Lead - Information Security

Lake County, Illinois, USA
Feb 20, 2018
Required Education
Bachelors Degree
Position Type
Full time
Pharmacy Solutions - Information Security Lead

This role is responsible for advising Pharmacy Solutions in relation to Information Security (“IS”) best practices, in addition to adherence with the AbbVie IS policies and global security standards. The lead collaborates with Pharmacy Solutions Privacy Officer while providing internal and third party InfoSec consulting support and ensures risk is managed according to the acceptable business risk level defined by AbbVie Leadership.

The ISO will drive Information Security activities within the Pharmacy Solutions business unit by:

  • Assessing Pharmacy Solutions systems compliance with HIPAA controls and oversee strategic and technical improvements
  • Developing the InfoSec. Architecture & strategy for Pharmacy Solutions in accordance with AbbVie Global InfoSec Strategy with a roadmap and priorities for InfoSec. initiatives
  • Promoting training and awareness of IS and risk management throughout the Pharmacy Solutions business unit
  • Assess the technical and procedural security controls to determine gaps, identify a strategy to mitigate those gaps, and oversee or implement corrective action
  • Prioritizing and delegating risk assessment activities and ensuring that action items are carried out in a timely and effective manner
  • Designing, implementing, and supporting business unit specific security technologies and processes
  • Liaise with business unit Senior Management in times of an Information Security response action (crisis response)
  • Advise Pharmacy Solutions IT Leadership of changes in the technical, legal, and regulatory arenas impacting Information Security


Experience Requirements:

  • 5-8 years IT experience in a combination of IT roles encompassing application, platform, and/or network technologies
  • 3-5 years of direct Information Security experience involving design, implementation, management, and/or auditing of IT systems within an enterprise environment
  • 1-2 Years of experience in a regulated environment (e.g. Pharmaceutical, Financial/Insurance, HealthCare)
  • Experience with Information Security for HIPAA covered entities is preferred.
  • Knowledge, including respective experience, of audit preparation, execution, and response related to PCI, SOX, HIPAA, SSAE16, and/or HITECH.

Desired Skills

  • Thorough understanding of application, platform, and network security concepts
  • CISM, CISSP, or equivalent certification (active in past 3 years)
  • Fundamental understanding of Pharmaceutical business
  • Training and/or certification focused on HIPAA or HITECH compliance
  • • Ability to explain Security concepts in simple terms to business
  • • Proven relationship management and influencing skills for both technical and non-technical audiences
  • • Program Management capabilities (e.g. Service Delivery, Budget, Performance Management)

Equal Opportunity Employer Minorities/Women/Veterans/Disabled