Associate Director, IT Security and Governance is responsible for defining and managing Information Security program at Adamas and is the primary point of contact for any security events, incidents and changes to the company’s security infrastructure. This position is an advocate for Adamas information security needs and is responsible for the development and delivery of comprehensive risk-based information strategy to optimize security posture of the company. Primarily this position will collaborate with internal customers and business partners to translate security requirements into technical solutions and manage security operations. This position will report to the Senior Director, IT Infrastructure, Operations and Security and is based in Emeryville, CA.
Responsibilities:
- Develop, maintain and oversee a companywide information security program and ensure understanding of and commitment to the program within Adamas;
- Manage and create Information Technology security policies, procedures and control techniques to address all applicable requirements;
- Define, identify and classify critical information assets, assess threats and vulnerabilities regarding those assets and implement safeguard recommendations;
- Collaborates with IT Leadership on a strategy of industry best practices and benchmarks for building management support and ownership of IT Security;
- Train and oversee personnel will significant responsibilities for Information Security to ensure that our technology is aligned with strategy with respect to keeping our systems secure;
- Assist and partner with senior management on cybersecurity matters related to the company;
- Oversee the establishment and maintenance of a security operation that strives for automated and continuous monitoring in the detection; containment and mitigation of incident;
- Develop and maintain metrics and other data which will be reported periodically, to senior management on the effectiveness of the company information security program including information derived from automated and continuous monitoring, including threat assessments, and progress on actions to remediate threats;
- In partnership with the head of IT, Finance, QA, Human Resources and Legal Compliance, ensure that Adamas complies with existing laws and regulations (e.g.GDPR, HIPAA, PCI-DSS, US and Other International Privacy Laws, SOX, etc.);
- In coordination with the senior management, create and implement a risk management framework to ensure the appropriate application of controls based on risk;
- Oversee vendor work quality and productivity while managing vendor relationships and contracting and evaluates the vendor’s quality and effectiveness;
- Complies with corporate policies and procedures, as well as, US healthcare laws and regulations.
Qualifications:
- A Bachelor’s Degree in a related technical or business discipline, required;
- 8 years of progressive increasing responsibility and achievement in Information Technology,
- Experience in information security matters (policy, architecture, technology, etc.), including demonstrated experience with developing and administering an information security program;
- Specific experience in the pharmaceutical and/or health care industry with specific FDA regulatory compliance experience, preferred;
- CISSP or other industry recognized security certification (such as CISM, GIAC and CISA) would be an asset;
- Knowledge and working experience with vulnerability assessment, penetration testing, incident response, industry security standards and practices, web application security, security audit/review processes and applying corporate and federally mandated policies;
- Demonstrated ability to be a respected information security advisor to senior management, as well as to IT operations, operating groups, technical staff, and project management, and the skills to interface across several channels to proactively assist in defining solutions, direction, specifications and architectural principles;
- In-depth, up-to-date and broad knowledge of the Information Technology Security field is required, including all major communications and computing technologies and trends;
- Experience managing large-scale projects in a team-oriented cross-organizational environment;
- Successful experience in fast-paced entrepreneurial environment;
- Fit with Adamas culture and values.
Adamas is an Equal Opportunity Employer
The above statements are intended to describe the general nature and level of work being performed by people assigned to this job. This description is not intended to be construed as an exhaustive list of all the responsibilities, duties and skills required.