ABOUT THE ROLE:
We are building the leading platform for analysis of genomic data in the cloud. As part of this, we store and process sensitive genetic information on behalf of our major enterprise clients, such as pharmaceutical and biotech companies, and research universities. Our clients’ trust is one of our most valuable assets, and regulatory compliance is a constant priority. In this role, you will establish a state-of-the-art information security compliance program that will provide our clients with the highest level of assurance that all information assets are safe with Seven Bridges.
As the Director of Information Security, you will ensure that Seven Bridges stays compliant with applicable security frameworks: both regulatory frameworks such as FISMA and FedRAMP, and voluntary standards such as ISO 27001 and SSAE 16. You will work with our Information Security Team and the rest of the staff to develop and enforce policies, procedures, and technical controls and supervise the overall information security management system. You will also coordinate required internal audits of security compliance, prepare Seven Bridges for external audits, and act as the face of the company’s security and compliance efforts to clients and the broader community.
- Lead regulatory compliance and standards certification-and-accreditation efforts for information security.
- Manage the operation of the company’s information security management system.
- Define and maintain a corporate risk register through a well-organized assessment methodology and coordinate security risk assessments for new projects, technologies and partnerships along with Legal and Business Development teams..
- Create and maintain an effective communication program for the organization, including understanding of new and existing security documents (i.e. policies, standards, guidelines, procedures, and processes), education/awareness.
- Consult with Legal as needed to resolve potential legal compliance issues and proactively advise Seven Bridges on how to maintain compliance with information security standards and regulations.
- Lead external-facing meetings and work with Communications team on public communications regarding information security and compliance.