Senior Director of Information Security

Fred Hutchinson Cancer Research Center - Seattle, WA

Since 2016, the Hutch Data Commonwealth team (HDC) has kicked off collaborations with technology companies in the Pacific Northwest, and they’ve engaged with at least 25 labs within Fred Hutch to combine their data to cure cancer. This is a transformative time in their quest -- so much so that they've set a deadline to find that cure.

As part of the mission, it’s critical to protect the security of this precious data. We’re looking for a mission-driven candidate with a strong Information Security background who can create and implement policy, at the same time building a rapport with the scientists at Fred Hutchinson Cancer Research Center. You will lead ongoing, center-wide risk assessment and status reporting, and will be responsible for security awareness and training programs across the center. Ideally, you’re the kind of person who can review and direct audits and regulatory compliance with a focus on explaining why and how it’s important to the team, the company, Fred Hutch’s partners, and the overall mission to cure cancer.

RESPONSIBILITIES

  • Develop and drive information security strategy and action plans based on center-wide risk assessment and gap analysis

  • Manage and mentor the Information Security Office team members and implement professional development plans for all members of the team

  • Provide guidance and counsel to the CIO, working closely with administrative leadership, and the Fred Hutch scientific community in defining objectives for information security, while building relationships and goodwill

  • Promote collaborative, empowered working environments across campus, removing barriers and creating possibilities

  • Develop, publish, and maintain comprehensive information security and privacy standards, policies, procedures and guidelines and enforce these in compliance with applicable regulations and standards

  • Oversee execution of approved information security projects and internal/external security audits, and provide regular status reporting on progress of such projects

  • Collaborate with central and departmental IT groups to ensure information security risks in both ongoing and planned operations are properly considered and that all compliance matters are being adhered to as required

  • Provide guidance and support as necessary to investigate security breaches and to pursue associated potential disciplinary and legal actions in collaboration with Human Resources and the Office of the General Counsel as appropriate

  • Monitor information security trends and evolving technologies and keep senior management informed about related information security issues and implications for the center

  • Create, communicate and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants and other service providers

  • Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls

  • Build and maintain relationships with peers at partner organizations to create a strong bridge between organizations and bring groups together to share information and resources and create better decisions, policies and practices for the Cancer Consortium

  • Work with Internal Audit and outside consultants as appropriate on required security assessments and audits

  • Conduct regular and ongoing monitoring of and reporting on compliance with information security standards and policies

TEAM SCOPE

  • 12 information security engineers and analysts comprising information security compliance, assurance, and engineering functions.

QUALIFICATIONS

  • 10-12 of years of progressive experience with information security demonstrating increasing responsibility in management assignments including both staff and operational responsibilities

  • Masters level degree in Information Security, Computer Science, Information Management Systems, or equivalent background

  • Demonstrated experience in developing and implementing information security programs

  • Demonstrated experience supporting information security in a research environment

  • Familiarity with Information Security industry standards/best practices and relevant regulations (e.g., HIPAA, FISMA)

  • Familiarity with Institutional Review Boards

  • Industry certification (OSCP or SANS certifications; QSA or ISA; CISSP or CISM) preferred

 



Posted On: Tuesday, September 18, 2018



Apply to this job
or