Sr Director, Enterprise Security GRC

Company Information

At Advarra, we are passionate about making a difference in the world of clinical research and advancing human health. With a rich history rooted in ethical review services combined with innovative technology solutions and deep industry expertise, we are at the forefront of industry change. A market leader and pioneer, Advarra breaks the silos that impede clinical research, aligning patients, sites, sponsors, and CROs in a connected ecosystem to accelerate trials.

Company Culture 

Our employees are the heart of Advarra. They are the key to our success and the driving force behind our mission and vision. Our values (Patient-Centric, Ethical, Quality Focused, Collaborative) guide our actions and decisions. Knowing the impact of our work on trial participants and patients, we act with urgency and purpose to advance clinical research so that people can live happier, healthier lives. 

At Advarra, we seek to foster an inclusive and collaborative environment where everyone is treated with respect and diverse perspectives are embraced. Treating one another, our clients, and clinical trial participants with empathy and care are key tenets of our culture at Advarra; we are committed to creating a workplace where each employee is not only valued but empowered to thrive and make a meaningful impact.

Job Overview Summary 

Reporting to the Chief Information Security Officer (CISO), the Sr Director, Enterprise Security Governance, Risk and Compliance (GRC) will be responsible for the oversight and ongoing success of the Governance, Risk and Compliance team within the Advarra Enterprise Information Security department. The Head of GRC is both an experienced leader and a subject matter expert who will address cyber security from a strategic lens and provide guidance to leadership for managing risks to information security.

Job Duties & Responsibilities 

• Working with Quality and Compliance to oversee the development of information security policies that are consistent with the organizations commitment to protect the health information and privacy of our customers and to comply with all legal and regulatory requirements.
• Oversees the information security Cloud governance framework, including any policies, procedures and standards necessary to protect the organizations adoption of Cloud resources, recommending, documenting and monitoring the implementation of cloud security solutions for identity, data protection and other compliance measures
• Developing technical Application Security and compliance standards across the organization to meet applicable regulations and contractual obligations; to meet our technical security objectives and that the associated controls are designed, implemented, and executed effectively, consistently, efficiently, and economically
• Maintains and enhances the vendor due diligence process for 3rd party and Supply Chain Risk Management. Including monitoring for alerts around compliance concerns and progress towards remediation.
• Develops, supports and serves as custodian for the Enterprise IT Risk Register consolidating risk for the relevant risk management programs including IT Risks, 3rd Party risk, Business Continuity, and containing the necessary attributions, remediation plans and acceptance
• Serves as the internal auditor and internal security consultant for information security processes. Recommending, documenting, and monitoring the implementation of any prescribed corrective actions resulting from assigned security assessments or audits
• Works with the privacy team to define the Data Protection policies and standards necessary to protect the safety of protected health information, personally identifiable information and other classes of data available on-premise and in the cloud
• Supports any requests for information by any external authoritative agencies and customer review requests as required (E.g., assessors, auditors, investigators, etc.)
• Performing, reviewing, evaluating, assessing, documenting, and communicating the results of the annual enterprise IT risk assessment.  
• Supporting the Operations, Engineering and Applications teams by providing the necessary security expertise required to ensure compliance with company objectives for risk acceptance
• Lead the enterprise security awareness and education efforts, including any associated committees and workgroups. 
• Establishes and operates the metrics collection and reporting to measure security maturity facilitate  reporting mechanisms for continual program improvements. 
• Consults with all departments on related issues, inquiries, and projects. 

Location 

This role is open to candidates working remotely in ​the United States. 

Basic Qualifications 

• Bachelor’s degree in computer science, cybersecurity, information technology or systems, or an equivalent combination or education and experience.
• 10+ years of experience in information security risk assessments, IT auditing, project management, large systems/client-server development and implementation, operational readiness assessment and risk management, with a focus on Healthcare and Healthtech environments
• Proven experience leading and building a GRC team to execute on a vision.
• CISSP, CISM, CRISC, CGEIT, SSCP, CCSP or other industry standard certifications and credentials 

Preferred Qualifications

• Demonstrated experience using the latest privacy management and cyber protection tools, including current platforms in advanced cyber threat, malware, vulnerability, security event and incident, and intelligence management.
• Expert working knowledge of security, governance, risk, compliance and privacy concepts and practices as they apply to health care and information technology
• Expert working knowledge of relevant authoritative source material (e.g., ISO 27001, HITRUST, HIPAA, PCI, GDPR, etc.)
• Expert working knowledge of relevant industry best practices (e.g., NIST, FIPS, FISMA, COBIT, ITIL, State/FedRAMP etc.)
• Expert working knowledge of business risk management strategies and management practices
• Working knowledge of cloud technologies like AWS, CSPM, etc.
• Full understanding of risk management and organizational governance approaches, with a proven ability to apply these concepts to the business.
• Experience managing large, complex and high-visibility projects. 
• Expert people leadership skills with the ability to work effectively at all levels of the organization
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
• A proven ability at presenting to both executive and technical level audiences, including the Board of Directors

Physical and Mental Requirements

• Sit or stand for extended periods of time at stationary workstation
• Regularly carry, raise, and lower objects of up to 10 Lbs. 
• Learn and comprehend basic instructions
• Focus and attention to tasks and responsibilities
• Verbal communication; listening and understanding, responding, and speaking 

Advarra is an equal opportunity employer that is committed to diversity, equity and inclusion and providing a workplace that is free from discrimination and harassment of any kind based on race, color, religion, creed, sex (including pregnancy, childbirth, and related medical conditions, sexual orientation, and gender identity), national origin, age, disability or genetic information or any other status or characteristic protected by federal, state, or local law.  Advarra provides equal employment opportunity to all individuals regardless of these protected characteristics. Further, Advarra takes affirmative action to ensure that applicants and employees are treated without regard to any of these protected characteristics in all terms and conditions of employment, including, but not limited to, hiring, training, promotion, discipline, compensation, benefits, and separation from employment.

The base salary range for this role is $​159,200 - $270,700​. Note that salary may vary based on location, skills, and experience and may vary from the amounts listed above. This position may also be eligible for a variable bonus in addition to base salary as well as health coverage, paid holidays, and other benefits.