Information Security Continuous Monitoring Specialist
United States - NY, New York
Medidata: Powering Smarter Treatments and Healthier People
Medidata, a Dassault Systèmes company, is leading the digital transformation of life sciences, creating hope for millions of people. Medidata helps generate the evidence and insights to help pharmaceutical, biotech, medical device and diagnostics companies, and academic researchers accelerate value, minimize risk, and optimize outcomes. More than one million registered users across 2,000+ customers and partners access the world's most trusted platform for clinical development, commercial, and real-world data. Known for its ground-breaking technological innovations, Medidata has supported more than 30,000 clinical trials and 9 million study participants. And Medidata’s ongoing commitment to infusing the patient voice into trial designs and solutions is helping to create a better and more inclusive experience for all participants in clinical studies. Medidata is involved in nearly 40% of company-initiated trial starts globally, with studies conducted in more than 140 countries. More than 70% of novel drugs approved by the Food and Drug Administration (FDA) in 2022 were developed with Medidata software. Medidata is headquartered in New York City and has offices around the world to meet the needs of its customers. Discover more at www.medidata.comand follow us @medidata.
Medidata Information Security manages the protection of the assets that our customers and their patients trust us with. More than just ensuring integrity and availability assurance, we are also responsible for the Reputation Integrity of the organization as a whole.
Protection of that Trust is the single truth for our compass and values.
Information Security has evolved from a backoff burden to front and center to the business. This role is necessary to the success of our Go-To-Market strategy, and supports the premise that what we provide is a differentiator.
What we're looking for:
The Information Security Continuous Monitoring Specialist maintains and improves Medidata’s Information Security audit program. In this role, you will be responsible to:
- Maintain Medidata’s central framework control library, inclusive of all adopted frameworks (ISO, FISMA, SOC)
- Automate and maintain Medidata’s utility for the collection of control artifacts
- Review submitted control artifacts for accuracy/completeness
- Maintain and report list of audit findings and CAPA items
- Coordinate ISMS/ISPMS meetings
- Schedule and host external audit teams
- Register and tracking findings and resulting POAMs and CAPAs
- Partner with Medidata’s Global Compliance team to ensure seamless coverage for quality
- Partner with Legal to ensure seamless coverage concerning Data Privacy
- Collaborate with all Information Security teams, to improve the state of Medidata’s ISMS/ISPMS program
You will work with internal audit teams to track Operational Level Agreements (OLAs) for control artifacts to be collected from Dassault Systèmes and also manage the audits InfoSec is responsible for and work with GCS on the SOC2+.
You will be provided a hybrid work environment, with remote and in-office presence, as needed.
You will report to the Information Security Director of Security Frameworks and Compliance.
Requirements (Education & Experience):
- Intimate knowledge of ISO 27001, 27017, 27018, 27701
- Familiarity with SOC1 and SOC2 controls
- Experienced with conducting internal compliance reviews and hosting external audits
- Knowledge of NIST 800-53
- A good grasp of the fundamentals of Cloud Security
- Experience in Information Security Best Practices
- To analyze security requirements and relate them to appropriate security controls
- Good writing skills; both within a technical and within a corporate environment
- At least 5 years in Technology, Medical, LifeSciences or HealthCare
- At least five years exposed to Security Frameworks (AISCPA, ISO, CoBIT)
- Bachelor's degree (or above) in Computer Science/Engineering, Information Technology or comparable required
- CISM/CISA/CRISC certifications are desired, but not required
- Cloud Security certification is desired, but not required
- CISSP Certification is a bonus, will be expected within 1 year of hire
As with all roles, Medidata sets ranges based on a number of factors including function, level, candidate expertise and experience, and geographic location.
The salary range for positions that will be physically based in the NYC Metro Area is $96,000-128,000.
The salary range for positions that will be physically based in the California Bay Area is $101,250-135,000.
The salary range for positions that will be physically based in the Boston Metro Area is $94,500-126,000.
The salary range for positions that will be physically based in Texas or Ohio is $84,375-112,500.
The salary range for positions that will be physically based in all other locations within the United States is $85,500-114,000.
Base pay is one part of the Total Rewards that Medidata provides to compensate and recognize employees for their work. Most sales positions are eligible for a commission on the terms of applicable plan documents, and many of Medidata’s non-sales positions are eligible for annual bonuses. Medidata believes that benefits should connect you to the support you need when it matters most and provides best-in-class benefits, including medical, dental, life and disability insurance; 401(k) matching; unlimited paid time off (subject to management discretion); and 10 paid holidays per year.