Associate Director, Security Operations and Technology Compliance

Boston, MA, United States
Jul 15, 2021
Required Education
Bachelors Degree
Position Type
Full time
Location: Boston, US

Reporting to: Senior Director; Cybersecurity, Risk, and Compliance


Job summary

Orchard's Information Technology team is responsible for managing and maintaining a global digital footprint that is strategic to Orchard's objective. We collaborate with teams throughout Orchard to ensure that they have the foundation and support needed to maintain highest levels of availability and integrity, as we scale and evolve to a commercial company.

This position will report to the Sr. Director, Cybersecurity, Risk, and Compliance and will work closely with partners across the organization, including IT, Quality\\CSV, Finance, Legal, and Human Resources. You will be exposed to every facet of Orchard's technology operation and beyond and have the opportunity be part of building a results driven technology security and compliance program.

Specifically, we are looking for a candidate with a well-rounded background in life science technology, systems administration, audit and compliance, and with prior experience implementing and managing security controls in modern SaaS-friendly environments.

You must be an effective communicator and problem solver who can collaborate with people both inside and outside the organization, including department heads, partners, auditors, and vendors.

In this role, the incumbent will perform reviews, assessments and audits, conducting research, and facilitating communication to internal and external stakeholders where necessary. The position will monitor, coordinate, and implement policies, standards, procedures, controls, and guidelines to support security, compliance, and audit requirements.

The position recommends business process improvements in the Orchard environment and technology program management function(s) and uses professional concepts in accordance with business best practices and objectives to solve a wide range of compliance challenges in creative and effective ways.

Key Elements and Responsibilities
  • This position serves as the primary operations lead for the execution of the Orchard the security and compliance toolset and subsequent reporting. This includes but is not limited to:
    • Manage Endpoint Detect and Response Platform
    • CASB administration, SaaS policy management and reporting
    • Unstructured Data policy management and reporting
    • Vulnerability Management operations and reporting
    • Developing and running phishing awareness campaigns and reporting
    • Mobile Device Management reporting and policy management
    • Email Security Platform reporting and rule oversite
    • Compliance Tool Management
    • Single-Sign On reporting and policy management
  • Manages compliance testing and monitoring of current and future regulatory obligations, and other regulatory matters as required. Serves as the primary technical compliance lead and business liaison for all Sarbanes Oxley, GDPR, 21CFR-Part11 and other cybersecurity initiatives.
  • Execute and maintaining plans related to crisis events/incident response and recommending courses of action to resolve noncompliance issues through active engagement.
  • This position will participate in vendor and third-party risk management reviews as well as conducts internal security risk assessments and security compliance audits.
  • Actively work to align on, construct and execute a technology compliance vision with a focus on business enablement.
  • Manage business partner expectations by negotiating the needs and expectations of the functional lines within the context of Orchard's larger security and compliance obligations.
  • Work on problems with conflicting facts where solutions may take extensive investigation to define. Handles multiple tasks and projects. Broad managerial direction is provided, and work is typically reviewed only at completion.
  • Collect, analyze, and prepare reports required for senior management, regulators, and other relevant stakeholders and drive the development for reporting on cybersecurity KPI's, dashboards, statistics and reports as/if required within the function.
  • Participate in writing user documentation and oversee the development of super users within the functional lines for compliant management of systems.
  • Working closely with IT leadership on continuous process improvement, ongoing maintenance and improvement of security and compliance control systems and reporting.


Required knowledge, Skills & Abilities
  • 10 years relevant Systems Administration and\\or Cybersecurity industry experience. History of implementing CIS and ISO 27001 security controls required.
  • 5 years in a pharmaceutical technology environment preferred.
  • Experience in security operation and compliance management across multiple platforms as compliance lead or related position.
  • Demonstrated knowledge working with an Active Directory, Windows Server Architecture, AWS, Middleware and network hardware and networking concepts.
  • Experience with Identity and Access Management (IAM), SAML, a plus.
  • Demonstrated experience managing security tools in both on-premises and cloud (IaaS, PaaS, SaaS) environments.
  • Training and/or experience in database management concepts.
  • Demonstrated business process improvement capabilities experience required.
  • Demonstrate experience with global regulatory and security risk frameworks (i.e., 21CFR11, SOX, HIPAA, PCI, SOC, GDPR).
  • Demonstrated creative "out of the box" thinking and comfortable in a result driven, fast paced environment.
  • Exhibits strong teaming skills, including facilitating group sessions and reaching consensus - is a constructive team player.
  • Excellent oral and written communication skills.
  • Strong analytical, problem solving, negotiation and organizational skills.
  • A track record of success in helping to solve significant security and compliance-related business problems.