Senior Manager, IT Security and Governance (Remote) San Francisco, CA
- Certified Information Systems Auditor Project management Information security Bachelor of Science
Full Job Description Position Summary:
- The Senior Manager, IT Security and Governance will provide vision, strategy, and broad-based planning to the IT Security function.
- Under the guidance of the Associate Director, IT Infrastructure and Security, this position will be an advocate for GBT\'s total information security needs and will support the strategic and operational direction of the company\'s information security program.
- The Manager, IT Security Governance will play a vital role in assessing the IT environment against industry best practices and benchmarks to determine the weaknesses and vulnerabilities of the information security infrastructure and implementing security measures to decrease exposure to attack and/or penetration.
- The individual will also demonstrate a solid understanding of the criticality of business processes with reference to GBT\'s policies and processes while also conducting routine security risk assessments to proactively identify and minimize the probability of risk occurrences.
Essential Duties and Responsibilities:
- In partnership with the Associate Director, IT Infrastructure and Security, develop, maintain, and oversee a company wide information security program and ensure understanding of and commitment to the program within GBT
- Develop, maintain, and oversee information security policies, procedures, and control techniques to address all applicable requirements
- Define, identify, and classify critical information assets, assess threats and vulnerabilities regarding those assets and implement safeguard recommendations
- Execute on the company\'s risk-based information security strategy with a scalable approach, balancing process, delivering technical solutions, enabling personnel, and educating employees.
- Responsible for the development, design and documentation of security processes, procedures, and technical implementations
- Will train and oversee personnel with significant responsibilities for information security to ensure that our business processes and technologies are aligned with the company\'s security strategy, and that business owners understand their roles and responsibilities with respect to keeping our systems secure
- Assist senior management on cybersecurity matters related to GBT.
- Presents to senior leadership on security topics and activity and develops partnership across multiple IT disciplines and work with other stakeholders on strategic technology issues
- Work cross-functionally to identify opportunities for improvement and oversee the establishment and maintenance of a security operation that strives for automated and continuous monitoring in the detection, containment, and mitigation of incidents
- Develop and maintain metrics and other data which will be reported, at least annually, to senior management and the Board of Directors on the effectiveness of the company information security program including information derived from automated and continuous monitoring, including threat assessments, and progress on actions to remediate threats
- Serves as subject matter expert in Information Security Technology and practices while in partnership with the Associate Director, IT Infrastructure and Security, CIO, IT, Legal Compliance, and other key stakeholders, ensure that complies with existing laws and regulations as it relates to Cyber Security (e.g. GDPR, SOX, HIPAA, PCI-DSS, US and Other International Privacy Laws, etc.)
- Coordinate with the appropriate entities in any lawful compliance reviews or investigations related to the cyber security of in-scope (patient, customer, etc.) information; In coordination with the senior management and incident response teams oversee incident response planning as well as the investigation of security breaches and assist with disciplinary and legal matters associated with such breaches as necessary
- Oversee vendor work quality and productivity while managing vendor relationships and contracting
- Develop processes and metrics to assess vendor\'s quality and effectiveness
- BA/BS in computer science, management information systems, or an equivalent combination of education and experience that demonstrates analytical skills, problem solving, initiative, judgment, decision making and writing ability
- A minimum of six (6) years of progressively increasing responsibility and achievement in Information Technology, or three (3) years of leading a Security Engineering and/or Security Operations team Experience in information security matters (policy, architecture, technology, etc.), including demonstrated experience with developing and administering an information security program would be beneficial
- Specific experience in the pharmaceutical and/or health care industry with specific FDA regulatory compliance experience is desirable CISSP or other industry recognized security certification (such as CISM, GIAC and CISA) would be an asset
- Knowledge and working experience with vulnerability assessment, penetration testing, incident response, industry security standards and practices, web application security, security audit/review processes and applying corporate and federally mandated policies
- Demonstrated ability to be a respected information security advisor to senior management, as well as to IT operations, operating groups, technical staff, and project management, and the skills to interface across several functions to proactively assist in defining solutions, direction, specifications and architectural principles
- In-depth, up-to-date and broad knowledge of the Information Technology Security field is required, including all major communications and computing technologies and trends, including significant domestic and international exposure
- Experience managing projects in a team-oriented cross-organizational environment.
- This level of experience to have been gained by several years of increasing levels of project responsibilities and accomplishments in several areas of information systems organizations
- Ability to effectively prioritize and execute tasks in a high-pressure environment
- Excellent written, oral, and interpersonal communication skills Fit with GBT culture:
- Ability to build strong relationships with co-workers of various backgrounds and expertise
- Ability to function at a high level in a team setting whether leading the group or acting as an individual contributor
- Values-based leadership consistent with GBT\'s Core Values
- Excitement about the vision and mission.
- Flexibility Integrity NOTE: This position summary is not intended to be all-inclusive.
- Employee may perform other related duties as negotiated to meet the ongoing needs of the organization.
- The Company complies with all laws respecting equal employment opportunity and does not discriminate against applicants with regard to any protected characteristic as defined by federal, state, and local law.
- This position may require you to work onsite or interact in person with customers of the Company and/or work onsite from time to time at the Company\'s facilities.
- The Company requires all employees working in its facilities (including attending in-person meetings and events) to be fully vaccinated from COVID-19 (except as required by applicable law).
- Therefore, this position requires you to be fully vaccinated from COVID-19, subject to reasonable accommodations for a disability/medical condition or sincerely-held religious belief, and/or as otherwise required by applicable law.
- The Company considers you fully vaccinated once 14 days have passed since you received either the second dose in a two-dose COVID-19 vaccine series or a single-dose COVID-19 vaccine.
- This position requires you to maintain a fully-vaccinated status against COVID-19, subject to reasonable accommodations required by applicable law.
- The vaccine must have been FDA approved, have emergency use authorization from the FDA, or, for persons fully vaccinated outside of the U.S., be listed for emergency use by the World Health Organization