Senior Director of Cybersecurity, Risk and Compliance - Innovative Gene Therapy Start Up
Reporting To: Vice President, Global IT
Location: Boston, Ma
Orchard Therapeutics, Ltd. is a biotechnology company incorporated in September 2015 and dedicated to bringing transformative gene therapies to patients with serious and life-threatening rare diseases. This an exciting opportunity for a well-qualified candidate to join a rapidly growing international company focused on transforming the lives of patients through innovative gene therapies.
The Senior Director of Cybersecurity, Risk and Compliance is a business/technology executive who will be responsible for providing leadership in establishing a comprehensive global Risk, Information Security and Data Privacy program and ensuring global compliance adherence for all technology initiatives. This includes policy creation, education, training, incident response, risk assessment, customer contract reviews, incident prevention, detection and forensics.The candidate for this role must be comfortable working in a fast-paced environment, developing a strategy for Orchard and the organization and a roadmap to achieve strategic security and compliance goals. They must also be comfortable working with ambiguity, have a proven track record of hiring, developing and growing technical talent, strong executive presence and demonstrate outstanding communication skills – specifically, have the ability to translate technical vision, roadmaps and decisions into a clear, inspiring story that enables the organization to quickly align and drive results. The ability to lead from the front, be a strong leader-teacher and collaborate at all levels at Orchard with credibility are all critical to this role. The Senior Director of Cybersecurity will work amongst a team of expert technical professionals as they guide the organization into uncharted technical territory that is very dynamic, complex, ambiguous and also involves partnering with organizations and leaders across Orchard. This leader will model strong business partnering skills, leadership presence and organizational maturity.
- Security Strategy – Develop and execute an enterprise security strategy and roadmap that mitigates risk through the right balance of security measures and operational flexibility.
- Standards and Guidelines – Establish policies, procedures, standards and guidelines that enable Orchard’s security strategy.
- Threat Assessment and Scenario Planning – Identify security vulnerabilities and risks associated with Orchard’s operations, including partnering with business units to build threat assessment into the product design and development processes.
- Advanced Detection and Containment – Build an industry leading detection and containment capability that will identify and mitigate sophisticated cyber-attacks against Orchard.
- Ongoing Security Operations – Ensure operational procedures enforcing security are effective and optimal, including assessing and testing for vulnerabilities.
- Incident Response – Respond to and resolve security exposures and incidents.
- Security Engineering – Work directly the business units and internal IA functions to ensure that the right security capabilities are built into offerings, enterprise processes and tools through reusable technology (services-oriented architecture). Oversee the evaluation, selection and implementation of information security tools.
- Integrity of Critical Business Operations – Participate in the formation and execution of business continuity planning, and drive disaster recovery planning and execution across multiple business and geographic sites.
- Security Compliance and Audits – Manager internal and external assessments of security, disaster recovery and compliance (certification and accreditation) for PCI DSS, Sarbanes Oxley, and ISO 900x.
- Education and Training – Provide security awareness training, information and education to employees, partners and customers.
- Cloud Security – Develop and operate optimal security processes, tools and consulting services for hosting secure applications in the cloud.
- Third Party Management – Participate in the development, implementation and ongoing compliance monitoring of information privacy requirements and responsibilities in vendor contracts and agreements.
- Security Metrics and Reporting – Develop and maintain a program that informs business unit and functional group leadership of the top security risks and overall security health of their organizations.
- Sales and Customer interaction – including pre-Sales support, customer contract review, RFP response, and customer audit facilitation
- Understanding of security and privacy regulations and standards is desirable.
- Understanding of core information security functions (e.g., strategy, operations, assessments incident response, investigations, consulting, and compliance) is desirable.
- Demonstrated implementation and leadership of compliance programs for regulatory adherence, including but not limited to: GDPR, PCI DSS, Sarbanes Oxley, ISO 900x, AABB, 21CFR11.
- Demonstrated experience dealing with the security challenges and issues confronting a large, geographically distributed, departmentally diverse, global, public-facing organization.
- CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager) or other security certification/accreditation is desirable.
EDUCATION & SKILL REQUIREMENTS:
- Bachelor’s degree in Computer Science, Information Technology, Business Administration or related field. Advanced degree highly preferred
- Proven, solid management experience and track record building strong teams and developing leadership excellence at all levels.
- Solid experience in a pharmaceutical, CRO or ERP environment required
- Solid experience of overall program management experience to include given years of experience as an executive, leading very large mission critical programs that involve significant business and technology change
- Solid experience in leading and influencing teams in a matrix management environment
- Ability to be an effective leader in a fast-paced pressure environment and an ability to be highly adaptive.
- Effective oral, written and interpersonal communication skills. Strong listening and presentation skills necessary to effectively communicate, understand, and influence a wide range of audiences
- Well-developed change management skills. Effective in working across organizational boundaries to build a case for change, and to execute on the change plan – from strategy through ongoing operation and process improvement.
- Effective in building company-wide relationships with senior technical, functional and business leaders to set long-term strategies and to assess and act on short-term compliance objectives and needs.
- Experienced in and able to formulate the cost benefit of security initiatives in the context of overall business risk mitigation and the company’s operational objectives. Ability to compare, contrast and prioritize among alternative approaches to meet those objectives.
The successful candidate will enjoy a competitive base salary and the opportunity to participate in incentive compensation programs, including a stock option plans. Orchard Therapeutics, Ltd. offers a comprehensive benefits program, including: medical, dental and vision care; paid vacation and holiday time; access to a voluntary 401(k). Orchard Therapeutics is an equal opportunity employer.
Notice to All Applicants: Orchard Therapeutics participates in E-Verify
Notice to RECRUITERS: All employment offers and CV’s are managed through our Human Resources Department and all candidates are presented through this avenue. Therefore, the Human Resources Department at Orchard Therapeutics requests that recruiters are not to contact Orchard Therapeutics employees directly to present candidates. Complying with this request will be a factor in determining future professional relationships with Orchard Therapeutics. Orchard Therapeutics will not accept unsolicited resumes from any source other than directly from candidates for either current or future positions. Submission of unsolicited resumes in advance of an agreement between the Human Resources Department and the recruiter does not create any implied obligation on the part of Orchard Therapeutics.