IT Cyber Security, Data Privacy & Compliance Manager

IT Cyber Security, Data Privacy & Compliance Manager

Vacancy expired!

Location: Sunnyvale, CA
Silk Road Medical is looking for a IT Cybersecurity, Data Privacy & Compliance Manager is responsible for establishing and maintaining global IT cybersecurity, compliance and privacy strategy, policies, programs, processes and controls impacting SRM information technology services and solutions. The candidate will collaborate with internal and external stakeholders to maintain enterprise IT compliance, information security and data privacy.
Along with an internal focus, this role will also possess an external facing component assisting with execution and tracking of audit and risk assessments as required by our suppliers, vendors and regulatory bodies. This individual will collaborate with other business functions in the development and revision of standard IT operating procedures, business process workflows, narratives and work instructions that will be the basis for periodic audits as required by the business. This is a new role that will help build out our maturing IT cybersecurity and compliance function.
Reporting to the Director IT, the IT Cybersecurity, Data Privacy & Compliance Manager will provide vision and leadership for the organization’s overall cybersecurity posture and culture.

• Designs, implements and manages enterprise information cybersecurity/compliance/data privacy strategies, policies, procedures, controls, and supporting systems to ensure IT alignment with business operations and adherence to local, federal and international industry regulations
• Identifies, evaluates and assesses IT risks, performs gap assessments and ensures that SRM information assets and infrastructure are properly secured and protected
• Leads IT security planning to achieve business goals by prioritizing initiatives and coordinating the evaluation, deployment and management of security technologies using a risk-based assessment methodology
• Works with IT team and core business functions to fully secure the company’s business data and information systems at all layers of the enterprise technology architecture
• Identifies security and compliance gaps/deficiencies through risk assessments and business impact analyses and through prioritized remediation to ensure information confidentiality, integrity and availability
• Manages the information security team and associated relationships with key IT vendors, consultants and auditors
• Coordinates Sarbanes-Oxley IT documentation, testing and readiness working in collaboration with internal stakeholders and subject matter experts
• Plays an active role in the completion and associated remediation activities for SOX, PCI, HIPAA, GDPR, CCPA and cybersecurity assessments. Assists in the preparation and dissemination of supporting evidence for audits
• Manages corporate information security systems including firewalls, intrusion detection, cryptography, SIEM, EDR, DLP, e-mail and endpoint security systems. Oversees investigation and resolution of issues and security incidents
• Monitors and analyzes information security logs and alerts generated by security, server, storage and network devices, databases and applications (including cloud) and automates monitoring, notification, and reporting
• Coordinates execution of IT incident response plan reviews, risk assessments, disaster recovery/business continuity planning and walkthroughs, process updates and produces associated documentation
• Supervises the design and execution of vulnerability assessments, penetration tests and security audits
• Supervises investigations into problematic security, compliance, and data privacy activities and communicates risks and remediation strategies to senior management
• Develops and maintains IT cybersecurity, compliance and data privacy documentation for the business
• Oversees IT change management process and ensures effective documentation of in-scope activities within the ITSM service desk
• Educates employees on cybersecurity and data privacy through training and periodic audits on the secure use of IT services
• Manages relationships and support in the areas of cybersecurity, IT compliance, and data privacy with IT vendors, consultants and auditors
• Supports IT goals and objectives, developed with IT management and key business stakeholders
• Leads and participates in high-visibility IT projects, vendor assessments, compliance audits and drafting/updating of IT policies and compliance documentation

• Bachelor's degree in information technology, computer science, or related discipline
• 8+ years of information security, IT auditing, compliance, data privacy or similar experience, preferably in a healthcare related industry in a public company environment
• 1-3 years of management experience
• Professional security certification(s) such as CISSP, CISM, CISA, CEH, GSEC strongly preferred
• In-depth knowledge of SOX, HIPAA/HITECH, FDA, GDPR, CCPA regulations and their requirements
• Knowledge of and experience with cybersecurity frameworks such as SOC2, CIS, NIST, ISO 27001, PCI, SEC, Top 20
• Demonstrated experience with internal or external audits and working with a Big 4 accounting firm
• Experience reviewing and updating policies based on new or updated state, federal, and international regulations
• Understanding of ITIL service management processes and COBIT IT governance
• Exposed to a broad set of technologies and processes in the areas of networking, infrastructure, business applications, information management and delivery, and systems development tools/techniques
• Strong understanding of security strategies, tools, technologies and their implications on the business environment
• Technical knowledge of networking environments and a wide range of security technologies, such as network security appliances, identity and access management systems, anti-malware solutions, automated policy compliance, and desktop security tools
• Experience securing enterprise business applications such as ERP, CRM, and QMS
• Proficient in risk, business impact, control, and vulnerability assessments and defining mitigation strategies
• Experience working with validated systems and associated change management framework
• Possess an excellent understanding of business processes and to be able to work effectively with employees at all levels in a fast-growing mid-size international organization
• Conversant in recent state, federal and international developments that impact cybersecurity, compliance, and privacy initiatives, both generally and specifically in the medical device industry

• Excellent knowledge of IT GRC (BCDR, ITSM/ITIL, SOX, ISO, PCI, HIPAA, GMP, GDPR, FDA 21 CFR Part 11)
• Exposure to enterprise systems such as SAP, Oracle, MS Dynamics, QAD, Salesforce, etc.

• Public cloud experience (AWS or MS Azure) highly desired
• Proficient in one or more scripting languages: UNIX Shell, PowerShell, JavaScript, JSON, Perl, Ruby
• Windows administration including Active Directory, domains, FSMO, GPOs, OUs, groups, NTFS, ACLs
• Core networking technologies (TCP/IP, DNS, DHCP, LDAP, PKI, RADIUS, SSL/TLS, SSH, SMTP)
• Experience deploying and managing on-premises and cloud-based IT security tools/solutions
• Hands on experience with leading EPP, EDR, IDP, IAM, IPS, SIEM and WAF tools/solutions
• Expert knowledge of security access controls, policies, groups, rights, permissions
• Deep knowledge and understanding of information technology (infrastructure and applications) security awareness, incident investigation and remediation
• IT systems/network security scanning, patching and hardening
• ITSM change and release management, CAB reviews and approval process