Job Title: Information Security Manager / Architect
Job Description: *Update from the manager* Client asked for a security engineer: Hands on candidates -------------------------------------------------------- The Information Security Manager/Architect role is tasked with supporting the implementation and execution of the Medivation IT GRC program, with an emphasis on Information Security Engineering & Operational activities. The role will report to the head of Information Security and is part of the Medivation team accountable for Information Security, Information Risk Management, and IT Compliance. The ideal candidate will have exposure to both small and large organizations and experience in regulated environments, such as health care or financial services; pharmaceutical or biotech experience is a significant plus. *Essential duties and responsibilities include but are not limited to the following:* *Information Technology Governance, Risk Management, and Compliance (20%)* ? Participate in the design and implementation of a new information security control catalog. ? Lead the joint effort to define and update configuration standards for key technology platforms. ? Execute risk assessments for internal changes, as part of SDLC and Change Management processes, and third-party vendors, document findings, and communicate findings to internal and external stakeholders. ? Participate in the design and implementation of the Medivation Business Contingency Management program. ? Design and implement processes and technology solutions to assess, monitor, and enforce compliance with internal and regulatory requirements, such as GxP, SOX, and others. ? Interface with external partners, customers, and other 3rd-parties for matters involving information security and information risk management. *Information Security Engineering & Architecture (30%)* ? Define a cohesive information security tools architecture that emphasizes integration, proper implementation and configuration of tools, and balance in-sourcing and outsourcing options. ? Evaluate information security requirements for planned initiatives and/or changes in the Medivation technology environment as part of the SDLC and Change Management processes. ? Define configuration standards and configure information security tools, both in-sourced and outsourced, inclusive of event management and monitoring. ? Provide information security consulting services to internal users, both within and outside of the IT department. *Information Security Operations (30%)* ? Oversee the day to day administration and management of information security tools, both in-sourced and outsourced, as well as third-party/managed security service providers; ? Oversee threat and vulnerability management processes, inclusive of vulnerability scanning, remediation efforts, notifications, etc. ? Review system events and incidents on a daily basis. ? Lead investigation of potential incidents. ? Lead incident response processes as the incident coordinator. ? Serve as the primary point of contact for information security operational matters, 24x7x365. ? Provide 3rd level support for information security tools and operational processes. *Compliance (20%)* ? Support IT compliance activities for GxP and SOX. ? Produce and gather evidence as required. ? Monitor and enforce compliance with Medivation policies and control requirements. Key Skills: *Requirements:* ? 8 years’ experience in Information Security/Risk Management, ideally in a mix of consulting and industry roles a publicly traded company. ? Strong technical knowledge of technology platforms, inclusive of systems, network devices, and security solutions. Hands-on experience with Windows OS, Linux, Cisco iOS/NX-OS, relational databases, and other core enterprise technologies. ? Information Security expertise in application and infrastructure security architecture, design, and engineering using technologies, solutions, or frameworks inclusive of OWASP, SAML, firewalls, SSO, IDM, data encryption & enterprise key management, PKI, IDS/IPS, malware management, web content management, SEM, etc. ? Excellent understanding of software development lifecycle models, as well as the approach and options for implementing a Secure Development Lifecycle (SDL). ? Hands-on experience with industry common information technology control frameworks, particularly HITRUST, NIST 800 series, Cloud Security Alliance, and ISO 27001/2. ? Working knowledge of leading information risk management framework, inclusive of Octave, NIST RMF, and ISO/IEC 27005. ? Good understanding of key regulatory requirements for public biotechnology/pharma organizations, such as 21 CFR Part 11, SOX, and HIPAA/HITECH. ? Strong quantitative and analytical abilities. ? Excellent writing/documentation skills. ? Fluent with one or more Windows scripting languages (e.g. Powershell, VB, WMI, ADSI). ? Excellent understanding/working knowledge of private and public cloud IaaS solutions. ? Network design and management; hands-on knowledge of OSI Model & TCP/IP stack and Cisco iOS. ? Proven analytical and problem-solving abilities. ? Ability to effectively prioritize and execute tasks in a high-pressure environment. ? Good written, oral, and interpersonal communication skills. ? Ability to present ideas in business-friendly and user-friendly language. ? Highly self-motivated and directed. ? Keen attention to detail. ? Team-oriented and skilled in working within a collaborative environment. ? PC literacy required; MSOffice skills (Outlook, Word, Excel, PowerPoint). *Education:* ? College diploma or university degree in the field of computer science and/or 8 years equivalent work experience. ? *One or more of the following certifications:* ? ? CISSP ? GIAC Information Security Professional ? CISM ? CISA Job Location: San Jose, CA S, 95101 *Client : Medication * *Thanks & Best Regards,* *G. ANIL KUMAR* *Senior IT Recruiter* *Paradigm Infotech Inc. Phone: 302-357-9154* *Out Look id : recruite...@paradigminfotech.com <recruite...@paradigminfotech.com>* *Gtalk-id: anil.paradigminfot...@gmail.com <anil.paradigminfot...@gmail.com> * *Yahoomessagner-id: anil.paradigminfot...@yahoo.com <anil.paradigminfot...@yahoo.com> * *Linked in: www.linkedin.com/pub/anilkumar-gedda/9b/186/b23/ <http://www.linkedin.com/pub/anilkumar-gedda/9b/186/b23/>* *http://www.paradigminfotech.com/* <http://www.paradigminfotech.com/> -- You received this message because you are subscribed to the Google Groups "SAP BASIS" group. To unsubscribe from this group and stop receiving emails from it, send an email to sap-basis+unsubscr...@googlegroups.com. To post to this group, send email to sap-basis@googlegroups.com. Visit this group at http://groups.google.com/group/sap-basis. For more options, visit https://groups.google.com/d/optout.
