Senior Manager, IT Security and Privacy, Gilead Sciences, Foster City, CA

The Senior Director of IT Security and Privacy is a key member of the Information Security (SRC) and Privacy Risk Compliance team and works closely with the Legal team and the Compliance team. infrastructure and application services to ensure program and privacy controls are in place.

Detailed job description:

The Senior Privacy and Security Officer will serve as the subject matter expert on information security and privacy principles; company policies and standards; and regulatory requirements regarding privacy and security incidents and assessments. The individual in this position will be expected to understand and communicate reporting requirements as defined by company policy and interpret and apply the concepts and requirements when handling and managing privacy and security incidents.

Essential duties of the position:

  • Develop, implement and maintain privacy policies and procedures and verify/monitor compliance with these standards.
  • Develop a privacy program strategy and roadmap.
  • Create and deliver education, training and orientation programs for all employees, contractors and other appropriate third parties.
  • Evaluates, conducts and approves privacy impact assessments, security architecture and risk assessments as required.
  • Maintains knowledge of federal, state, European and global data protection laws and accreditation standards.
  • Establishes and develops strategic working relationships between business groups.
  • Reviews all system-related information security plans across the practice/organization network to ensure alignment between security and privacy practices.
  • Provide support and conduct assessment reviews in support of SRC and company audit activities.
  • Collaborates within various business groups to analyze and evaluate reported privacy and security incidents to determine if there has been loss of sensitive data, health protection information, policy violation and/or cyber or other business threat.
  • Works with Security Operations and Incident Response team to address security threats and incidents.
  • Analyzes and identifies trends in reportable privacy and security issues.
  • Defines and creates metrics and reports on reportable privacy and security issues.
  • Directs, executes and reviews security incident investigations.
  • Write project documentation, position papers, etc. Must be able to work with project stakeholders to create appropriate business processes as part of the project lifecycle.
  • Perform project leadership duties on selected privacy/security projects, including requirements development, competitor product evaluation, testing, training, and product implementation.

Required skills and professional qualifications:

  • Minimum 8 years of progressively responsible IT experience with at least a minimum of 6-10 years of experience in information security/privacy and risk management.
  • Experience in developing and implementing compliance monitoring processes and procedures.
  • Experience with formal project planning and risk assessment methodologies.
  • Demonstrated experience in data mining, analysis and reporting required.
  • Strong knowledge of information systems security concepts and current information security and privacy trends and practices.
  • Knowledge of federal and state security and privacy regulatory requirements.
  • Effective leadership skills to support privacy programs. Must be able to prepare formal reports and presentations as required.
  • Must be thorough and possess the ability to prioritize tasks to ensure work is completed in an accurate and timely manner.
  • Strong business and technical skills in planning, administration and management of information systems, operational and technical security controls; and security risk analysis and management.
  • Knowledge of medical records and other medical information, patient privacy and confidentiality, and information disclosure. Security professional with proven management experience in the security industry.
  • Strong verbal and written communication skills with the ability to tailor information delivery based on target audience.
  • Proven ability to build strong working relationships with partners and peers.
  • Excellent analytical and problem solving skills.
  • Experience in assessing and identifying trends.
  • Experience in appropriate handling of confidential and sensitive information.
  • Ability to work in a dynamic, highly visible and changing environment.
  • Solid knowledge of security frameworks (ISO 27002, NIST 800-53, COBIT, HITRUST).
  • OneTrust background desired.
  • Autonomous with the ability to work independently, set priorities, multi-task and maintain flexibility in a fast-paced environment.
  • Ability to deal with conflict and difficult issues in a professional, assertive and proactive manner.
  • Previous work experience in a pharmaceutical or healthcare company is helpful.
  • Highly organized, results oriented and attentive to detail.
  • Driven, proactive, independent and responsive – requires little supervisory attention.
  • Excellent presentation, facilitation and diplomacy skills.
  • High level of personal integrity consistent with Gilead’s core values.
  • Performs other assigned duties.
  • Ability to work in a dynamic, highly visible and changing environment.
  • Excellent presentation, facilitation and diplomacy skills.

Education and certification:

  • 8 to 10 years of relevant experience.
  • A Bachelor of Science in Management Information Systems, Computer Science, Engineering, or another computer-related major is preferred.
  • Prefer certification as CIPP/US, CIPM, CIPP/EU, CHP or other certified privacy or security related credentials. Certification in risk management, an asset.

Application submission information:

Apply on the website or contact Shally Singh [email protected] with resume.

Comments are closed.