Cyber security Functional Expert/Architect in Cambridge, MA at DISYS

Date Posted: 2/3/2018

Job Snapshot

Job Description


BHJOB8895_104777  Job Title:                                                         Functional Security Architect Expert

Reports to:                                           Head Secure Software Development Lifecycle Architecture

Department:                                                                   Information Security &Risk Management (IS&RM)

JOB PURPOSE

The Functional Security Functional Architect Expert will work across information security and risk management and with all information technology disciplines to ensure new and existing applications solutions and systems designed, implemented and operated as per defined policies, standards, required industry regulations and associated security guidance, as well as industry good practices. The successful candidate will be a strong communicator with deep technical skills and, more importantly, a pragmatist. The individual must be highly collaborative as they will need to influence senior business leaders, functional leadership, project and application managers, quality and regulatory managers, other architects, engineers and developers.  The functional security architect will be responsible for the entire portfolio of new and existing applications for the function he/she represents to ensure proper architecture oversight, risk assessment, remediation plans and overall compliance and security through the SDLC lifecycle.

MAJOR ACCOUNTABILITIES

In addition to accountabilities listed above in Job Purpose:


•        Provides in depth expertise to IT functions on IT security topics in the design implementation and risk assessment remediation of any IT solution


•        Supports IT projects in secure design and build aligned to supporting function


•        Advise to IT operations responsible for security patterns and solutions, including associated infrastructure and services in regards to IT Security


•        Review, request and challenge defined IT security related internal standards


•        Collaborates closely with other Security Architects and IT Architects on IT security related matters


•        Promotes IT Security culture within business, compliance and IT responsible for medical devices design and operations


•        Solution oriented, can define various pragmatic alternatives leading to appropriate IT security results


•        Reports on security status of projects and operations across across associated function for all IT Security patterns


•        Ensures industry network regarding IT security relevant to the associated company function


•        Perform risk/threat assessment of all IT project related to the function


•        Manage pool of solution architects assigned to portfolio


•        Manage prioritization of security assessment an design resources for the function


•        Leverage application security risk assessment pool for low impact projects

KEY PERFORMANCE INDICATORS / MEASURES OF SUCCESS


•        Level of maturity of controls (based on IGM control maturity assessments, internal audits and external benchmarking or assessment) within IT for vulnerability management


•        No major audit findings in relation to medical device security by health authorities which were not previously reported to senior leadership


•        Good cultural orientation and strong influencer of information risk management, information security, IT security, to be embedded across associated IT Function


•        Effective management of information risk status leading to reduced critical audit findings.


•        Projects with major involvement pass without major security deficiencies regarding application security

 

 

JOB DIMENSIONS (Job Scope)

Number of associates:

Number of IT associates:


•        none

Management responsibility

  • Global IT leader influencing without direct ownership.

Financial responsibility

Depending on project portfolio for the year assignee to the function 500k to 5 million

PERSONAL CONSIDERATIONS

As the role is part of a global organization, willingness for required traveling is important.

EDUCATION / EXPERIENCE

EDUCATION

  • Essential:
    • University working and thinking level, degree in business/technical/scientific area or comparable education/experience
    • Professional information security certification, such as CISSP, CISM or ISO 27001 auditor / practitioner is preferred. Professional (information system) risk or audit certification such as CIA, CISA or CRISC is preferred
  • Desirable:
    •  

 

EXPERIENCE

  • 10+ years of working experience, 7 of those years with Information Security management
  • Demonstrated leadership skills: >2 years’ experience in senior management positions in a matrix organization
  • 5+ years as an IT security expert
  • Experienced IT security architect with broad and in-depth technical, analytical and conceptual skills
  • Experience in reporting to and communicating with senior level management (with and without IT background, with and without in depth risk management background) on information risk topics


•        Excellent written and verbal communication and presentation skills; interpersonal and collaborative skills; and the ability to communicate information risk-related concepts to technical as well as nontechnical audiences, and to audiences with a risk management profile as well as those with a less outspoken risk management profile.

  • Excellent understanding and knowledge of general IT infrastructure technology, systems and management processes


•        Proven experience to initiate and manage projects that will affect other divisions, departments and functions, as well as the corporate environment.

PRODUCT/MARKET/CUSTOMER KNOWLEDGE


•        Good understanding of pharmaceutical industry. Good understanding and knowledge of business processes in a global pharmaceutical industry

SKILLS/JOB RELATED KNOWLEDGE

  • Good mediation and facilitation skills
  • Good knowledge of IT Project Management


•        Experience with compliance and security requirements related to medical devices, including data privacy.


•        Knowledge of (information) risk management related standards or frameworks such as COSO, ISO 2700x, CobiT, ISO 24762, BS 25999, NIST, ISF Standard of Good Practice and ITIL


•        Knowledge of OWASP, SDLC, Encryption, Identity and Access Management, data integrity measures

NETWORKS


•        High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity.


•        Ability to handle competing priorities, and seeking consensus when stakeholders have different or even contradicting opinions.

OTHER


•        Fluency (written and spoken) in English


Digital Intelligence Systems, LLC. is an Equal Opportunity Employer, M/F/D/V. We do not discriminate against any employee or applicant because they inquired about, discussed, or disclosed compensation. Email recruitinghelp @ disys.com to contact us if you are an individual with a disability and require accommodation in the application process.