Works closely with the IT and other managers to ensure the security administration and protection of information assets including data, systems, databases, networks, and other resources
Possesses solid understanding of technical information security principles as these apply to networking, software development, operating systems, cloud computing, etc
Identifies cybersecurity architecture, goals, objectives and metrics
Ability to explain security concepts to various audiences
Supports the improvement of security processes - awareness, incident response, breach response, vulnerability management, patch management, etc
Proposes program enhancements
Continuously monitors and evaluates new cybersecurity risks, threats and information security trends; develops effective security risk mitigation strategies
Provides risk evaluation and guidance for IT and non-IT projects, including evaluation and recommendation of appropriate technical controls
Assists with internal and external compliance audits
Provides subject matter expertise to ensure the security program complies with relevant laws, regulations and policies
Closely collaborates with IT, QA and other teams as needed to coordinate the information security aspects of FISMA/FedRAMP, ISO27001, and other compliance
Ensures that security policies, standards and guidelines are followed and applied consistently
Develops security policies, procedures, standards, and guidelines for the organization
Tracks and reports on information security metrics
Oversees the implementation of the disaster recovery policies and standards to align with the company business continuity management program goals
Coordinates the implementation of plans and procedures to ensure business critical services are recovered in the event of disasters or other incidents
Provides direction, support and subject matter expertise in these areas
Assists in response to potential security breaches, coordinates response, and recommends corrective actions
Escalates as appropriate
Ensures accomplishment of all objectives in accordance with policies, procedures, and strategic direction, as well as regulatory standards
Maintains current knowledge of industry and regulatory healthcare trends in addition to developments for the enterprise technology
Educates leadership on appropriate security risk and mitigation strategies
Prepares reports for senior management
Overview Job Posting Title India Remote/Ahmedabad/Bengaluru/New Delhi Emmes Group: Building a better future for us all
Emmes Group is transforming the future of clinical research, bringing the promise of new medical discovery closer within reach for patients
Emmes Group was founded as Emmes more than 47 years ago, becoming one of the primary clinical research providers to the US government before expanding into public-private partnerships and commercial biopharma
Emmes has built industry leading capabilities in cell and gene therapy, vaccines and infectious diseases, ophthalmology, rare diseases, and neuroscience
We believe the work we do will have a direct impact on patients lives and act accordingly
We stive to build a collaborative culture at the intersection of being a performance and people driven company
We re looking for talented professionals eager to help advance clinical research as we work to embed innovation into the fabric of our company
If you share our motivations and passion in research, come join us! Primary Purpose Supports and reinforces the companys technical capabilities for compliance with governance frameworks and policies
Supports the monitoring of all day-to-day operational aspects of technical security measures throughout the organization and maturing Emmes cybersecurity framework and capabilities
Responsibilities Works closely with the IT and other managers to ensure the security administration and protection of information assets including data, systems, databases, networks, and other resources
Possesses solid understanding of technical information security principles as these apply to networking, software development, operating systems, cloud computing, etc
Identifies cybersecurity architecture, goals, objectives and metrics
Ability to explain security concepts to various audiences
Supports the improvement of security processes - awareness, incident response, breach response, vulnerability management, patch management, etc
Proposes program enhancements
Continuously monitors and evaluates new cybersecurity risks, threats and information security trends; develops effective security risk mitigation strategies
Provides risk evaluation and guidance for IT and non-IT projects, including evaluation and recommendation of appropriate technical controls
Assists with internal and external compliance audits
Provides subject matter expertise to ensure the security program complies with relevant laws, regulations and policies
Closely collaborates with IT, QA and other teams as needed to coordinate the information security aspects of FISMA/FedRAMP, ISO27001, and other compliance
Ensures that security policies, standards and guidelines are followed and applied consistently
Develops security policies, procedures, standards, and guidelines for the organization
Tracks and reports on information security metrics
Oversees the implementation of the disaster recovery policies and standards to align with the company business continuity management program goals
Coordinates the implementation of plans and procedures to ensure business critical services are recovered in the event of disasters or other incidents
Provides direction, support and subject matter expertise in these areas
Assists in response to potential security breaches, coordinates response, and recommends corrective actions
Escalates as appropriate
Ensures accomplishment of all objectives in accordance with policies, procedures, and strategic direction, as well as regulatory standards
Maintains current knowledge of industry and regulatory healthcare trends in addition to developments for the enterprise technology
Educates leadership on appropriate security risk and mitigation strategies
Prepares reports for senior management
Qualifications 4+ years experience in writing information security policies, procedures, standards, and guidelines
Able to write complex, technical documentation focusing on information security
Experience with FedRAMP and/or ISO audit and certification initiatives
Experience working with federal government agencies and in-depth knowledge of FISMA/FedRAMP certification and accreditation requirements as well as NIST, FIPS and OMB standards
Experience with securing cloud platforms and with implementing security principles in DevOps
Demonstrated knowledge of Information Technology Infrastructure Library (ITIL) with respect to security administration and information technology governance in a multi-platform environment
Experience in cybersecurity and risk metrics for reporting
Demonstrated ability to work under pressure and strong emotional intelligence with demonstrated sustained leadership in international organizations that involve multiple stakeholders
Possesses one or more current industry credentials such as CISSP, CISM, CISA, CRISC or other security certifications
Strong and clear communication and writing skills
Bachelor s degree preferably in Engineering, Computer Science, Information technology systems security or related field
Master s degree preferred
Incumbent typically will possess a minimum 5 years of related work experience
CONNECT WITH US! Follow us on Twitter - @EmmesCRO Find us on LinkedIn - Emmes
