Manager, Security & Governance
Cellares
South San Francisco, CA, USA
Posted on Jun 19, 2024
Position Summary
We are seeking an innovative and highly motivated Manager, Security and Governance who will contribute significantly to the growth and maintain the security of the Cellares team.
The Manager, Security and Governance will provide vision, strategy and broad-based planning to the IT Security function. Under the guidance of the Director, Infrastructure and Security, this position will be an advocate for Cellares’ total information security program. This position will play a vital role in assessing the IT environment against industry best practices and benchmarks to determine the weaknesses and vulnerabilities of the company’s infrastructure, and implementing security measures to decrease exposure to attack and/or penetration.
This individual will also demonstrate a solid understanding of the criticality of business processes with reference to Cellares’ policies and processes while also conducting routine security risk assessments to proactively identify and minimize the probability of risk occurrences.
Candidates should enjoy working in a fast-paced, mission-driven environment, and be prepared to tackle a broad selection of challenges as the company grows.
Responsibilities
- In partnership with the Director, Infrastructure and Security, develop, maintain and oversee a company wide information security program and ensure understanding of and commitment to the program within Cellares
- In partnership with the Director, Infrastructure and Security, develop and maintain a multi year rolling roadmap that optimally reflect strategic business objectives, efficient sequencing, resources and funding
- Develop, maintain, and oversee information security policies, procedures, and control techniques to address all applicable requirements
- Define, identify, and classify critical information systems and assets, assess threats and vulnerabilities regarding those assets, and implement safeguard recommendations
- Execute the company’s risk-based information security strategy with a scalable approach, balancing process, delivering technical solutions, enabling personnel, and educating employees
- Responsible for the development, design and documentation of security processes, procedures and technical implementation
- Will train and oversee personnel with significant responsibilities for information security to ensure that our business processes and technologies are aligned with the company’s security strategy, and that business owners understand their roles and responsibilities with respect to keeping our systems and information secure
- Assist senior management team on cybersecurity matters related to Cellares. Ability to present on security topics and activities and develop partnerships across multiple IT disciplines and work with other stakeholders on strategic technology issues
- Work cross-functionally to identify opportunities for improvement and oversee the establishment and maintenance of security operations that strive for automated and continuous monitoring in the detection, containment and mitigation of security incidents
- Develop and maintain metrics and other data which will be reported to management on the effectiveness of the company’s information security program, using information derived from automated and continuous monitoring and security providers, including threat assessments, and progress on actions to remediate threats/risk
- Serves as the subject matter expert in information security technology and practices while in partnership with the Director, Infrastructure and Security, Head of IT, IT, Legal and other key stakeholders, ensure that Cellares complies with existing laws and regulations as it relates to cybersecurity (e.g. GDPR, SOX, HIPAA, PCI-DSS, US and other international privacy laws, etc.)
- Coordinate with the appropriate entities in any lawful compliance reviews or investigations as it relates to cybersecurity of in-scope (patient, customer, etc.) information. In coordination with the management and incident response teams, oversee incident response planning as well as the investigation of security breaches and assist with disciplinary and legal matters associated with such breaches as necessary
- Develop processes and metrics to assess vendor’s quality and effectiveness. Oversee vendor work quality and productivity while managing vendor relationships and contracting
Requirements
- Bachelor’s Degree or equivalent combination of education and experience that demonstrates analytical skills, problem solving, initiative, judgment and decision making and writing ability
- 8+ years of progressively increasing responsibility and achievement in Information Technology/Security and 3+ years of leading a Security Engineering and/or Security Operations team
- Experience in information security matters (policy, architecture, technology, etc.), including demonstrating experience with developing and administering an information security program would be beneficial
- Specific experience in the pharmaceutical, manufacturing and/or healthcare industry with specific FDA regulatory compliance experience is desirable