Myovant Sciences aspires to be the leading healthcare company focused on innovative treatments for women’s health and advanced prostate cancer designed to improve the lives of millions. We are on a mission to redefine care for women and for men through purpose-driven science, empowering medicines, and transformative advocacy. We are looking for passionate and hard-working individuals who share our excitement for this mission.
We are currently seeking a qualified, highly motivated, experienced individual for the position of Senior/Principal Information Security Engineer. The position reports to the Director, IT - Network, Security, and Cloud Architecture. The location of the position is in Brisbane, CA.
The Senior/Principal Information Security Engineer will play a key contributor role in supporting and driving all enterprise-wide information technology security programs and initiatives. This individual has the skill set to identify and trend security issues on the network, create reports and remediation paths that are sent to key stakeholders. In addition, draft and implement new policies and procedures that protect Myovant’s digital assets.
Essential Duties and Responsibilities
- Monitor and detect threats, including viruses, malware, phishing attempts, and other suspicious activities in the Myovant environment
- Create documentation of event or incident reports and discovered vulnerabilities
- Analyze logs and alerts and to search for trends in the environment across our data centers and on the WAN.
- Mitigate any deficiencies or discovered risks and inform IT leadership of any necessary actions required.
- Manage and participate in annual cybersecurity and penetration tests, and remediate any findings identified.
- Develop plans to regularly perform and analyze enterprise-wide security tests and reviews, as well as incident response plans.
- Develop the security review process (risk assessment, mitigation and action plans) for both existing and proposed systems within the Myovant environment.
- Implement and maintain programs to ensure education, awareness, understanding, and adherence to established cybersecurity policies and procedures
- Develop and publish metrics and dashboards demonstrating the state of Movant's security initiatives and incident activity.
- Liaise with other business stakeholders and external auditors to articulate the organization's security strategy, policies, data classification, educational initiatives, and response plans.
- Assist the infrastructure team with other network operations improvement projects
Core Competencies, Knowledge, and Skill Requirements
- Comprehensive understanding of internal auditing, internal controls, and risk management
- A strong working knowledge of network architecture- both traditional on-premise and cloud technology (AWS, Azure, Google Cloud)
- Strong experience supporting a diverse set of SaaS applications across a geographically diverse workforce.
- Experience with SSL certificate management, Single-Sign-On, IdP (identity provider).
- Experience in IAM, KMS, permission, roles, firewall rules in cloud platforms.
- Experience with different authentication and encryption technologies.
- Experience with Firewalls, WAF, IPSec VPN, Endpoint Protection and Response (EDR), DLP, SASE/CASB, SIEM tools, Cryptography methodology, WiFi security etc.
- Experience with penetration testing and threat intelligence.
- Experience working with outside audit firms and IT consulting firms
- Demonstrate communication and collaboration skills with an ability to manage and influence stakeholders in a matrix environment effectively
- Exercise good judgment and make decision that is appropriate for the organization
- Results-driven, take initiative and ownership to accomplish work
- Ability to demonstrate flexibility and embrace change in a dynamic, rapidly growing environment
- Strive for continuous improvement and embrace innovative ideas in daily work
- Strong PC experience and demonstrated proficiency in MS Office Suite and Outlook.
- Bachelor of Science/ Bachelor of Arts degree in Computer Science, Computer Engineering, Information Technology, or related field
- Certified in one of the major firewall products preferred
- Certified in one of the cloud security specialties preferred
- Certified in CISA (certified information systems auditor), or CISSP (certified information systems security professional) preferred
- 5+ years' experience leading corporate information security initiatives and vulnerability assessment efforts
- Experience working in the biotechnology industry preferred
- Demonstrated knowledge of data center operations, security, disaster preparedness/recovery, incident response and mitigation, capacity planning
- Strong understanding of SOX (Sarbanes Oxley), GAMP5, NIST, and 21 CFR Part 11
Disclaimer: The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. All personnel may be required to perform duties outside of their normal responsibilities from time to time, as needed.
If you require any accommodations, please email firstname.lastname@example.org.
Equal Employment Opportunity