View Our Website View All Jobs

Director, Information Security

SUMMARY

The Director is responsible to mature and maintain the information security (IS) program so that information assets and associated technology, applications, systems, infrastructure and business process are adequately protected in the digital ecosystem in which we operate. Scope includes:

  • Identification, evaluation and reporting on cybersecurity risk to information assets, while supporting and advancing business objectives. 
  • Grow and run the enterprise information security program.
  • Proactively work with business units, ecosystem partners and vendors to implement soft and hard controls that meet agreed policies and standards for information security.
  • Serve as the process owner of the appropriate second-line assurance activities not only related to confidentiality, integrity and availability, but also to the safety, privacy and recovery of information owned or processed by the business in compliance with regulatory requirements.
  • Partner with senior leaders to determine acceptable levels of IS risk for the organization.
  • Translate IS-risk requirements and constraints of the business into control requirements and specifications, dive deep into controls, develop useful metrics for on-going performance measurement, and verify implementation of a secure eco-system.

Personnel responsible for managing and operating infrastructure and applications will report into other functional areas (for example, networking, servers, building security, HR new hire or database management) with their security-related activities coordinated by the IS Director.   This position will be highly visible, and is expected to contribute significantly to management of IS risk.

 

RESPONSIBILITIES

Establish Governance, Build Knowledge, and Set Strategy

  • Facilitate information security governance structure through the implementation of a hierarchical governance program including steering committee and/or advisory board.
  • Grow information security vision and strategy that is aligned to organizational priorities, and ensure senior stake-holder buy-in.
  • Provide regular reporting on the current status of the information security program.
  • Ensure that information security requirements are included in 3rd party contracts.
  • Manage information security awareness training program for all employees, contractors and approved system users, and measure effectiveness of this training program.
  • Understand and interact with related company disciplines (i.e. privacy, risk management, compliance) to ensure the consistent application of controls across all technology investments.
  • Provide clear risk mitigating directives for projects with components in IT, including the mandatory application of controls.

Lead / Run the IS Function

  • Lead the information security function across the company to ensure consistent and high-quality information security management in support of business goals.
  • Manage the IS budget.
  • Employ a risk-based process for the assessment and mitigation of any information security risk in the ecosystem consisting of supply chain partners, vendors, customers and third parties.
  • Work with the compliance staff to ensure that all information owned, collected or controlled by or on behalf of the company is processed and stored in accordance with applicable laws and other global regulatory requirements, such as data privacy.
  • Collaborate with data privacy officer to ensure that data privacy requirements are included where applicable.
  • Facilitate the process for information security risk assessments including the reporting and oversight of treatment efforts to address negative findings.
  • Ensure that security is embedded in the project delivery process by providing the appropriate information security policies, practices and guidelines.
  • Manage and contain information security incidents and events to protect corporate IT assets, intellectual property, regulated data and the company's reputation.
  • Coordinate the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event.

Develop the Frameworks

  • Develop and enhance an up-to-date information security management framework based on best practices (i.e.National Institute of Standards and Technology Cybersecurity Framework).
  • Own and continuously update information security policies, standards and guidelines.
  • Create a framework for roles and responsibilities with regard to information ownership, data classification and control, accountability and protection of information assets.
  • Own metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and maturity the information security program, and review it with stakeholders and senior leaders.

Operations Support

  • Consult with IT and business line staff to ensure that security controls are factored into the evaluation, selection, installation and configuration of hardware, applications and software, process and procedures, etc. 
  • Perform security assessments for gap analysis and provide recommendations to close GAPs.
  • Develop a common set of security monitoring tools. Define operational parameters for their use, and conducts reviews of tool output. 
  • Responsible for the execution of  internal and external IS risk assessment activities. Analyze the results to produce recommendations of acceptable risk and risk mitigation strategies.

 

 

REQUIREMENTS

  • A leader with a track record of competency in the field of information security with 7 to 10 years of relevant experience, including 5 years in a significant leadership role.
  • 20+ years professional experience
  • A bachelor's degree in information systems, related degree or equivalent work experience, Advanced degree in Computer Science, Engineering, or Business desired
  • Information Security certification based on industry best practices.
  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists
  • A thought leader, a builder of consensus and of bridges between business and technology.
  • An integrator of people, process and technology.
  • A strong knowledge of security of Cloud technology and company integration
  • Experience of running a SOC whether internal or external for 24/7 security
  • Good knowledge of GDPR regulations.
  • ITIL Certification, GxP training, Privacy, EU General Data Protection Regulations (GDPR) and/or other IT Security training
  • Global IT experience
  • Pharmaceutical or biotechnology experience
  • Experience in standing up a commercial ready suite of capabilities
  • A visionary leader with sound knowledge of business management and cybersecurity technologies covering the corporate network as well as the broader digital ecosystem.
  • Good understanding of IT technology to oversee a variety of cybersecurity and risk management activities related to IT to ensure the achievement of business outcomes where the business process is dependent on technology.
  • Understand and articulate the impact of cybersecurity on (digital) business, and be able to communicate this to senior stakeholders.
  • Understands that securing information assets and associated technology, applications, systems and processes in the wider ecosystem in which the organization operates is as important as protecting information within the organization's perimeter.
  • Ability to work with Infrastructure team to implement changes and upgrades required
  • Must be knowledgeable about both internal and external business environments, and ensure that information systems are maintained in a fully functional and secure mode and are compliant with legal, regulatory and contractual obligations.
  • At ease with managing multiple priorities, ambiguity and rapidly moving business environment. 
  • A strong understanding of the business impact of security tools, security operations center, technologies and policies.
  • Strong leadership abilities, with the capability to develop and guide IT operations personnel, and work with minimal supervision.
  • Experience working with legal, audit, operations and compliance staff.
  • Experience developing and maintaining policies, procedures, standards and guidelines.
  • Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks, the U.S. Sarbanes-Oxley Act, the U.S. Health Insurance Portability and Accountability Act (HIPAA), the European Union Privacy Directives, and the Japanese Financial Instruments and Exchange Law ("J-SOX").
  • Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
  • Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
  • This role will represent IT leadership and Company-wide IS goals and objectives internally and externally
  • Minimum quarterly travel to Adaptimmune global sites and Adaptimmune vendors as necessary

 

 

Read More

Apply for this position

Required*
Apply with
Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file