Associate Director/Director, Infrastructure and Cybersecurity

Position Overview:

 The Associate Director/Director of Infrastructure and Cybersecurity is a critical part of the Digital leadership team and will report directly to the VP of IT and Facilities. They will be key to enabling and maintaining scalable, secure infrastructure and ongoing cyber-resilience. The incumbent will lead all aspects of infrastructure and cybersecurity and large-scale infrastructure buildouts. In addition, they will collaborate with Informatics to architect, evaluate, and integrate technologies that support Prime's data strategy, including the implementation of an R&D data lake house. They will own the overall design and engineering of infrastructure platforms that deliver high availability, performance, capacity, in a cost effective and secure manner. The Associate Director/Director of Infrastructure will also be responsible for the administration, implementation, and oversight of the IT Information Security and Data Protection strategies for the organization to align with relevant laws, regulations, and industry standards. 

Key Responsibilities:

• Heads core infrastructure services and Cybersecurity with the goal of building a hybrid team of internals and externals and key processes. 
• Leads the effective delivery and operations of core infrastructure Services including Compute, Storage, AWS, Network, and other related services in the Enterprise Technology stack. 
• Creates and drives repeatable processes and system optimizations, which can be consistently applied. Oversees the operational health, management, security, lifecycle, and reliability of hybrid core infrastructure services. 
• Supports and ensures compliance of IT Governance for controls, standards, and practices. 
• Accountable for managing vendors, ensuring they deliver quality services and meet all contractual obligations.  
• Manage Infrastructure budgets and purchasing to meet accounting and control requirements including vendor management, inventory tracking and billing of materials, software, and services. 
• Plan and direct the design, deployment, and implementation of on premise and cloud technology infrastructure, including network administration, device management, system architecture, telecommunications, and business continuity and disaster recovery to support Prime’s environment.
• Provide leadership for planning, developing, maintaining and improving assigned programs/services, including management and coordination of personnel, budget management, and vendor relationships.
• Provides ongoing analysis of company technology needs by establishing feasibility studies, systems design, and implementation plan to ensure a highly available IT infrastructure.
• Works with all business functions to understand the security risks and compliance requirements, develops a long-term corporate strategy for these areas. 
• Leads and executes on IT Risk & Compliance roadmap, to include aligning with the defined Information Security strategy, business, and product strategy. 
• Lead IT security incident response, performing triage and determining if security incidents require escalation and/or further response. 
• Develop and maintain Information security & Data Protection operational processes, policies and procedures and Data Classification standards.  
• Implement cybersecurity best practices using relevant security frameworks, such as ISO 27001, NIST, SANS Critical 20, COBIT, etc. 
• Implement controls and tools necessary for compliance with GXP and Sarbanes-Oxley. 
• Maintain and enhance existing cyber tools including anti-malware, EDR, web security, SIEM, IPS/IDS, Firewalls, and threat intelligence. 
• Perform internal audit tasks. 
• Read and interpret ISO 27001, SOC 2, and other relevant certification reports from vendors to assess their security preparedness and representation of Prime’s interests. 
• Review contractual agreements and comment on security and data protection as needed. 

Skills and Abilities:

• Demonstrated ability to develop and execute a strategic staffing plan, ensuring that employees are highly engaged and motivated. 
• Excellent verbal and written communication skills, including the ability to explain technical and business concepts and technologies to business leaders and infrastructure team.
• Ability to display critical decision during critical issues and incidents and situations involving confidential and sensitive material.
• Strong "service provider" and "business partner" orientation.
• Visible, collaborative, and accessible leader to both the IT organization and the rest of the business. 
• Ability to manage ambiguity, risk, and changing direction of projects and strategies. 
• Excellent interpersonal, leadership, and management skills and high professional standards for work quality 
• Demonstrated ability to create a vision and strategy roadmap for the enterprise technology stack.
• 5+ years of experience in IT Operations with specific skills in IT Risk, Compliance, and Information Security Management in the pharmaceutical industry.  
• Demonstrated ability to successfully implement Information Security Programs (e.g., Third Party Risk Management, Information Security Classification, Business Resilience) across a global organization. 
• Strong experience and understanding of Regulatory Agencies requirements. 
• Pharmaceutical, Biotech, and/or Life Sciences experience.  

Qualifications:

• Bachelor's Degree; in Finance, Business, Information Management/Information Technology, Mathematics, Engineering, or equivalent field 
• Master's Degree in Computer Science/Software Engineering or equivalent field or equivalent work experience 
• 12+ years of experience in building Technology Infrastructure and Cybersecurity environments 
• Extensive knowledge of running and maintaining cloud-based, hybrid, and on-prem services.
• Proven experience and demonstrated capability in leading transformational initiatives in complex and dynamic environments. 
• Demonstrated experience in strategic planning, organizational design, development, and implementation. 
• Experience with vendor and contract management for managed services, licensing, and delivery. 
• Exceptional understanding of ITIL processes and implementation. 
• Experience with Risk Management and Regulatory/Audit programs and reporting. 
• Experience with platforms running various technologies (Oracle, Concur, Veeva, and others) 
• Extensive experience of network infrastructure (Cisco, Meraki)
• Demonstrated experience of site buildouts and site to site integration.
• Manage IT security vendor relationships and recommend strategic solutions and procurements. 
• Manage, control and direct Data Protection services vendors.