Pacira Pharmaceuticals - Parsippany, NJ
posted 16 days ago
Parsippany, NJ
Chemical Manufacturing
About the position
The Associate Director of Information Security will be responsible for leading the operations and improvements of the company's overall Information Security program. This key role will work with stakeholders within Information Technology, Pacira business functions, and liaise with various external partners to understand threats, plan and execute the closure of gaps, and help manage risk to the company while maintaining business agility. The role will oversee the Security Operations Center, inform the overall Information Security strategy for the company, manage operations and be the subject matter expert on all general Information Security matters including incident response, vulnerability management, access controls, third-party risk management, data privacy and enterprise risk management.
Responsibilities
- Spearhead the development and implementation of the Information Security Program, balancing risk with operational efficiencies.
- Take ownership of the day-to-day operations of the Information Security program, including incident response, vendor security reviews, firewall rule reviews, and business consultations.
- Lead the IT Risk Management process to capture enterprise-level risk, provide business context, and collaborate with IT peers to address risk based on priorities.
- Take responsibility for the creation, monitoring, and updating of Security policies and procedures to ensure accuracy and operational excellence.
- Establish and manage a Third Party Risk Management program, assessing critical business suppliers for Cyber Risk that may impact the company.
- Develop and implement a Data Protection program, including data classification, security controls, and a full Data Loss Prevention utility.
- Present a Board-level set of metrics identifying risk and program effectiveness.
- Conduct assessments of information systems and their vendors to ensure that appropriate security functions have been included in the systems design and architecture.
- Monitor and evaluate the performance of information systems in support of information systems security program accomplishments based on appropriate measures.
- Determine risk response options and evaluate their efficiency and effectiveness in managing risk in alignment with business objectives.
- Take charge of managing incidents to closure, providing regular reporting to the VP of IT, corporate/legal functions, Executive Team, and the Board of Directors as necessary.
- Play a key role as an integrated part of the IT Leadership team, helping to formulate our roadmap to address current and future business needs.
Requirements
- A B.A./ B.S. in Computer Science, Computer Engineering, Information Security, Intelligence Analysis or Cyber Security or other relevant field required.
- Overall 7+ years of relevant professional experience with 5+ years in Information & Cyber Security required.
- Experience in and knowledge of industry frameworks and regulations (e.g. NIST, ITIL, ISO, COBIT, SOX, GDPR) required.
- CISSP/CISM/CISA or equivalent certification is a plus.
Nice-to-haves
- Experience in IT security and risk management (understanding risk assessment, legal and regulatory requirements, threats, vulnerabilities, security policies etc.).
- General understanding of infrastructure components, including infrastructure security components (e.g. Network security, Firewalls, IDS, IPS etc.).
- Hands-on experience with Microsoft M365 / O365 security suite a plus.
- Demonstrated experience in working with an external operations partner.
- Experience with protected health information or personally-identifiable information.
- Knowledge of current Security standards regulations and frameworks such as HIPPA, ISO/IEC 27001/27002, SOX, NIST, GDPR.
- Demonstrable ability to balance and prioritize security requirements with business objectives and financial constraints.
- Ability to work independently on initiatives with little oversight.
- Strong analytical skills/problem solving/conceptual thinking.
- Effective communication skills.
- Awareness of Cloud Security Solutions.
- Enterprise Incident handling experience.
- Experience in leading or coordinating activities across a diverse group of professionals with visibility to senior management.
- Excellent organizational, planning, problem solving and decision-making.
- Strong interpersonal skills, including verbal, written, and listening skills with the ability to influence and lead others.
