Director of Information Security |

Full Time
San Diego, CA-United States
Posted 4 years ago
Applications have closed

Website Progenity

Prepare for life.

Our mission at Progenity is simple: to help healthcare providers and patients prepare for life. We provide the most advanced molecular technology and the highest levels of service to guide patient care at critical life stages. We continually seek people with the motivation and skills to advance our mission.

Reporting to the CIO, the Directory of Information Security is responsible for growing and managing the Information Security practice within Progenity. This new, critical role will collaborate deeply across the organization to further develop our security practices, establish new standards, and implement a DevSecOps discipline within the organization. As Progenity continues to grow its service offerings and capabilities, this role will help ensure a solid foundation exists across systems that support our HIPAA, CAP, and FDA/GxP compliance efforts. The Director of Information Security is responsible for aligning security initiatives with enterprise programs and business objectives, ensuring that information assets and Progenity products and technologies are appropriately protected. The Director of Information Security is accountable for establishing, executing and maintaining an enterprise vision, strategy, and program to ensure that Progenity physical and digital information assets and technologies are adequately protected. The Director of Information Security will work with Progenty IT Ops and IT R&D teams to ensure our systems, products, and enterprise solutions, both customer and internal facing, in the cloud and on premises, are appropriately protected and governed by appropriate policies, procedures, technology, and standards. Of particular importance, the Director of Information Security will have extensive knowledge and experience with technologies and solutions in all Cloud environments as well as on premises solutions. The role is an integral component of the corporate governance structure and encompasses the strategy, business processes, behaviors, and technology needed to achieve compliance with security, business and IT policies and practices. The Director of Information Security is responsible for proactively protecting information assets from unauthorized or inappropriate access, use or disclosure as well as business disruptions.

RESPONSIBILITIES
- Develops a deep understanding of Progenity current product portfolio, customer facing requirements and forward-looking threat profile.
- Works with CIO to institute a global enterprise wide Cyber Security discipline and governance model that allows appropriate prioritization of objectives and a response mechanism for threats.
- Improves and implements specific security policies, procedures, and processes.
- Participates in the strategic decisions related to technology, definition, and implementation of business processes and systems both in the cloud and on premises.
- Manages the IT Security function to implement consistent security safeguards and controls throughout the organization.
- Ensures that global Information Security and Privacy regulations are being followed.
- Protects valuable information and maintains the confidentiality and integrity of data Knowledge of security management, network & protocols, data and application security solutions, and cloud architectures Knowledge of industry trends and current and emerging risks.
- Monitors and reviews regulatory updates and issues relative to pertinent security regulations (which could include HIPAA, CAP, GxP, and SOX).
- Reports regularly to the CIO and senior management regarding the status of compliance to all pertinent regulations and mitigation of information security issues identified.
- Identifies key metrics and develop executive level dashboard reports addressing current state of Progenity’s Cyber Security posture.
- Leads any Information Security compliance reviews or investigations.
- Develops and directs communications/security awareness programs and risk analysis.
- Responsible for threat management, security monitoring, trend correlation and incident management, including security violations and exceptions.
- Establishes and oversees the organization’s security architecture.
- Works with other high-level executives to establish disaster recovery (DR) and business continuity plans.
- Effectively demonstrates and leads his/her group through change, dealing positively with change.
- Creates vision and strategy for the integration of security consciousness, tools, and architectural elements into Progenity’s daily operating activities.
- Promotes the concept of being a change agent with staff and helping them to lead this role as project leaders.
- Effectively coaches employees and provides ongoing feedback to staff, and develops staff level competencies with the staff.
- Develops a culture of responsive customer-oriented services and internal accountability.
- Consistently orients, trains, and develops staff.
- Demonstrates commitment to staff’s continual learning, growth, and development.
- Continues self-development.
This list of duties and responsibilities is not all inclusive and may be expanded to include other duties and responsibilities, as deemed necessary.

REQUIREMENTS
- Bachelor’s degree in Information Technology, Computer Science or related field. Advanced degree preferre.
- Certified Information Systems Security Professional (CISSP) or Certified Information Systems Auditor (CISA), preferred. May substitute an equivalent combination of education and experience 10+ years’ experience managing IT staff.
- 10+ years of experience leading IT security planning and response Knowledge of applicable industry rules (including CAP, SOX, and HIPAA), and expertise in Cyber Security best practices and implementing Cyber Security Frameworks. ITIL Foundations certifications preferred.
- Strong subject matter experience in application security, vulnerability testing and risk profile development.
- Risk management experience with proven ability to effectively apply risk principles to challenging business requirements Impeccable executive presentation and communication skills.
- Excellent influencing and problem resolution skills.
- Demonstrated ability to effectively build and manage teams.
- Advanced analytical and problem solving capabilities.
- Excellent communication skills to form strong working relationships with the team, management and internal customers.
- Able to analyze and clearly articulate complex issues and technologies understandably and engagingly Knowledge and expertise in security architecture, cloud solutions, frameworks, and cyber technology.