Since 2016, the Hutch Data Commonwealth team (HDC) has kicked off collaborations with technology companies in the Pacific Northwest, and they’ve engaged with at least 25 labs within Fred Hutch to combine their data to cure cancer. This is a transformative time in their quest -- so much so that they've set a deadline to find that cure.
As part of the mission, it’s critical to protect the security of this precious data. We’re looking for a mission-driven candidate with a strong Information Security background who can create and implement policy, at the same time building a rapport with the scientists at Fred Hutchinson Cancer Research Center. You will lead ongoing, center-wide risk assessment and status reporting, and will be responsible for security awareness and training programs across the center. Ideally, you’re the kind of person who can review and direct audits and regulatory compliance with a focus on explaining why and how it’s important to the team, the company, Fred Hutch’s partners, and the overall mission to cure cancer.
Develop and drive information security strategy and action plans based on center-wide risk assessment and gap analysis
Manage and mentor the Information Security Office team members and implement professional development plans for all members of the team
Provide guidance and counsel to the CIO, working closely with administrative leadership, and the Fred Hutch scientific community in defining objectives for information security, while building relationships and goodwill
Promote collaborative, empowered working environments across campus, removing barriers and creating possibilities
Develop, publish, and maintain comprehensive information security and privacy standards, policies, procedures and guidelines and enforce these in compliance with applicable regulations and standards
Oversee execution of approved information security projects and internal/external security audits, and provide regular status reporting on progress of such projects
Collaborate with central and departmental IT groups to ensure information security risks in both ongoing and planned operations are properly considered and that all compliance matters are being adhered to as required
Provide guidance and support as necessary to investigate security breaches and to pursue associated potential disciplinary and legal actions in collaboration with Human Resources and the Office of the General Counsel as appropriate
Monitor information security trends and evolving technologies and keep senior management informed about related information security issues and implications for the center
Create, communicate and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants and other service providers
Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls
Build and maintain relationships with peers at partner organizations to create a strong bridge between organizations and bring groups together to share information and resources and create better decisions, policies and practices for the Cancer Consortium
Work with Internal Audit and outside consultants as appropriate on required security assessments and audits
Conduct regular and ongoing monitoring of and reporting on compliance with information security standards and policies
12 information security engineers and analysts comprising information security compliance, assurance, and engineering functions.
10-12 of years of progressive experience with information security demonstrating increasing responsibility in management assignments including both staff and operational responsibilities
Masters level degree in Information Security, Computer Science, Information Management Systems, or equivalent background
Demonstrated experience in developing and implementing information security programs
Demonstrated experience supporting information security in a research environment
Familiarity with Information Security industry standards/best practices and relevant regulations (e.g., HIPAA, FISMA)
Familiarity with Institutional Review Boards
Industry certification (OSCP or SANS certifications; QSA or ISA; CISSP or CISM) preferred