Senior Director, Information Security
Location: North Carolina, United States
Requisition Number: 2901
Position Title: Senior Director, Information Security
SUMMARY: The Senior Director, Information Security leads the Information Security function at a global level. This person is responsible for the development and delivery of a comprehensive information and data security strategy. This person will establish and build strategic and tactical information security objectives and best practices, define corporate security policies and procedures, and lead the information security teams, collaborating with cross-functional stakeholders. This person will build a comprehensive information security management organization to establish and mature Worldwide’s information security program.
Tasks may include but are not limited to:
- Lead, develop, and manage the global Information Security Team, advising IT leadership and executive management on cybersecurity threats, risks, mitigation strategies and tactics. Advise on and execute the IT strategy and tactics with IT leadership defining priorities and management structures. Help manage the evolution of security technology and process governing including hybrid or private cloud, SaaS, PaaS, and IaaS solutions.
- Define security policies and processes that improve efficiency of information security services including writing and reviewing GxP SOPs.
- Represent the company in matters governing Information Security for inquiries such as RFIs, MSAs, and/or inspections. Develop and mature an Incident Response process to enable swift reaction to activities that threaten the company from an Information Security perspective.
- Ensure effective day to day management of all security solutions, both internal and outsourced, providing appropriate risk management mitigations in all areas of information security for the company.
- Review and recommend vendors, negotiate terms, participate in audits, develop contracts for and manage sourcing activities in IT Infrastructure and IT Security.
- Facilitate and manage effective monitoring and auditing of security audit logs, intrusion detection systems and other security-related systems; investigate and escalate security incidents including documentation and reporting of events and preventative actions.
- Provide security expertise in the analysis, design, documentation, and implementation for new and existing information systems. Keep abreast of the latest trends, threats, and countermeasures in information security.
- Review and manage IS projects with Project Management and stakeholders, keeping milestones on target and providing regular updates, communication and guidance to teams and upper management as appropriate.
- Guide and help implement changes in staffing structure and staff operational tasks to facilitate improvements in service levels, integration of supporting vendors and financial efficiency where possible with clear process definition and performance review based on agreed targets/SLAs and metrics.
- Perform or ensure performance of information security risk and vulnerability assessments of internally- and externally hosted environments.
- Advise the General Counsel on Information Security matters as it relates to IT and IS.
Perform other duties as assigned. The duties and responsibilities listed above are representative of the nature and level of work assigned and are not necessarily all-inclusive.
OTHER SKILLS AND ABILITIES:
- Strong knowledge of applied best practices in global business systems security and data protection
- Strong organizational and management skills; excellent written and verbal communication skills
- Strong leadership skills, ability to manage and delegate effectively
- Strong interpersonal skills in a fast-paced, deadline oriented, and changing environment
- Computer System Validation (21 CFR Part11, GxP)
- Incident, Problem, Change, Release & Configuration Management (IT Infrastructure Library)
- IT project & risk management (workflow, approvals, tracking, reporting), business continuity and disaster recovery
- Ability to comprehend technical instructions and documentation included with hardware and software in use at WCT
- Excellent communication and interpersonal skills, including managing IT staff and vendors in other countries
- Must have good listening skills and ability to empathize
- Excellent grammar and writing skills
- Flexible, adaptable and able to work under pressure and efficiently multitask
- Ability to write and review SOPs, policies, configuration plans, technical diagrams and other documentation as required
- Proficiency in all MS-Office applications including Microsoft Word, Excel, and Power Point
- Second language (preferably Spanish or Russian) a great advantage
- Self-motivated and able to exercise sound judgment and make decisions independently
- Bachelor’s Degree in Computer Science, Information Technology, Information Systems, Information Security. MBA or other graduate degree preferred.
- 5+ years managing staff in a globally distributed environment including recruiting, hiring/terminating, coaching and development.
- 5+ years of experience working in and managing information security, architecture, design, or implementation of security systems.
- 10+ years of experience in Information Technology with progressive management and technical responsibilities.
- Certified Information Systems Security Professional (CISSP) or CISM required.
- Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and CIS/SANS20 Cybersecurity Framework.
- Up-to-date knowledge of information security methodologies and trends in both business and IT.
- Exceptional project management experience with large multi-faceted projects (budget, staff, complexity).
- Experience building high performance teams by promoting values, ideas and achieving consensus as well as coaching and mentoring skills.
- Excellent interpersonal and communication skills.
- Knowledge of encryption standards, techniques and technology.
- Experience with malware analysis, current threats, trends and techniques to thwart attackers.
- Experience participating in security audits.
Employment Type: Regular
Community / Marketing Title: Senior Director, Information Security
We’re a global, mid-size CRO that pushes boundaries, innovates and invents — because the path to a cure for the world’s most persist diseases is not paved by those who play it safe, but by those who take pioneering, creative approaches, and implement them with quality and excellence. We are experts, bright thinkers, dreamers and doers and, together, we are changing the way the world experiences CROs, in the best possible way.
Location_formattedLocationLong: Research Triangle Park, North Carolina US
CountryEEOText_Description: Worldwide Clinical Trials is an equal opportunity employer, dedicated to a policy of non-discrimination in employment on any basis including age, sex, color, race, creed, national origin, religion, marital status, sexual orientation, political belief or disability.