Director, Information Security & Risk Management

Overview

Ready to join a team committed to developing and commercializing gene therapies for patients and families devastated by rare neurological genetic diseases? AveXis is advancing cutting-edge science, starting with our proprietary gene therapy for the treatment of spinal muscular atrophy (SMA). We are in the midst of an incredible journey and are looking for passionate individuals to join us on this important mission.

AveXis, a Novartis company, is dedicated to developing and commercializing novel treatments for patients suffering from rare and life-threatening neurological genetic diseases. Our initial product is a proprietary gene therapy approved by the US Food and Drug Administration for the treatment of pediatric patients with SMA. In addition to developing a treatment for SMA, AveXis also plans to develop other novel treatments for rare neurological diseases, including Rett syndrome and a genetic form of amyotrophic lateral sclerosis caused by mutations in the superoxide dismutase 1 (SOD1) gene.

AveXis is seeking a Director, Information Security & Risk Management (IS&RM) to manage all aspects of IT Risk Management and Compliance, IT Security, IT QA and Record Management.

Responsibilities

• Leads the IS&RM function, including personnel and budgetary responsibilities.
• Advises and guides AveXis on information security, IT compliance and information risk management matters.
• Ensures that IS&RM's role, accountability and responsibility are known and understood, establishes clear accountability of the "first layer of defense" with IT and business.
• Systematically drives and monitors the implementation of the IS&RM Policy Framework, related methodology, standards, services and tools at AveXis, in close alignment with Novartis.
• Establishes a culture of accountability, collaboration, courage and continuous improvement.
• Ensures effective communication and partnership with stakeholders and their functions, including country organizations.
• Ensures that IS&RM contributes to full compliance with applicable regulations, such as SOX, GxP/Computer System Validation.
• Interacts with external subject matter experts to identify industry trends, evaluate their applicability to AveXis, and provide recommendations to management.

Qualifications

• University degree in business/technical/scientific area, or comparable education/experience.
• At least 5 years of leadership experience in information technology risk management, compliance and / or information security roles.
• Excellent understanding of regulated industries and relevant regulations/compliance requirements (e.g. SOX, FDA, GQO, ISEC, Records Management, Privacy, Legal Hold, eDiscovery, Disaster Recovery), preferably life sciences.
• Knowledge of technology trends and developments in the area of information security and risk management.
• Demonstrated leadership skills with the ability to manage in a matrix organization.
• Strong stakeholder management skills at C-level, including non-technical audience.
• Excellent written and verbal communication skills; interpersonal and collaborative skills with technical and nontechnical audiences.
• High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity.
• High degree of initiative, dependability and ability to work with little supervision.
• Experience with SOX IT and GxP / CSV / e-compliance requirements in an IT context preferred.
• Understanding of general privacy requirements in an IT context preferred.
• Professional information security certification, such as CISSP, CISM or ISO 27001 auditor / practitioner preferred.
• Professional (information system) risk or audit certification such as CIA, CISA or CRISC preferred.

The level of this position will be based on the final candidate's qualifications.

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

AveXis is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity, national origin, genetics, disability, age, sexual orientation or veteran status.

#LI-AM1