Senior Manager, IT Security and Governance

San Francisco, CA
Jun 25, 2019
Biotech Bay
Required Education
Bachelors Degree
Position Type
Full time

Position Summary:

The Sr. Manager, IT Security and Governance will provide vision, strategy, and broad-based planning to the IT function. Under the guidance of the VP, IT, this position will be an advocate for GBT's total information security needs and is responsible for the development and delivery of a comprehensive risk-based information security strategy to optimize the security posture of the company.

Essential Duties and Responsibilities:
  • In partnership with the VP, IT, develop, maintain and oversee a company wide information security program and ensure understanding of and commitment to the program within GBT.
  • Develop, maintain and oversee information security policies, procedures and control techniques to address all applicable requirements.
  • Define, identify and classify critical information assets, assess threats and vulnerabilities regarding those assets and implement safeguard recommendations.
  • Collaborate with the VP, IT on a strategy for building management support and ownership for IT security.
  • Will train and oversee personnel with significant responsibilities for information security to ensure that our technology is aligned with that strategy, and that owners understand their roles and responsibilities with respect to keeping our systems secure.
  • Assist senior management on cybersecurity matters related to GBT.
  • Oversee the establishment and maintenance of a security operation that strives for automated and continuous monitoring in the detection; containment and mitigation of incidents.
  • Develop and maintain metrics and other data which will be reported, at least annually, to senior management and the Board of Directors on the effectiveness of the company information security program including information derived from automated and continuous monitoring, including threat assessments, and progress on actions to remediate threats.
  • In partnership with the VP, IT, Legal Compliance, and other key stakeholders, ensure that GBT complies with existing laws and regulations as it relates to Cyber Security (e.g. GDPR, SOX, HIPAA, PCI-DSS, US and Other International Privacy Laws, etc.).
  • In coordination with the senior management, create and implement a cyber security risk management framework to ensure the appropriate application of controls based on risk. Consult with business owners regarding their information security risks and responsibility in minimizing those risks.
  • Coordinate with the appropriate entities in any lawful compliance reviews or investigations related to the cyber security of in-scope (patient, customer, etc.) information; In coordination with the senior management and incident response teams oversee incident response planning as well as the investigation of security breaches and assist with disciplinary and legal matters associated with such breaches as necessary.
  • Oversee vendor work quality and productivity while managing vendor relationships and contracting.
  • Develop processes and metrics to assess vendor's quality and effectiveness
  • Leads and manages the IT Cyber Security function including vendors, budget, and project portfolio. Manages the development and implementation of Information Security Program to ensure the ongoing practice of security as a process within the organization.
  • Works closely with IT and the Business as a subject matter expert in information security technology and practices. Presents to senior leadership on security topics and activity and develops partnership across multiple IT disciplines and work with other stakeholders on strategic technology issues.
  • Formulates organization's IT cyber security strategies and determines technology and process requirements to implement such strategies. Assesses IT environment against industry best practices and benchmarks to determine the weaknesses and vulnerabilities of the information security infrastructure, implementing security measures to decrease exposure to attack and/or penetration
  • Understands the criticality of business processes with reference to organization's policies and processes. Conducts security risk assessments to proactively identify and minimize the probability of risk occurrences.

  • BA/BS in computer science, management information systems, or an equivalent combination of education and experience that demonstrates analytical skills, problem solving, initiative, judgment, decision making and writing ability
  • A minimum of eight (8) years of progressively increasing responsibility and achievement in Information Technology
  • Experience in information security matters (policy, architecture, technology, etc.), including demonstrated experience with developing and administering an information security program would be beneficial.
  • Specific experience in the pharmaceutical and/or health care industry with specific FDA regulatory compliance experience is desirable.
  • CISSP or other industry recognized security certification (such as CISM, GIAC and CISA) would be an asset.
  • Knowledge and working experience with vulnerability assessment, penetration testing, incident response, industry security standards and practices, web application security, security audit/review processes and applying corporate and federally mandated policies.
  • Demonstrated ability to be a respected information security advisor to senior management, as well as to IT operations, operating groups, technical staff, and project management, and the skills to interface across several functions to proactively assist in defining solutions, direction, specifications and architectural principles.
  • In-depth, up-to-date and broad knowledge of the Information Technology Security field is required, including all major communications and computing technologies and trends, including significant domestic and international exposure.
  • Experience managing projects in a team-oriented cross-organizational environment. This level of experience to have been gained by several years of increasing levels of project responsibilities and accomplishments in several areas of information systems organizations.
  • Ability to effectively prioritize and execute tasks in a high-pressure environment.
  • Excellent written, oral, and interpersonal communication skills

Fit with GBT culture:
  • Ability to build strong relationships with co-workers of various backgrounds and expertise
  • Ability to function at a high level in a team setting whether leading the group or acting as an individual contributor
  • Values-based leadership consistent with GBT's Core Values
  • Excitement about the vision and mission of GBT
  • Flexibility
  • Integrity

NOTE: This position summary is not intended to be all-inclusive. Employee may perform other related duties as negotiated to meet the ongoing needs of the organization.

Global Blood Therapeutics is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status, or any other characteristic protected by law.