Director - Cyber Security

Company Information 

At Advarra, we are passionate about making a difference in the world of clinical research and advancing human health. With a rich history rooted in ethical review services combined with innovative technology solutions and deep industry expertise, we are at the forefront of industry change. A market leader and pioneer, Advarra breaks the silos that impede clinical research, aligning patients, sites, sponsors, and CROs in a connected ecosystem to accelerate trials. 

Company Culture  

Our employees are the heart of Advarra. They are the key to our success and the driving force behind our mission and vision. Our values (Patient-Centric, Ethical, Quality Focused, Collaborative) guide our actions and decisions. Knowing the impact of our work on trial participants and patients, we act with urgency and purpose to advance clinical research so that people can live happier, healthier lives.  

At Advarra, we seek to foster an inclusive and collaborative environment where everyone is treated with respect and diverse perspectives are embraced. Treating one another, our clients, and clinical trial participants with empathy and care are key tenets of our culture at Advarra; we are committed to creating a workplace where each employee is not only valued but empowered to thrive and make a meaningful impact.  

Job Duties & Responsibilities    

• Provides oversight for the information security compliance program for the relevant region, identifying areas of non-compliance and directing corrective action. Consultant and advisor to regional site leadership on information security and related matters. 
• Initiates, facilitates, and promotes activities to foster information security awareness and education within the associated area of responsibility. Fosters a culture of cyber security both with the IT organization and to drive behavioral changes for the business, including reports and communication to regional and site level leadership on security trends and statistics. 
• Assists the CISO, Security Operations Lead, Privacy and Compliance as necessary around incident response for regional security incidents and events including responding to potential breaches of electronic protected health information (ePHI) and electronic personally identifiable information (ePII). 
• Responsible for the development and implementation of associated risk management or corrective action “Plan of Action & Milestones” (POA&M) for the regional or business area of responsibility including the integrity of initial or periodic risk assessment/analysis and the subsequent mitigation and remediation. 
• Coordinates external and internal security and privacy audit controls for that region or business to monitor activity on electronic systems that contain or use electronic protected health information or electronic personally identifiable information and to ensure that activity is appropriate. Such activity would include, but is not limited to, logons and logoffs, file access, updates, edits and printing. 
• Ensure that the disaster recovery, business continuity, risk management and access control needs of the regional or business are documented and addressed. 
• Leads strategic projects as necessary with both regional and national scope, for example Data Leak Protection, Vulnerability Management, Phishing Simulation reporting and others 
• This role will be an individual contributor, with no direct reports.   

Location   

This role is open to candidates working hybrid in Bengaluru India.   

Basic Qualifications    

• Bachelor’s degree in computer science, information systems, related field, or equivalent experience 
• CISSP, CISM certification preferred 
• 5-10 years’ experience leading an information security program and working with a globally distributed information security team 
• Experience in Life Science, Health Care, manufacturing or other highly regulated industries 
• Ability to lead audits and assessments of technology and processes related to ISO27001, HIPAA & HITRUST 
• Experience with vendor and product selections including oversight of enterprise risk assessments  

Preferred Qualifications    

• CRISC, CGEIT, CISA GSEC, GCIH certifications are helpful but not required  

Physical and Mental Requirements  

• Sit or stand for extended periods of time at stationary workstation 
• Regularly carry, raise, and lower objects of up to 10 Lbs.  
• Learn and comprehend basic instructions 
• Focus and attention to tasks and responsibilities 
• Verbal communication; listening and understanding, responding, and speaking  

Advarra is an equal opportunity employer that is committed to diversity, equity and inclusion and providing a workplace that is free from discrimination and harassment of any kind based on race, color, religion, creed, sex (including pregnancy, childbirth, and related medical conditions, sexual orientation, and gender identity), national origin, age, disability or genetic information or any other status or characteristic protected by central, state, or local law.  Advarra provides equal employment opportunity to all individuals regardless of these protected characteristics. Further, Advarra takes affirmative action to ensure that applicants and employees are treated without regard to any of these protected characteristics in all terms and conditions of employment, including, but not limited to, hiring, training, promotion, discipline, compensation, benefits, and separation from employment.