Location: Basking Ridge, NJ; Tarrytown, NY; Remote
This role will require to be onsite a few days a week in Tarrytown, NY. Must be very senior.
NOTES:
Must have both Cloud and Systems Security experience in Information/data/cyber security space. Must have done extensive work in Data Privacy space. Must have Healthcare experience. Must have at least 2-3 of the listed certification. The role is at Director or Associate Director level. Must have very good communication skill and someone who with Interact with CISO and Chief Data officer
We are seeking a Business Information Security Officer (BISO) is the information security lead for all services and core platforms; responsible for prioritizing security risks and representing the business unit in local security matters. Key success criteria include driving security into all internal services and business customer-facing solutions, ensuring risk remediation are prioritized appropriately with system owners and management.
You will understand the key data assets and processes, understand the compliance/regulatory environment that the business operates in, identify and evaluate risks and controls, and suggest incremental controls or risk mitigation strategies where necessary. Additionally, they will ensure business compliance with Information Security Policies, Standards, and Controls while continuously monitoring and reporting risks and documented exceptions. They are accountable for helping the business achieve its objectives while maintaining an appropriate security posture.
You will work closely with the CISO and Data Privacy organizations.
Key focus areas include:
· Plan and manage the validation, certification, and accreditation processes in direct collaboration with government agencies, customers, auditors, and regulatory bodies.
· Management and execution of 3rd party assessment activities including responding to Vendor Risk Management requests (e.g., SIG and third-party questionnaires).
· Coordination of regulatory compliance activities with Data Privacy team.
In this role, a typical day might include the following:
· Lead the implementation of the corporate information security, data protection and privacy policies across the business. Manage the security processes and effectively ensuring guidance in accordance to corporate policies and procedures
· Develop and maintain a deep comprehension of our processes, systems, technologies, data, customers, consumers, partners, and the compliance/regulatory environment the business operates in.
· Manage and respond to Data Privacy and InfoSec support requests from across the business and our collaborators in coordination with the CISO and CPO
· Collaboration with the Corporate Security and SecOps teams in governance of sensitive controlled unclassified information (CUI) and any classified information
· Assess and develop mitigations for system security threats & risks.
· Plan requirements, identify risks, interact with partners, track projects on a weekly/monthly/yearly schedule, work with various teams to ensure implementation of security controls, collect evidence for audit and work with external auditors.
· Create awareness of existing Information Security tools/processes/capabilities, make recommendations, and drive their adoption.
· Support development and delivery of Security and Data Protection standard methodology training materials and process documents; Authoring and review of policy and process documents.
· Provide consulting services on current and upcoming projects.
· Proactively identify and report on non-compliance and areas of potential improvement.
· Define, measure, and monitor meaningful metrics for the RGC related to their current security position and the effectiveness of the InfoSec program against strategic plans and priorities.
This job might be for you if:
· You look for cooperation and collaboration between different levels of the organization to implement information security standards
· You thrive in a fast-paced environment and have the business acumen to understand key data assets and processes in a business unit
· You have a demonstrated passion for making things better and building resourceful solutions
· You are a critical problem solver with a high degree of initiative, dependability, and ability to work with little supervision.
To be considered for this role, you must have a Bachelor's degree and at least 12 years of experience in Information Security, Information Assurance and/or Cyber Security space. Additional relevant experience and professional certifications will be considered in lieu of a degree. Extensive experience in the information security field designing and implementing enterprise security solutions in a global context. Deep and broad understanding related to security encompassing end point technologies, applications, application hosting, physical and virtual data center hosting. Experience with security practices such as security incident response and risk management. Experience in the design, development, implementation, and operational support of critically important solutions in large scale environments and organizations. Excellent verbal and written communication skills with a wide range of audiences including technologists, executives, business partners and IT team members. Experience in leading projects using global teams with matrix resources. Knowledge and understanding of relevant legal and regulatory requirements. Knowledge of information security management frameworks, such as ISO 27001, ITIL, COBIT and NIST. Experience with contract and vendor negotiations. Ability to think at systems / architecture level I.e. How do all the parts of the solution fit together not just design at element level. Proven ability in security process and organizational design; Current understanding of Industry trends and emerging threats; and knowledge of incident response methodologies and technologies. Desired Qualifications: - Advanced degree in applicable field. Professional security management certification, such as a Health Certified Information Systems Security Professional (HCISSP), Certified Information Security Manager (CISM) or other similar credentials, is desired. Technical writing-comfortable writing reports for senior management. 8+ years of IT security experience working in an infrastructure or security architecture environment. CISSP, CCNA, CCIE or other relevant industry certifications. Cyber security risk management experience, e.g. conducting assessments, identifying risks, and recommending solutions. Expertise with NIST and ISO 27000 series, particularly NIST SP 800-53, NIST SP 800-171, ISO 27001/2. Genomic / Clinical data experience/knowledge is a plus. Level commensurate with experience and qualifications.
No comments:
Post a Comment