Science 37 is accelerating the research and development of breakthrough biomedical treatments by bringing clinical trials to patients' homes. The Science 37 Operating System (OS) enables universal access to patients and providers, leading to faster enrollment, greater retention and a more representative patient population. To help us achieve our goal, we are seeking a Chief Information Security Officer eager to make an impact within a mission-driven organization.
The Chief Information Security Officer plays an integral part in defining the fundamental principles for the protection of Science 37’s information resources and the proper controls needed to ensure compliance with internal and external regulations, while supporting the business needs and upholding Science 37’s reputation.
The Chief information Security Officer will be accountable to oversee all the Information Security policies in place and determine the security controls that are appropriate to the level of risk associated with IT systems and our proprietary technology platform. This role will provide strategic leadership and spearhead a security program to manage and improve information security while mitigating risk.
This role serves as an expert advisor to senior management in the development, implementation, and maintenance of information systems to ensure best practice control objectives are achieved in protecting information assets. This role guides the senior leadership team by making pragmatic recommendations for priority investments and projects that will mitigate overall risks by strengthening defenses and reducing vulnerabilities for Science 37’s information assets.
DUTIES AND RESPONSIBILITIES
Duties include but are not limited to:
- Develop, manage, and improve a comprehensive information security risk-based program to ensure the confidentiality, integrity, and availability of information/data assets.
- Develop a security architecture roadmap across Science 37 that will identify security controls and identify and assess technologies that will enforce the organization’s security priorities.
- Develop, maintain, and promote information security policies, standards, and guidelines. Ensure that controls comply with contractual obligations, corporate policies, and legal and regulatory requirements.
- Create and manage information security and risk management awareness training programs for all employees, contractors, and approved system users.
- Define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address findings with appropriate compliance business partners.
- Create, communicate, and implement a process to manage vendor risk, including assessment and remediation efforts to address such risks that may result from partners, consultants, and other service providers.
- Provide strategic risk guidance and consultation for corporate IT and S37 technology projects, including the evaluation and recommendation of technical standards and controls.
- Establish and implement a process for incident management to effectively identify, respond, contain, and communicate a suspected or confirmed incident with collaboration with appropriate compliance partners.
- Identify, assess, and prioritize security risks to all Science 37 data and systems, including external threats, cyber-crimes, internal threats, and third-party risks. Advise relevant stakeholders on the appropriate courses of action to mitigate or eliminate risk.
- Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event. Provide direction, support, and in-house consulting in these areas.
- Effectively manage an information security budget and monitor for variances.
- Provide regular reporting on the current status of the security program to the senior leadership team and the board of directors as part of a strategic enterprise risk management program.
- Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security.
- Collaborate actively with the IT team; Serve as a mentor to senior security leadership team
QUALIFICATIONS & SKILLS
- Bachelor’s degree in information security, Computer Science, Management of Information Systems, or related field required. Masters preferred.
- Minimum of 10 years of experience in a combination of risk management, information security and information technology fields. At least 4 years of experience in a senior leadership role in information and application security. Employment history must demonstrate increasing levels of responsibility within highly regulated environments (e.g., Life Science, Med Tech, Finance)
- Public company experience strongly preferable.
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
- Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.
- Poise and ability to act calmly and competently in high-pressure, high-stress situations.
- Knowledge and demonstrated experience of relevant legal and regulatory requirements, such as ISO 27001, SOC 1, SOC 2, PCI DSS, HITECH, HIPAA Privacy & Security and other CMS regulations and guidelines as they are updated by the Federal Government
- Knowledge of common information security management frameworks, such as NIST, OWASP
- Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.
- Exhibit excellent analytical skills, the ability to manage multiple, interdisciplinary projects as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
- Project management skills: financial/budget management, scheduling, and resource management.
- High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity.
- High degree of initiative, dependability, and ability to work with little supervision.
- Ability to communicate in English (both verbal and written)
Science 37 is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law.
Science 37 values the well-being of its employees and aims to provide team members with everything they need to succeed.
Submit your resume to apply!