Director of Governance, Risk, Compliance, Insider Threat, and CSV Programs (remote/virtual)

Those who join Emergent BioSolutions feel a sense of ownership about their future. You will excel in an environment characterized by respect, innovation and growth opportunities. Here, you will join passionate professionals who advance their scientific, technical and professional skills to develop products designed-to protect life.

Job Summary

The Director of Governance, Risk, Compliance, Insider Threat, and CSV Programs is the process owner of all Emergent IT Computer System Validation, Vendor Risk Management, Insider Threat, Security Awareness & Training, and Policy & Maintenance Programs administration. S/He will provide thought leadership, direct, evangelize, and oversee the development of the programs’ roadmap and creation of and reporting on metrics for roadmap milestones, including the implementation of controls, development of metrics, and planning, driving, and ensuring completion of key activities within these programs. In addition, s/he will assure policy compliance with company, industry, and regulatory requirements and audits (including Sarbanes-Oxley, FISMA, CMMC, and 21Part11/GxP Computer Systems Validations.  This position will manage a team of security analysts, providing leadership and mentorship.

This is a remote/virtual position. 

Essential Functions

Reasonable accommodations will be made to enable individuals with disabilities to perform the essential functions.

Governance, Risk, and Compliance

• Lead and implement controls to internally assess, evaluate and make recommendations to senior management regarding the adequacy of the security controls for the organization’s information and technology systems
• Partner with Technology leaders to facilitate compliance of security controls with Emergent information systems regarding Personally Identifiable Information (PII), FDA, FISMA, and other applicable regulatory and contractual requirements, ensuring effective security operations of Emergent systems, networks, business partner agreements, and interconnections
• Coordinate and track all information technology and security related audits including scope of audits, business units involved, timelines, and outcomes
• Liaise with Internal Audit, maintaining excellent relationships and provide transparency of Information Systems and Security programs

Insider Threat

• Provide leadership and work in partnership with physical security and other cross-functional teams in establishing the Emergent Insider Threat Program
• Lead, develop, and maintain Insider Threat performance measures, determining appropriate metrics, methodologies, tools, and procedures
• Provide thought leadership to identify issues, develop alternatives, provide recommendations, and implement decisions on an ongoing basis for critical program issues

Security Awareness & Training

• Provide overall leadership for our security awareness and education program
• Lead, develop, implement, and launch efforts to reduce risk to our organization by ensuring all employees, staff and contractors know, understand, and follow our security requirements and behave in a secure manner
• Lead the identification of the top human risks to our organization and the behaviors we need to change to mitigate those risks
• Structure and maintain this program to be long term, so ultimately, we are not changing just behaviors but culture.
• Create a metrics framework that can effectively measure these requirements

IT Enterprise System Validation

• Lead the development of system requirements and specifications to ensure requirements that are testable, and 21 CFR Part 11 requirements are met
• Lead and mentor the implementation teams in the proper execution of validation documents
• Lead the development of CFR Part 11 computer systems validation plans, qualifications test protocols, traceability matrices, reports, IQ/OQ protocols and all documents, and deliverables within the scope of the validation plan
• Direct, develop, implement, and maintain test plans, test scripts and user acceptance tests and manage the execution of test plans

IT Policy & Maintenance

• Lead the development and implementation of effective and reasonable policies and practices to secure sensitive data and ensure security and compliance with contracts, regulatory requirements, and industry standards
• Provide thought leadership, develop, implement, and assure successful implementation of security policies, standards and plans to ensure the protection of corporate data against unauthorized use, access, modification, and destruction
• Monitor compliance with information security policies and procedures
• Direct and implement effective dashboard to monitor compliance with information security policies and procedure

The above statements are intended to describe the nature of work performed by those in this job and are not an exhaustive list of all duties. Nothing in this job description restricts managements right to assign or reassign duties and responsibilities to this job at any time which reflects management’s assignment of essential functions. 

Education, Experience, & Skills

Education:

• Bachelor’s degree required. 
• Bachelor’s degree in Business or Information Systems preferred.

Experience:

• At least 10 years of experience in the security field.
• At least 4 years of experience managing a security governance team.
• Preferred, at least 2 years operating in a GxP environment or with GxP Computer System Validation requirements

Knowledge:

• Must understand SOX, FISMA, CMM (Capability Maturity Model), CMMC (Cybersecurity Maturity Model Certification), and SSAE 18 SOC reports.  

Skills:

• Must have written and managed updates to security policies and procedures.
• Must have directly managed a team or teams of security personnel.

Abilities:

• Demonstrated ability to own and manage security governance functions.
• Demonstrated ability to manage third party assessments

Per CDC guidelines, Emergent strongly recommends that all employees working on site are vaccinated to help ensure their safety, as well as the safety of fellow employees. This includes the use of good judgment when determining when the CDC guidelines advise that you stay home when ill. 

There are physical/mental demands and work environment characteristics that must be met by an individual to successfully perform the essential functions of the job. This information is available upon request from the candidate.

Reasonable accommodations may be made to enable individuals with disabilities to perform all essential functions.
 

Emergent BioSolutions is an Equal Opportunity/Affirmative Action Employer and values the diversity of our workforce.  Emergent does not discriminate on the basis of race, color, creed, religion, sex or gender (including pregnancy, childbirth, and related medical conditions), gender identity or gender expression (including transgender status), sexual orientation, age, national origin, ancestry, citizenship status, marital status, physical or mental disability, military service or veteran status, genetic information or any other characteristics protected by applicable federal, state or local law.
 

Information submitted will be used by Emergent BioSolutions for activities related to your prospective employment. Emergent BioSolutions respects your privacy and any use of the information submitted will be subject to the terms of our Privacy Policy .
 

Emergent BioSolutions does not accept non-solicited resumes or candidate submittals from search/recruiting agencies not already on Emergent BioSolutions’ approved agency list. Unsolicited resumes or candidate information submitted to Emergent BioSolutions by search/recruiting agencies not already on Emergent BioSolutions’ approved agency list shall become the property of Emergent BioSolutions and if the candidate is subsequently hired by Emergent BioSolutions, Emergent BioSolutions shall not owe any fee to the submitting agency.