Information Security Director of Security Frameworks
United States - NY, New York
Medidata: Powering Smarter Treatments and Healthier People
Medidata, a Dassault Systèmes company, is leading the digital transformation of life sciences, creating hope for millions of people. Medidata helps generate the evidence and insights to help pharmaceutical, biotech, medical device and diagnostics companies, and academic researchers accelerate value, minimize risk, and optimize outcomes. More than one million registered users across 2,000+ customers and partners access the world's most trusted platform for clinical development, commercial, and real-world data. Known for its ground-breaking technological innovations, Medidata has supported more than 30,000 clinical trials and 9 million study participants. And Medidata’s ongoing commitment to infusing the patient voice into trial designs and solutions is helping to create a better and more inclusive experience for all participants in clinical studies. Medidata is involved in nearly 40% of company-initiated trial starts globally, with studies conducted in more than 140 countries. More than 70% of novel drugs approved by the Food and Drug Administration (FDA) in 2022 were developed with Medidata software. Medidata is headquartered in New York City and has offices around the world to meet the needs of its customers. Discover more at www.medidata.comand follow us @medidata.
Medidata Information Security manages the protection of the assets that our customers and their patients trust us with. More than just ensuring integrity and availability assurance, we are also responsible for the Reputation Integrity of the organization as a whole.
Protection of that Trust is the single truth for our compass and values.
Information Security has evolved from a backoff burden to front and center to the business. This role is necessary to the success of our Go-To-Market strategy, and supports the premise that what we provide is a differentiator.
What we're looking for:
The Director of Information Security Frameworks will lead our organization's efforts in establishing and maintaining robust information security frameworks and standards. The Director of Information Security Frameworks will play a critical role in shaping and strengthening our cybersecurity posture, ensuring compliance with industry standards and regulations, and safeguarding our digital assets.
The Security Frameworks and team is comprised of specialists in the following fields, each reporting to you:
- Continuous Monitoring of currently implemented security framework controls (ISO, SOC, FISMA, and ITGC)
- Customer-facing Information Security communications, participating in security audits and risk assessments performed by our customers
- FedRAMP Compliance
- Information Security Risk Management, as feed into Medidata's Enterprise Risk Management program
As the leader of this team, you will provide strategic guidance and direction, to enable the team members to execute their responsibilities to their fullest potential. As Director, you will work with Information Security leadership to set the team goals, and identify and report on KPIs
You will be provided a hybrid work environment, with remote and in-office presence.
You will report to the Senior Director of Information Security.
Requirements (Education & Experience):
- Have intimate experience in security and compliance standards such as ISO27xxx, NIST 800, SOC2 & ITGC
- Ideally, experience in acquiring and/or maintaining a FISMA & FedRAMP Authority to Operate (ATO)
- Ability to run a third party risk program, and ability to support Enterprise Risk Management
- Leading the refinement of Medidata process documentation, and maintenance of security policies, processes, procedures and standards, to ensure compliance with Medidata’s Industry certification
- A good grasp of the fundamentals of Cloud Security and Information Security practices
- Good background in both IT systems engineering and operations
- Acumen to properly analyze security requirements and relate them to appropriate security controls
- Ability not only to run a small (3-5 person) team, but cross functionally
- Good writing skills; both within a technical and within a corporate environment
- Requires a minimum of 8 years of related experience in Life Science with a Bachelor’s degree (or equivalent); or 6 years with a Master’s degree
- Requires a minimum of 4 years of related experience in a control role, such as Information Security, Compliance, Regulatory affairs
- CISM/CISA/CRISC certifications are desired, but not required. Continuing education through achievement of Security Certification will be expected within 18 months of accepting the role
As with all roles, Medidata sets ranges based on a number of factors including function, level, candidate expertise and experience, and geographic location.
The salary range for positions that will be physically based in the NYC Metro Area is $157,500-210,000.
The salary range for positions that will be physically based in the California Bay Area is $166,500-222,000.
The salary range for positions that will be physically based in the Boston Metro Area is $155,250-207,000.
The salary range for positions that will be physically based in Texas or Ohio is $138,750-185,000.
The salary range for positions that will be physically based in all other locations within the United States is $141,000-188,000.
Base pay is one part of the Total Rewards that Medidata provides to compensate and recognize employees for their work. Most sales positions are eligible for a commission on the terms of applicable plan documents, and many of Medidata’s non-sales positions are eligible for annual bonuses. Medidata believes that benefits should connect you to the support you need when it matters most and provides best-in-class benefits, including medical, dental, life and disability insurance; 401(k) matching; unlimited paid time off (subject to management discretion); and 10 paid holidays per year.