Manager, Information Security Frameworks
Medidata: Conquering Diseases Together
Medidata is leading the digital transformation of life sciences, creating hope for millions of patients. Medidata helps generate the evidence and insights to help pharmaceutical, biotech, medical device and diagnostics companies, and academic researchers accelerate value, minimize risk, and optimize outcomes. More than one million registered users across 1,400 customers and partners access the world's most-used platform for clinical development, commercial, and real-world data. Medidata, a Dassault Systèmes company, is headquartered in New York City and has offices around the world to meet the needs of its customers. Discover more at www.medidata.com.
To provide support for Development Team Operations including hosting and maintaining development tools, providing Release Engineering support for Data Science Teams & supporting Data Governance Policy in relation to Data Science.
Manages Information Security Frameworks to a high degree of quality including, ISO 27xxx series, SOC1/2/3, HIPAA, HITRUST, NIST, Fisma and Fedramp
Provide security and engineering input to architectural designs, system designs and strategic technology plans
Support Data Governance Policy within the SDLC including extracting and moving approved customer data to a secure development environment
Intimate knowledge of the things necessary to support ISO 27001, 27018, 27701 as well as SOC-1 and SOC-2
Deep knowledge of NIST 800-53
Familiar with the principles of issuing Authority-to-Operate for FISMA & FedRamp
A good grasp of the fundamentals of Cloud Security
Good understanding of Software Engineering practices
Practical experience in Incident Response
Strong experience in Information Security Practices
Experience in software products in cloud environments
Fundamental understanding of Agile Software Development
Good background in both IT systems engineering and operations
Sound understanding of source control.
Ability to collaborate with other functions in order to deploy and maintain solutions in an appropriate and cost-effective manner
Problem solving skills and ability to work under pressure
Possess ability to take on complex problems creatively
Ability not only to run a small (3-5 person) team, but cross functionally
Run the security frameworks programs effectively
Manage the Authority to Operate program
Manage the department Information Security Management System (ISMS) including POAMS, Monthly Meetings, CAPAs and other components of an ISO compliant function
Partner with GCS to ensure seamless coverage with respect to quality
Partner with Legal to ensure seamless coverage with respect to privacy
Collaborate with the rest of Information Security
- Identity and Access Management principles
Ability to run vulnerability assessment programs
Ability to run a third party risk program
Ability to support Enterprise Risk Management
Good writing skills; both within a technical and within a corporate environment
At least 5 years in Technology, Medical, LifeSciences or HealthCare
Your Education & Experience:
At least five years exposed to Security Frameworks (AISCPA, ISO, CoBIT)
Bachelor's degree (or above) in Computer Science/Engineering, Information Technology or comparable required
CISM/CISA/CRISC certifications are desired, but not required
Cloud Security certification is desired, but not required
CISSP Certification is a bonus, will be expected within 1 year of hire
Medidata is making a real difference in the lives of patients everywhere by accelerating critical drug and medical device development, enabling life-saving drugs and medical devices to get to market faster. Our products sit at the convergence of the Technology and Life Sciences industries, one of most exciting areas for global innovation. Nine of the top 10 best-selling drugs in 2017 were developed on the Medidata platform.
Medidata’s solutions have powered over 14,000 clinical trials giving us the largest collection of clinical trial data in the world. With this asset, we pioneer innovative, advanced applications and intelligent data analytics, bringing an unmatched level of quality and efficiency to clinical trials enabling treatments to reach waiting patients sooner.
Medidata Solutions, Inc. is an Equal Opportunity Employer. Medidata Solutions provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, national origin, age, disability, or status as a veteran. Medidata Solutions complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities.