Cybersecurity GRC Manager

Overview

On Site
Hybrid
60
Contract - W2
Contract - Independent
Contract - 12 Month(s)
10% Travel
Able to Provide Sponsorship

Skills

CISA
CISSP
CISM
Cyber Security
GxP
MVS
TLM
Supply Chain Management
SOX
Car-t
GDPR

Job Details

Job Description

We are seeking an Information Security and Compliance consultant with experience in providing security applications controls and assessments for pharmaceutical Manufacturers located in Raritan, NJ. As a Cyber Security Manager , this resource will work within the Information Security and risk Management department, joining the team responsible for security consulting initiatives of Supply Chain Advanced Therapies IT Platforms related application support. In this role, this resource will be responsible for security & controls throughout global projects related to Supply Chain applications including Car-t Cloud-based software controls, and continuous collaboration and follow-ups with the business partners.

 Non-negotiable skills:

Information Security Compliance experience

Sox/Audit Experience in Pharmaceutical and Cloud-based software controls

IT/OT Application Security Assessment experience

 

Minimum Qualifications:

Bachelor’s Degree in Information Technology, Computer Science, or a related field

Minimum 7 years of experience working with security and controls, consulting stakeholders throughout the application implementation process

Broad knowledge of information security processes and principles is useful in explaining the business value of cybersecurity.

Experienced in identifying and articulating issues/obstacles regarding application security issues

Working knowledge of Web/Cloud-based software

Familiarity with SOX compliance requirements

Self-starter and proficient multitasker with excellent documentation, communication, andorganizational skills Preferred Knowledge, Skills and Abilities

Certified Information Systems Security Professional (CISSP), CISM, CISA etc..

Responsible for advancing cybersecurity of our Pharma systems, applications, and integrations across product lines and regions by identifying key risks and controls through security assessments

Orchestrate and deliver cybersecurity risk assessments of Supply Chain projects, applications, and the technologies that run them while maintaining awareness of the changing threat landscape

Understand and promote risk management activities associated with external regulations and internal policies such as IAPP, GxP, and GDPR

Bridge the gap between traditional Information Technology (IT) and business functions by relating cyber threats and vulnerabilities to business imperatives and communicating them to key business leaders

Actively advise, assess, and lead Business and IT stakeholders in the development of secure information systems and solutions in line with the organization’s cybersecurity architecture, IAPP policies, and regulatory requirements.

We maintain connections across peer groups to continuously understand emerging security solutions that are ground-breaking enablers for mitigating supply chain risk

We constantly strive to shape the administrative controls for cybersecurity through advisory and assurance services

Support compliance assessments on regulatory (ie GxP or SOX)

Make recommendations for application security including change, incident management, process enhancements, access management, and change management

Consulting stakeholders about data classification and privacy, including data encryption and protection

Ensures appropriate controls are implemented for Car-t Applications and coordinates alignment with Internal Audit and IT Compliance

Provide metrics and reports on a weekly basis tracking the entire portfolio, application assessment status, and Risk Acceptance status.

Experience in providing security applications controls and assessments for Supply Chain Pharmaceutical/Innovative Medicine

Performing security consulting to ensure that the Minimum Viable Security (MVS) is built into new supply chain Advanced Therapies systems.

Responsible for performing security risk assessments of existing Advanced Therapies systems applications providing security/risk-related updates and meaningful metrics, and answering all questions related to security/risk-related subjects.

Provide security consulting and assurance for assigned platforms, including:

Performing risk calculators to identify high risk applications/projects; for those identified, performing application security questionnaires/assessments, identifying security gaps and appropriate remediation actions

Performing Incident trending to ensure security root causes are identified and remediated

Evaluating static & dynamic vulnerabilities to identify TLM/ALM & other security issues along with the appropriate remediation actions.

Large experience in SOX, IAPP, GxP, Privacy compliance requirements

Provide local oversite for interns, employees / Contractors in the team

 Support Key Advanced Therapies projects:

Providing a central point for SC security questions or queries on project support, connecting with the appropriate ISRM team member to ensure complete and accurate responses and/or appropriate involvement

Navigating between all ISRM SC pillars to obtain knowledge regarding security issues

Ensures appropriate controls are implemented for Car-t Applications and coordinates alignment with Internal Audit and IT Compliance

Provide metrics and reports on a weekly basis tracking the entire portfolio, application assessment status, and Risk Acceptance status.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.