and 3rd party team members.
  • Create policies, procedures, standards, and tools (“methodology”) to help improve process and project consistency across operations and project teams. Provide training as necessary.
  • Establish and oversee a right-sized governance model to help ensure operations and project team compliance against policies and standards.
  • Lead effort to create and maintain Vaxcyte’s Enterprise Data Governance model and plans.
  • Help conduct vendor audits.
  • Maintain and oversee IT compliance calendar (quarterly SOX reviews, for example).
  • Create, monitor, and report on key IT QSC metrics, presenting findings and recommendations to senior leadership and stakeholders.
  • Establish close working relationships with business partners. Harmonize overlapping or duplicative processes whenever possible.
  • Drive identification and resolution of QSC-related issues. Work closely with relevant teams to implement corrective and preventive actions.
  • Implement data retention and legal hold solutions.
  • Oversee recurring cybersecurity initiatives including training, simulations, testing, and table-top exercises.
  • Stay current with industry trends, emerging technologies, and best practices. Recommend their integration into the organization's quality strategies.
  • Identify, assess, and mitigate information security risks across the organization. Establish risk management processes and implement proactive measures to minimize vulnerabilities.
  • Maintain and evolve a robust security architecture that safeguards our networks, systems, applications, and data against evolving cyber threats. Ensure the integration of security controls within the IT infrastructure.
  • Develop and oversee an incident response plan, coordinating rapid and effective responses to security incidents and breaches. Lead investigations, root cause analyses, and remediation efforts.
  • Implement ongoing security awareness and training programs for employees, promoting a culture of security-conscious behavior throughout the organization.
  • Collaborate with cross-functional teams to integrate compliance requirements into various IT initiatives, projects, and system implementations.
  • Regularly assess the organization's IT systems, processes, and procedures to identify potential compliance vulnerabilities and develop risk mitigation strategies.
  • Support regulatory audit activities when necessary.
  • Monitor and evaluate changes in regulations and standards that could impact IT compliance, and work with the appropriate teams to implement necessary adjustments.
  • Conduct periodic audits, assessments, and internal reviews to validate the effectiveness of IT compliance measures and identify areas for improvement.
  • Collaborate with legal, security, and risk management teams to ensure a cohesive and aligned approach to compliance and risk mitigation.


  • Bachelor’s degree in Computer Science, Information Technology, or a related field.
  • 15+ years of experience in a senior IT leadership role.
  • Excellent communication skills, with the ability to convey complex technical concepts to both technical and non-technical stakeholders.
  • Strong understanding and practice of IT methodologies, practices, and tools.
  • Familiarity with regulatory standards and their application within IT organizations.
  • Experience managing and motivating blended teams (full-time, matrix, 3rd party).
  • Analytical mindset with the ability to identify patterns, trends, and potential areas of improvement.
  • Exceptional business partnering skills. Consulting background a strong plus.
  • Experience with QSC frameworks and standards and their practical application within IT organizations.
  • Understanding of cybersecurity principles, technologies, and best practices, including but not limited to network security, endpoint protection, IAM, encryption, and cloud security.
  • Strong communication and interpersonal skills, with the ability to effectively collaborate with technical and non-technical stakeholders.
  • All Vaxcyte employees require vaccination against COVID-19.
Reports to: Vice President, IT & Facilities
Location: San Carlos, CA
The compensation package will be competitive and includes comprehensive benefits and an equity component.
Salary Range: $255,000 – $290,000
Send resumes to:
Vaxcyte, Inc.
825 Industrial Road, Suite 300
San Carlos, CA 94070
We are an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status.