About Scholar Rock
Scholar Rock is a clinical-stage biopharmaceutical company developing innovative therapies for serious diseases. As the organization prepares to bring therapies to market and expand commercial teams, the IT and security team must support rapid growth and tightening regulatory expectations.
Executive summary
When Jeff Malavasi joined Scholar Rock as Associate Director of Information Security & Data Compliance, he stepped into a familiar challenge. He needed to create a lean IT and security function supporting a fast-moving business. Most security and IT tickets required manual review, onboarding and offboarding could take up to 90 minutes per employee, and dozens of managed service providers (MSP) and support admins needed access to core systems. Jeff needed a platform that let him create reliable, consistent workflows that could remove operational friction without slowing the business down.
Tines quickly became the choice platform for this approach. With intelligent workflows being the foundation that enabled combining deterministic logic, human review, and AI assistance, Jeff rebuilt Scholar Rock’s most important processes in mere days. Today, 95% of phishing investigations are handled through a governed workflow that enforces approvals, auditability, and consistent execution. The majority of inbound security tickets now close in under a second versus hours to days, and employee lifecycle management is predictable and auditable. During a recent commercial hiring surge, Tines enabled Scholar Rock to onboard more than 70 new employees within a two-week window, a scale that would not have been possible with manual processes alone. The team also saves 70–80 hours per quarter, reducing operational risk across a large MSP workforce and ensuring the auditability required in a regulated environment.
The challenge
Joining a rapidly growing biotech company meant absorbing a lot of operational responsibility very quickly. Jeff was responsible for everything from corporate security and endpoint management to identity, ticket triage, and compliance requirements. Phishing triage alone consumed a significant portion of his day and often made up nearly all security tickets, leaving little time for important foundational work or long-term planning.
The company’s identity and device ecosystem spanned Okta, Jamf, Office 365, Freshservice, Jira, and multiple EDR tools. Supporting those systems also meant coordinating with two MSPs that together represented roughly 50 rotating admins. These admins needed to perform sensitive actions, but granting them broad administrative access was not an option. It would introduce unnecessary risk and require close oversight.
Layered on top of this was the reality of operating in a pharmaceutical environment. Scholar Rock needed predictable execution, consistent processes, and proper audit trails, even when underlying tools did not inherently produce them. As commercialization approached, it was clear the existing model would not scale.
Why Tines
As a Tines customer in a previous role, Jeff knew Tines would help his lean team move quickly without having to rely on custom code or expanding headcount. Based on his prior experience, Jeff knew how quickly Tines could be implemented and begin delivering results. Once onboarded with Tines, Scholar Rock rebuilt their phishing investigation workflow in a few days, while onboarding/offboarding workflows were in production within a week. Most importantly, Tines worked across Scholar Rock’s entire stack without introducing complexity.
Jeff appreciated how accessible building could be, noting that more than half the workflows could come directly from templates in the Tines Story Library, meaning he could build fast and see results even faster.
Tines made it easy to build workflows with built in governance and strong access controls, which reduced risk and improved operational consistency. And with Pages, Scholar Rock’s MSPs and support teams could safely run delegated tasks without exposing administrative access.
“If we could only get approval for one tool, it was going to be Tines.”
Jeff Malavasi, Associate Director of Information Security & Data Compliance at Scholar Rock
The impact
Scholar Rock used Tines to turn several high-effort IT and security processes into consistent, intelligent workflows. What once required constant intervention now runs with guardrails, clarity, and full visibility.
Intelligent workflows that keep pace with the business
Scholar Rock transformed high-effort processes into governed, reliable workflows. These workflows blend deterministic logic, AI analysis, and human input to remove friction, reduce risk, and give Jeff time back to focus on engineering and program maturity. As Scholar Rock continues to commercialize, Jeff noted that Tines helps the team meet SLAs, reduce tickets caused by human error, and ensure processes are completed the same way every time.
95% of phishing triage handled through a governed workflow
Phishing triage had been the most time-consuming process. Jeff shared that it made up almost all of the security tickets arriving each day. Now, reports are ingested, analyzed, enriched, and resolved through a workflow that also explains to employees why messages were flagged. Only a small percentage of edge cases need review. Jeff said the change “basically killed my entire support queue.” He also noted that most inbound security tickets now close in under a second in Freshservice, a clear indicator of how reliable these workflows have become.
Faster identity lifecycle management with measurable time savings
Before Tines, onboarding and offboarding required the completion of more than 50 manual tasks per employee, demanding around 90 minutes of direct work and, in practice, often stretching to six hours because of wait times between systems.
Debbie LaCortiglia, Senior Director of Information Security and Data at Scholar Rock, explained the impact noting “Historically, onboarding a new employee required the completion of approximately 50 manual tasks, demanding around 90 minutes of actual work per new hire but in reality taking closer to six hours because of the wait time between systems. With Tines, this effort has been reduced to just five minutes of direct work.”
That efficiency proved critical during the onboarding of a new field-based commercial medical team. More than 70 employees were onboarded within a two-week window, with only two weeks between receiving names from HR and start dates. With a two-person onboarding team, handling that volume manually would not have been feasible. Using Tines, Scholar Rock reduced total onboarding effort from roughly 460 hours to about six hours.
Safer operations for a rotating MSP workforce
Using Tines Pages, Jeff created a secure interaction layer where MSPs and support teams can complete approved tasks without accessing the underlying systems. Jeff explained, “Tines lets our MSPs find and run what they need without full admin access. It significantly reduces risk across a workforce that changes often.”
Consistency and auditability for a regulated environment
Tines helps Scholar Rock maintain predictable execution and complete audit trails, even when the underlying tools do not generate logs. Jeff noted that he can route detailed records into Sumo Logic or CrowdStrike in a way that supports the expectations of a regulated environment.
Top workflows
Phishing investigation and user communication
A full-spectrum workflow that ingests, analyzes, and enriches phishing reports while providing clear, contextual explanations to end users. It improves user behavior, reinforces safe practices, and removes nearly all manual triage.
Employee onboarding and offboarding
A workflow that standardizes provisioning and deprovisioning across all identity and access systems. Every identity change follows a secure, auditable path that reduces variation and strengthens reliability.
IT Support Portal with Pages and Okta
A single, intuitive interface where MSPs and support teams can trigger approved tasks for Okta, Office 365, and Jamf without accessing administrative consoles. Every action is logged, which preserves oversight and reduces risk.
Jamf device actions
Scholar Rock relies heavily on Jamf for device management. Instead of bringing MSPs directly into the console, Tines allows them to perform device assignments, loss mode, lock actions, and passcode resets through a safe, scoped interaction layer. Jamf remains the source of truth while Tines adds guardrails.
Favorite feature
Jeff points to Pages as one of the most transformative capabilities. It allows him to open workflows to MSPs, support teams, and even end users without exposing the integrity of the underlying tools.
Tines support
Jeff praised the Tines support team as well. Their “Lunch and Learn” introduced new internal builders and revealed new opportunities for IT and security. He said that “once you know what you want to do, you can search the templates and it is probably already there,” which has helped him expand coverage across the organization.
What’s next
Scholar Rock is expanding its use of Tines to support broader end-user initiatives while balancing day-to-day IT operations. One upcoming focus is a reminder chatbot that will notify users when action is required, such as during the rollout of Okta FastPass. Instead of relying on email notifications with historically low engagement, Tines will detect when legacy authentication methods are used and prompt users to register a new factor in real time.
The team is also exploring AI-powered workflows to reduce manual overhead and combat alert fatigue, including using AI agents to summarize incoming alerts, standardize notifications, and help IT and security teams track work more effectively.