Executive Director, I.T.- Head of Security Architecture, Engineering, and Delive
Scorpion Therapeutics, San Francisco, California, United States, 94199
Role Summary
The Head of Security Architecture, Engineering, and Delivery serves as Deputy CISO, leading the architecture, engineering, and delivery of enterprise security capabilities to protect employees, patients, and research. This role partners across Security Operations, Risk, Data Privacy, QA, Infrastructure, Network, and Business IT to translate complex security requirements into clear guidance and maintain a strong security posture. It is a site-based role at Gilead's Foster City, CA headquarters with remote work not available; optional work-from-home days on Monday and Friday with core collaboration days in the office.
Responsibilities
Manage team to develop, update & maintain information security standards and reference architecture.
Lead and manage the Security Engineering team to deliver on Security capabilities.
Lead and manage the Security Project Delivery team, including Program and Project managers, Business analysts, and technical delivery engineers.
Lead and manage the Cyber Fusion Center operations, processes and be able to run the incident command and lead the incident investigations.
Present the Security Investment portfolio to IT and business leaders and communicate the value of security investment.
Lead and manage our Managed Service Provider solution delivery team to deliver on Security sustainment and investment projects.
Support Merger & Acquisition related activities.
Ensure IT activities, processes, and procedures meet defined requirements, policies and regulations.
Work with Internal Audit, Project Managers, System Managers and Engineers – Track project findings, identify and resolve issues, analyze evidence, communicate with stakeholders, and facilitate the completion of cybersecurity related projects.
Participate in other activities relating to information security or other functional areas as assigned.
Qualifications
Required: 16+ years of relevant experience or 14+ years within master’s or PhD.
Required: 12+ years of cybersecurity professional experience, risk management, and governance practice.
Required: Information security related certifications such as CISSP, CRISC, CCSP, GIAC, etc.
Required: A minimum of 8-10 years of leadership responsibilities.
Required: Strong understanding of a wide variety of cybersecurity technologies relating to the following security domains: Audit and Monitoring, Risk Response & Recovery, SIEM, vulnerability management, Cryptography, Data Communications, Computer Operations Security, Telecommunications & Network Security, Security Architecture & Models, cloud security, Multi-Factor Authentication, Passwordless Authentication, Digital Rights Management, PKI, Security for AI and AI for Security solutions.
Required: Strong understanding of NIST cyber security, and MITRE attack frameworks.
Required: Deep knowledge of IT Security and Privacy concepts and controls, and ability to develop security standards and guidelines based on best practices and industry standards.
Required: Able to lead teams through an incident from initial response, stakeholder communications and diagnosis to immediate and long-term remediation plans and activities.
Required: Knowledge of information security risk management frameworks and compliance practices.
Required: Knowledge of securing network technologies, client, and server operating systems.
Required: Strong knowledge of Secure Software Development Lifecycle (SDLC) processes and methodologies.
Required: Excellent interpersonal, communication, and presentation skills, including formal writing experience.
Required: Understanding of common security standards and healthcare related regulations and data privacy.
Required: Able to assess complex multi-location projects as well as identify and recommend appropriate corrective measures to resolve security and privacy related issues.
Required: Strong customer service orientation and the ability to project that attitude to customers in remote locations.
Preferred: Previous work experience in a Biopharma organization.
Preferred: Previous work experience in a cloud centric environment.
Preferred: Previous Deputy CISO or equivalent experience.
Education
Bachelor of Science degree in management information systems, computer science, engineering or another IT-related major is required.
#J-18808-Ljbffr
Responsibilities
Manage team to develop, update & maintain information security standards and reference architecture.
Lead and manage the Security Engineering team to deliver on Security capabilities.
Lead and manage the Security Project Delivery team, including Program and Project managers, Business analysts, and technical delivery engineers.
Lead and manage the Cyber Fusion Center operations, processes and be able to run the incident command and lead the incident investigations.
Present the Security Investment portfolio to IT and business leaders and communicate the value of security investment.
Lead and manage our Managed Service Provider solution delivery team to deliver on Security sustainment and investment projects.
Support Merger & Acquisition related activities.
Ensure IT activities, processes, and procedures meet defined requirements, policies and regulations.
Work with Internal Audit, Project Managers, System Managers and Engineers – Track project findings, identify and resolve issues, analyze evidence, communicate with stakeholders, and facilitate the completion of cybersecurity related projects.
Participate in other activities relating to information security or other functional areas as assigned.
Qualifications
Required: 16+ years of relevant experience or 14+ years within master’s or PhD.
Required: 12+ years of cybersecurity professional experience, risk management, and governance practice.
Required: Information security related certifications such as CISSP, CRISC, CCSP, GIAC, etc.
Required: A minimum of 8-10 years of leadership responsibilities.
Required: Strong understanding of a wide variety of cybersecurity technologies relating to the following security domains: Audit and Monitoring, Risk Response & Recovery, SIEM, vulnerability management, Cryptography, Data Communications, Computer Operations Security, Telecommunications & Network Security, Security Architecture & Models, cloud security, Multi-Factor Authentication, Passwordless Authentication, Digital Rights Management, PKI, Security for AI and AI for Security solutions.
Required: Strong understanding of NIST cyber security, and MITRE attack frameworks.
Required: Deep knowledge of IT Security and Privacy concepts and controls, and ability to develop security standards and guidelines based on best practices and industry standards.
Required: Able to lead teams through an incident from initial response, stakeholder communications and diagnosis to immediate and long-term remediation plans and activities.
Required: Knowledge of information security risk management frameworks and compliance practices.
Required: Knowledge of securing network technologies, client, and server operating systems.
Required: Strong knowledge of Secure Software Development Lifecycle (SDLC) processes and methodologies.
Required: Excellent interpersonal, communication, and presentation skills, including formal writing experience.
Required: Understanding of common security standards and healthcare related regulations and data privacy.
Required: Able to assess complex multi-location projects as well as identify and recommend appropriate corrective measures to resolve security and privacy related issues.
Required: Strong customer service orientation and the ability to project that attitude to customers in remote locations.
Preferred: Previous work experience in a Biopharma organization.
Preferred: Previous work experience in a cloud centric environment.
Preferred: Previous Deputy CISO or equivalent experience.
Education
Bachelor of Science degree in management information systems, computer science, engineering or another IT-related major is required.
#J-18808-Ljbffr