Seven Bridges Director of IT Security and Risk Management in Cambridge, Massachusetts
Director of IT Security and Risk Management
ABOUT SEVEN BRIDGES:
Seven Bridges is the biomedical data analysis company accelerating breakthroughs in genomics research for cancer, drug development and precision medicine. We democratize genomics by enabling researchers anywhere to process and understand genomic data quickly and efficiently, at any scale.
Thousands of researchers in government, biotech, pharmaceutical and academic labs use Seven Bridges, including three of the largest genomics projects in the world: U.S. National Cancer Institute’s Cancer Genomics Cloud pilot, the Million Veteran Program, and Genomics England’s 100,000 Genomes Project. As the NIH’s only commercial Trusted Partner, Seven Bridges authenticates and authorizes access to one of the world’s largest cancer genomics dataset.
Our biomedical data analysis platform will be used by the Cancer Moonshot’s Blood Profiling Atlas project, designed to accelerate the development and approval of simple, accurate, and reliable blood tests for cancer diagnosis and precision treatment.
Named one of the world's smartest companies by MIT Technology Review, Seven Bridges has offices in Cambridge, Mass.; Belgrade; London; Istanbul; Ankara; and San Francisco.
ABOUT THE ROLE:
Seven Bridges is building the leading platform for analysis of genomic data in the cloud. We store and process population scale amounts of sensitive genetic information on behalf of our major enterprise clients, such as pharmaceutical and biotech companies, and research universities. Our clients’ trust is one of our most valuable assets, and regulatory compliance is a critical priority. In this role, you will establish a state-of-the-art information security compliance program that will provide our clients with the highest level of assurance that all information assets are safe with Seven Bridges.
As the Director of Information Security, you will ensure that Seven Bridges attains and maintains compliance with applicable security frameworks: both regulatory frameworks such as FISMA and FedRAMP, and voluntary standards such as ISO 27001 and SSAE 16. You will work with our Information Security Team to develop and enforce policies, procedures, and technical controls and supervise the overall information security management system. You will also coordinate required internal audits of security compliance, prepare Seven Bridges for external audits, and act as the face of the company’s security and compliance efforts to clients and the broader community.
Lead regulatory compliance and standards certification-and-accreditation efforts for information security.
Ensure that our security and compliance efforts stay at the forefront of industry developments
Manage the operation of the company’s information security management system.
Define and maintain a corporate risk register through a well-organized assessment methodology and coordinate security risk assessments for new projects, technologies and partnerships along with Legal and Business Development teams..
Create and maintain an effective communication program for the organization, including understanding of new and existing security documents (i.e. policies, standards, guidelines, procedures, and processes), education/awareness.
Consult with Legal as needed to resolve potential legal compliance issues and proactively advise Seven Bridges on how to maintain compliance with information security standards and regulations.
Lead external-facing meetings with customers and, more infrequently, with auditors regarding information security and compliance.
Manage the Information Security and Compliance department; currently 1 direct report
Bachelor’s degree in information assurance, security, management information systems, risk management, or equivalent work experience is acceptable. Advance degrees a plus.
Past senior management experience leading teams of security professionals is required.
8+ years of related security risk assessment, vulnerability management, or audit work experience is required.
Experience guiding an organization through external audits of information security and risk management is required.
Strong analytical and product management skills are required, including a thorough understanding of how to interpret customer business needs and translate them into application and operational requirements.
An ideal candidate has experience with information security standards such as HIPAA, FISMA, FedRAMP, ISO 27001, NIST 800-53, and SSAE 16 (SOC 2).
And we also think that:
CISSP, CISM, or similar certification is a plus.
Experience working with SaaS providers is a plus, particularly those built on third-party cloud infrastructure.
A thorough understanding of network and application security architecture is a plus.
Familiarity with penetration testing, firewalls, intrusion detection systems, and other best-practice technical controls is a plus.
Experience working in a fast-paced start-up environment is a plus.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity or national origin.