Head of Security Architecture, Engineering, and Delivery
United States - California - Foster CityUnited States - North Carolina - Raleigh
Gilead Sciences, Inc. is a research-based bio-pharmaceutical company that discovers, develops and commercializes innovative medicines in areas of unmet medical need. With each new discovery and investigational drug candidate, we seek to improve the care of patients living with life-threatening diseases around the world. Gilead’s therapeutic areas of focus include HIV/AIDS, liver diseases, cancer and inflammation, and serious respiratory and cardiovascular conditions.Making an impact on a global scale
Inclusion is one of the company’s five core values. That’s because we know that we are stronger and more innovative at Gilead when we are informed by a diverse set of backgrounds, experiences and points of view. Gilead Sciences is a biopharmaceutical company that discovers, develops and commercializes innovative therapeutics in areas of unmet medical need. The company's mission is to advance the care of patients suffering from life-threatening diseases worldwide.
When you join Gilead, you join our mission to change the world by enabling people to live healthier and more fulfilling lives. Come join a mission-driven bio-pharmaceutical organization that values inclusion and diversity, has a strong portfolio of products, and is constantly #CreatingPossibleFor Current Gilead Employees and Contractors:
Please log onto your Internal Career Site
to apply for this job.Job Description
Gilead Sciences, Inc. is a research-based biopharmaceutical company founded in 1987. Together we deliver life-saving therapies to patients in need. With the commitment and drive you bring to the workplace every day, you will be part of a team that is changing the world and helping millions of people live healthier, more fulfilling lives. Our worldwide staff is a close community where you can see the tangible results of your contributions, where every individual matters, and everyone has a chance to enhance their skills through ongoing development. Our scientific focus has resulted in marketed products that are benefiting hundreds of thousands of people, a pipeline of late-stage drug candidates, and unmatched patient access programs to ensure medications are available to those who could otherwise not afford them. By joining Gilead, you will further our mission to address unmet medical needs and improve life by advancing the care of patients with life-threatening diseases.Specific Responsibilities & Skills
The Head of Security Architecture, Engineering, and Delivery will report directly to the Chief Information Security Officer (CISO) and will manage, supervise, and govern the Security Architecture, Engineering, and Project delivery team responsible for delivering and enhancing security solutions and capabilities to protect Gilead from growing cyber threats. This position will carry the role of Deputy CISO and is a key member of the Security Risk and Compliance (SRC) team and will work closely with various IT teams (eg: Security Operations, Data Privacy, Risk, Data Privacy, QA, IT Infrastructure, Network, and Business IT). They will provide expertise on Information Security policies and standards, technology solutions, security and regulatory compliance, project management, managed services management, and SDLC. The person in this position will be required to understand all information security domains, interpret and communicate information security requirements as defined by company policy. This position requires the person to work with ambiguous requirements and be able to work through them to help the business while keeping the risk to the organization at an acceptable level. This position, in the capacity of Deputy CISO, will be expected to represent the CISO in certain situations, and be able to liaise with the business in the CISO's place when needed.The Head of Security Architecture, Engineering, and Delivery should have skills that include:
ESSENTIAL JOB FUNCTIONS:
- Domain Expertise: Expert level knowledge of Cyber Security capability areas, including Risk assessment and management, Identity and Access Management, Endpoint Security, Network Security, Platform Security, and application security. Able to function as a Deputy CISO.
- Strategic mindset with the ability to execute - Defines and delivers against security strategy to protect Gilead, implements automation, and drives for operational efficiencies.
- Delivers on Technology Strategy - Sees Security as a key requirement to support business operations, and understands the value of scalable and efficient technical solutions that provide visibility to threats, allows team the ability to quickly respond to and block threats, with low operational overhead and technical debt.
- Business Partnership - Serves as a trusted advisor to leaders within Business functions and IT, and supports their mission. Partners with senior IT Security leadership to create technology strategies that support the objectives of their functions. Understands the value drivers of the Business and ensures IT Security solutions take into account the balance between Security and User experience. Strong ability to partner with Managed Service providers and manage them to agreed upon outcomes.
- Financial Stewardship: Plays a thorough role in managing and containing Project delivery costs, along with partnering with the Security Operations lead to ensure ongoing cost is well understood and managed.
- Leadership: Proven ability to build, develop, and lead teams and rally organization around the vision
General responsibilities for this position will include (but are not limited to) the following:
- Manage team to develop, update & maintain information security standards and reference architecture.
- Lead and manage the Security Engineering team to deliver on Security capabilities
- Lead and manage the Security Project Delivery team, including Program and Project managers, Business analysts, and technical delivery engineers
- Present the Security Investment portfolio to IT and business leaders, and communicate the value of the security investment.
- Lead and manage our Managed Service Provider solution delivery team to deliver on Security sustainment and investment projects.
- Support Merger & Acquisition related activities
- Ensure IT activities, processes, and procedures meet defined requirements, policies and regulations
- Work with Internal Audit, Project Managers, System Managers and Engineers - Track project findings, identify and resolve issues, analyze evidence, communicate with stakeholders, and facilitate the completion of cybersecurity related projects
- Participate in other activities relating to information security or other functional areas as assigned
- Bachelor of Science degree in management information systems, computer science, engineering or another IT-related major is required
- Information security related certifications such as CISSP, CRISC, CCSP, GIAC, etc
KNOWLEDGE AND SKILLS
- 16+ years of relevant experience or 14+ years within Masters or PhD
- 12+ years of cybersecurity professional experience, risk management, and governance practice
- A minimum of 8-10 years of leadership responsibilities
- Strong understanding of a wide variety of cybersecurity technologies relating to the following security domains: Audit and Monitoring, Risk Response & Recovery, SIEM, vulnerability management, Cryptography, Data Communications, Computer Operations Security, Telecommunications & Network Security, Security Architecture & Models, cloud security, Multi-Factor Authentication, Passwordless Authentication, Digital Rights Management, PKI,
- Strong understanding of NIST cyber security framework, and MITRE attack matrix
- Strong knowledge of IT Security and Privacy concepts and controls
- Knowledge of information security risk management frameworks and compliance practices
- Knowledge of securing network technologies, client, and server operating systems
- Strong knowledge of Secure Software Development Lifecycle (SDLC) processes and methodologies
- Ability to develop security standards and guidelines based on best practices and industry standards
- Excellent interpersonal, communication, and presentation skills, including formal report writing experience
- Understanding of common security standards and healthcare related regulations and data privacy
- Ability to assess complex multi-location projects as well as identify and recommend appropriate corrective measures to resolve security and privacy related issues
- Strong customer service orientation and the ability to project that attitude to customers in remote locations
- Ability to manage multiple prioritized tasks effectively
- Strong organization and time management skills
- Works independently and works well in a team collaborative environment
- Skills in documenting risk and compliance activities
- Previous work experience in a Biopharma organization is a plus
- Previous work experience in a cloud centric environment is a plus
For jobs in the United States:
As an equal opportunity employer, Gilead Sciences Inc. is committed to a diverse workforce. Employment decisions regarding recruitment and selection will be made without discrimination based on race, color, religion, national origin, gender, age, sexual orientation, physical or mental disability, genetic information or characteristic, gender identity and expression, veteran status, or other non-job related characteristics or other prohibited grounds specified in applicable federal, state and local laws. In order to ensure reasonable accommodation for individuals protected by Section 503 of the Rehabilitation Act of 1973, the Vietnam Era Veterans' Readjustment Act of 1974, and Title I of the Americans with Disabilities Act of 1990, applicants who require accommodation in the job application process may contact email@example.com
for assistance.Following extensive monitoring, research, consideration of business implications and advice from internal and external experts, Gilead has made the decision to require all U.S., Canada, Australia, Singapore, and Hong Kong employees and contractors to receive the COVID-19 vaccines as a condition of employment. “Full vaccination” is defined as two weeks after both doses of a two-dose vaccine or two weeks since a single-dose vaccine has been administered. Anyone unable to be vaccinated, either because of a sincerely held religious belief or a medical condition or disability that prevents them from being vaccinated, can request a reasonable accommodation.
For more information about equal employment opportunity protections, please view the 'Know Your Rights'
poster.NOTICE: EMPLOYEE POLYGRAPH PROTECTION ACTYOUR RIGHTS UNDER THE FAMILY AND MEDICAL LEAVE ACTPAY TRANSPARENCY NONDISCRIMINATION PROVISION
Our environment respects individual differences and recognizes each employee as an integral member of our company. Our workforce reflects these values and celebrates the individuals who make up our growing team.
Gilead provides a work environment free of harassment and prohibited conduct. We promote and support individual differences and diversity of thoughts and opinion.
For Current Gilead Employees and Contractors:
Please log onto your Internal Career Site
to apply for this job.