Director Information Security
Our client is seeking an Information Security leader. This leader will be responsible for implementing a risk-based Information Technology (IT) Security strategy, which includes policies and procedures, technology, incident response, educational outreach, and technical consultation. This role will ensure the confidentiality, integrity, and availability of the company’s intellectual property, operational data, and IT assets. This role is accountable for global information security across the company, including customer, personnel, product, IP, operational, and other information which may be stored, transmitted, managed, and/or processed. This role is accountable for leading staff and external resources that manage security technology, monitor and respond to security events, and ensure compliance with laws and business requirements.
Responsibilities:
- Oversight in the strategic planning, execution, and assessment of information security strategies, policies, procedures, training, testing, and guiding practices to be implemented.
- Create, implement, and evolve a risk-based IT Security strategy and plans that incorporate ISO27001, NIST CSF, PIC/s, and GxP compliance.
- Establish and maintain a comprehensive organization-wide information security program to ensure that information assets are adequately protected against current, future, internal, and external threats.
- Develop, identify, direct, coordinate, evaluate, and report on information security risks in a manner that meets compliance and regulatory requirements while enabling the organization to develop an anticipatory response to minimize information security risk and breach events.
- Act as the key liaison and focal point in the organization for information security communications and projects; in addition, provide operational oversight of application security, cloud security, data protection, and security incident response program.
- Manage selection, implementation / transition, and monitoring of vendor-managed security services.
- Lead Information Security efforts to focus team activities on security policy, procedure, and security-related compliance issues, and to seek synergies among our various security service providers.
- Develop a shared understanding of and ensure commitment to security strategies, policies, and procedures.
- Define, identify, and classify critical information assets, assess threats and vulnerabilities regarding those assets, and implement safeguard recommendations.
- Develop and maintain metrics and other data which will be reported, at least quarterly, to senior management & audit committee on the effectiveness of the company information security program.
- Manage the Enterprise IT Security service through our partners, direct tasks, set goals and expectations, ensure high performance and productivity, ensure effective customer service and education, and evaluate performance.
- Promote Information Systems Security Awareness throughout the enterprise to provide security-related services and share awareness of information security issues across the company.
- Responsible for the development and implementation of a companywide security awareness training & testing program.
- Provide information for security training to employees, contractors or other third parties that may interact with information systems and networks.
- Provide cyber and information security guidance/support to Legal and Human Resources with regards to cyber incidents, litigation support, insider threats, and internal investigations.
- Direct Incident Response with regards to security breaches.
- Develop and maintain security response procedures and awareness.
- Mobilize and manage the response team to ensure effective incident response handling.
Required Qualifications:
-
Experience with one or more of the following:
-
Attaining ISO 27001 certification
-
SOC 2 compliance
-
NIST Cybersecurity Framework and applicable NIST standards
-
HIPAA compliance
-
-
Knowledge of and working experience with vulnerability assessment, penetration testing, incident response, industry security standards and practices, web application security, security audit/review processes and applying corporate and federally mandated policies
-
Demonstrated ability as a respected information security advisor to senior management, as well as to IT operations, operating groups, technical staff, and project management
-
In-depth, up-to-date, and broad knowledge of the Information Security field is required, including all major security technologies and trends
-
Strong leadership skills and ability to expand a small security program
-
The ability to apply security across existing people, processes, and technology in a manner that leverages solutions to date and focuses on raising the bar to identify, protect, detect, respond, and recover
-
CISSP and/or CISM certifications preferred
-
Healthcare/biotech/pharmaceutical experience strongly preferred
-
Experience with software as a service (SaaS), Platform as a service (PaaS), Infrastructure as a service (IaaS), and related cloud security focus
-
Bachelor’s degree in Computer Information Systems or related discipline preferred
-
Management of internal IT staff, consultants, and contractors around all facets of IT Security in pharma or biotech industry as a staff member
-
Leading technology or security service experience (i.e. Artic Wolf, CrowdStrike, Fortinet, Meraki, Microsoft Sentinel & Defender, Druva, Okta, JAMF, & Intune)
-
Extensive experience with people, process, technology, and governance for pre and post commercial environments around pharma/biotech products
-
Extensive experience working across diverse IT staff and established roles, including infrastructure, enterprise systems-applications-MDM-BI, IT Compliance-Validation, and IT staff supporting marketing-commercial-medical affairs-market access
-
Public company experience
-
Excellent verbal and written skills
-
Attention to detail and quality are critical to success
-
Highly conscientious for the results and outcomes of their responsibilities and understands the impact of their efforts, results, and attitudes on others
-
Uses teamwork to work cooperatively toward the most effective solutions, championing the best ideas of team members, and assisting where help is needed yet is capable of highly independent work when efficiency is required
-
Results-oriented individual who is highly motivated, decisive, flexible in thought, and has the creativity to excel in and contribute to a rapidly growing company
-
Forward thinking mindset with ability to manage multiple projects, identify and resolve issues
For immediate consideration please email a resume to Kenny at kwilliams@daleyaa.com
#LI-KW1