Senior Manager, IT is a key member of the Information Security and Data Privacy team and works closely with IT and other business stakeholders to develop, update and maintain security policies, standards, and baseline requirements to manage information risk to Gilead appropriately.
The candidate will assist with developing and implementing the desired end state of the Information Security and Privacy programs including but not limited IT Risk management and Security Governance.
ESSENTIAL JOB FUNCTIONS :
Evaluate, design, and recommend appropriate changes to integrate security within various on-going projects and / or solutions to comply with Gilead security policies, standards and baselines.
Collaborate on select security projects including development of requirements, evaluation of competing products, selection and implementation of products.
Recommends and coordinates the application of fixes, patches, & recovery procedures in the event of a security breach.
Assists in the testing of controls and the remediation of any deficiencies identified.
Conduct risk assessments and evaluate risk based on vulnerability assessment and / or penetration test results.
Assist in formalizing and updating security policies, procedures and technical standards and auditing / monitoring compliance with those standards.
Leads, performs or reviews software security evaluations and security exception management.
Assist in developing responses to internal & external audits, penetration tests and vulnerability assessments, as needed.
REQUIRED SKILLS & JOB QUALIFICATIONS :
Minimum 8 years of progressively responsible IT security experience with at least 5-6 years of security / infrastructure assessment experience.
Security professional with a proven experience within the security industry
Strong verbal and written communication skills with the ability to adapt information delivery based on the target audience
Ability to work in a fast paced, highly visible, changing environment.
Proven track record in identifying security gaps and recommending appropriate security controls to mitigate risk to Gilead.
Proven track record in conducting IT risk and security assessments of solutions (Security or Business Specific).
Significant experience in developing information security related policies, standards and baseline requirements.
Significant experience in evaluating internal and external penetration testing results i.e. white hat hacking.
Strong Knowledge of Security Frameworks (ISO 27002, NIST 800-53, COBIT, HITRUST)
Knowledge of security regulations and standards (HIPAA, HITECH, PCI.)
Must be able to perform hands-on evaluation for a wide range of software from a security perspective.
Proven ability at building working relationships with partners and peers.
Excellent analytical and problem solving skills.
Ability to multitask and manage multiple topics and demands concurrently
Working knowledge of IT processes (i.e., ITIL) including incident, problem, defect, change and release management
Prior working experience in a Pharmaceutical company is a big plus
Highly organized, results-oriented and attentive to details
High level of personal integrity consistent with Gilead’s core values
Performs other duties as assigned.
EDUCATION & CERTIFICATION
8+ years of relevant experience
Bachelor of Science degree in management information systems, computer science, engineering or other IT-related major is required
Information Security Certification (CISSP, CRISC, etc ) or other related security certification is highly desired
Microsoft, Linux, Unix, and Cisco certifications would be an asset