Specific Responsibilities: The IT Security Analyst is responsible for developing security policy, procedure and providing general IT security services, advisory and audit support in all Gilead sites and region. The individual in this role will be part of the IT Security and Privacy team within Information Technology and work with various cross functional teams within Gilead to support all the Security Policy and Governance activities.
Essential Duties and Job Functions: Develops, maintains, publishes and enforces corporate information security policies, standards and guidelines encompassing data and intellectual property
Deliver general security awareness training to new hires, including acceptable use policy, password policy, data protection, remote access and desktop security procedures.
Support general IT security and privacy management activities by performing risk assessments, identifying appropriate countermeasures and facilitating acceptance of residual risk
Develops and implements standards for application security.
Makes recommendations for the adoption of new procedures and technologies as required.
Partner with Information Technology and Quality Assurance staff within the region to assess and address identified compliance gaps in applications and processes
Provide support for internal and external (e.g., health authorities) audits at Gilead locations across North America
Performs application security assessments and penetration testing
Work with endpoint, network, servers and storage platform owners to monitor and improve procedures governing patching and vulnerability management.
Facilitate the periodic maintenance and updates of system operations and maintenance documents, IT Security standards, policies and procedures
Identify and propose areas for IT security controls and process improvements.
Knowledge, Experience and Skills: Experience with multiple areas of IT security and Risk Management standards; e.g., ISO 27002, NIST-30; Is able to apply technical expertise across business or functional areas
Demonstrated experience with the specification, design and implementation of technical and procedural security controls for the protection of confidentiality, integrity and availability, e.g., physical and logical access controls, data protection, operational change and configuration management
Experience working in a regulated environment with knowledge of current Good Manufacturing Practices (cGMP), 21 CFR Part 11, EU GMP Annex 11 and Computer System Validation (CSV)
Experience with implementation of security policy, exception, risk management and control framework.
Working knowledge of IT processes (i.e., ITIL) including incident, problem, defect, change and release management
Definition of information security management system consisting of policies, controls and processes compliant to ISO 27001
Support to departments and projects for implementation of information security management system
Conduct information security training
An in depth understanding of information security, security policies, account security policies and standards for logical and physical security implementations.
A good understanding of the information security control measures as defined in ISO-27001, COBIT, and NIST.
The ability to perform, manage and run information security audits.
Prior working experience in a Pharmaceutical company is a big plus
Highly organized, results-oriented and attentive to details
Self-motivated, proactive, independent and responsive - requires little supervisory attention
Excellent verbal and written communication, presentation, facilitation and diplomacy skills
High level of personal integrity consistent with Gilead's core values
Performs other duties as assigned.
EDUCATION & CERTIFICATION
6+ years of relevant experience
Bachelor of Science degree in management information systems, computer science, engineering or other IT-related major is required
CISSP or CISM certification or other related security certification is highly desired
Functional Area: IT
Position Type: Regular