Senior Director, Information Security

Company: Sarepta Therapeutics
Location: Cambridge
Posted on: May 23, 2023

Job Description:

Senior Director, Information Security page is loaded Senior Director, Information Security Apply remote type Hybrid locations Cambridge, MA time type Full time posted on Posted 30+ Days Ago job requisition id R-01892 Responsible for leading the enterprise Cyber and Information Security efforts including the development and implementation of a risk-based Information Technology (IT) Security strategy and vision, policies and procedures, technology direction and infusion, network and perimeter security operations, incident response, educational outreach, technical consultation, and ongoing IT Security operations. Reporting to the Chief Information Officer (CIO), this role will ensure the confidentiality, integrity, availability, and security of the company's intellectual property, operational data, and IT assets.Primary responsibilities:

• Provides leadership and oversight in the strategic planning, execution, and assessment of Sarepta's information security strategies, policies, procedures, and guiding practices to be implemented:
• Create, implement, and evolve a risk based IT Security strategy.
• Establish and maintain a comprehensive organization-wide information security program to ensure that information assets are adequately protected against current, future, internal, and external threats.
• Develop, identify, direct, coordinate, evaluate, and report on information security risks in a manner that meets compliance and regulatory requirements while enabling the organization to develop an anticipatory response to minimize information security risk and breach events.
• Act as the key liaison and focal point in the organization for information security communications and projects; in addition, provide operational oversight of application security, cloud security, data protection, and incident response program and security operations.
• Manage the selection and successful implementation of vendor managed services.
• Leads Information Security efforts to focus team activities on security policy, procedure, and compliance issues, and to seek synergies among various security service providers:
• Create and lead the activities of an Information Security Committee and distributed security practitioners.
• Develop a shared understanding and ensure commitment of security strategies, policies, and procedures.
• Define, identify, and classify critical information assets, assess threats and vulnerabilities regarding those assets, and implement safeguard recommendations.
• Develop and maintain metrics and other data which will be reported, at least annually, to senior management on the effectiveness of the company information security program.
• Task IT colleagues with reviewing and reporting on internal controls and security procedures in their respective areas.
• Seek quality improvements in these procedures both to improve efficiency and to mitigate risk across the security fabric of the enterprise.
• Manage the Enterprise IT Security service through our partners, direct tasks, set goals and expectations, ensure high performance and productivity, ensure effective customer service and education, and evaluate performance.
• Promotes Information Systems Security Awareness throughout the enterprise to provide security related services and share awareness of information security issues across Sarepta Therapeutics:
• Responsible for the development and implementation of a companywide security awareness training program and Cybersecurity Awareness Week
• Oversee information security risk assessments for departments or under the direction of IT management.
• Provide information for security training to employees, contractors or other third parties that may interact with Sarepta's information systems and networks.
• Provide cyber and information security guidance/support to Legal and Human Resources with regards to cyber incidents, litigation support, insider threat, and employee investigations.
• Directs Incident Response with regards to security breaches:
• Develop and maintain response procedures and awareness.
• Mobilize and manage the response team to ensure effective incident response handling.
  Desired Education and Skills:
  • 15+ Years of relevant work experience.
  • Knowledge and working experience with vulnerability assessment, penetration testing, incident response, industry security standards and practices, web application security, security audit/review processes and applying corporate and federally mandated policies.
  • Demonstrated ability to be a respected information security advisor to senior management, as well as to IT operations, operating groups, technical staff, and project management, and the skills to interface across several channels to proactively assist in defining solutions, direction, specifications, and architectural principles.
  • In-depth, up-to-date, and broad knowledge of the Information Security field is required, including all major communications and computing technologies and trends, including significant domestic and international exposure.
  • Strong leadership skills and ability to build a security program from the ground up.
  • Candidates must have a strategic view of information security and be able to successfully achieve specific tactics.
  • He or she should also be able to efficiently utilize limited Information Security resources to accomplish required outcomes.
  • CISSP and/or CISM certifications preferred. -
  • Experience managing large-scale projects in a team-oriented matrixed organizational environment.
  • Healthcare/biotech/pharmaceutical experience strongly preferred.
  • Well-developed public speaking, training, writing, and customer engagement skills.
  • Experience with software as a service (SaaS) software, Platform as a service (PaaS), Infrastructure as a service (IaaS), and related cloud security focus.#LI-TR1#LI-HybridThis position is hybrid, you will be expected to work on site at one of Sarepta's facilities in the United States and/or attend Company-sponsored in-person events from time to time.The targeted salary range for this position is $216,000 - $270,000 per year. Sarepta is making a good faith effort to be transparent and accurate around our hiring ranges. The salary offer is commensurate with Sarepta's compensation philosophy and considers factors including, but not limited to, education, training, experience, external market conditions, criticality of role, and internal equity.Candidates must be authorized to work in the U.S.Sarepta Therapeutics offers a competitive compensation and benefit package.Sarepta Therapeutics is an Equal Opportunity/Affirmative Action employer and participates in e-Verify. About Us Sarepta is on an urgent mission: engineer precision genetic medicine for rare diseases that devastate lives and cut futures short. We hold leadership positions in Duchenne muscular dystrophy (DMD) and limb-girdle muscular dystrophies (LGMDs), and we currently have more than 40 programs in various stages of development. Our vast pipeline is driven by our multi-platform Precision Genetic Medicine Engine in gene therapy, RNA and gene editing. For more information, please visit - www.sarepta.com -or follow us on - Twitter , - LinkedIn , - Instagram -and - Facebook .

Keywords: Sarepta Therapeutics, Cambridge , Senior Director, Information Security, Executive , Cambridge, Massachusetts