Senior IT Security & Risk Mgmt Analyst Data Privacy

Location
Uxbridge
Salary
See job description.
Posted
January 21 2021
Ref
R0016936
Position Type
Full Time
Organization Type
Pharma
Job Type
Manager

 


Senior IT Security & Risk Mgmt Analyst Data Privacy
United Kingdom - Uxbridge

Gilead Sciences, Inc. is a research-based bio-pharmaceutical company that discovers, develops and commercializes innovative medicines in areas of unmet medical need. With each new discovery and investigational drug candidate, we seek to improve the care of patients living with life-threatening diseases around the world. Gileads therapeutic areas of focus include HIV/AIDS, liver diseases, cancer and inflammation, and serious respiratory and cardiovascular conditions.

Making an impact on a global scale
Inclusion is one of the companys five core values. Thats because we know that we are stronger and more innovative at Gilead when we are informed by a diverse set of backgrounds, experiences and points of view. Gilead Sciences is a biopharmaceutical company that discovers, develops and commercializes innovative therapeutics in areas of unmet medical need. The company's mission is to advance the care of patients suffering from life-threatening diseases worldwide.

When you join Gilead, you join our mission to change the world by enabling people to live healthier and more fulfilling lives. Come join a mission-driven bio-pharmaceutical organization that values inclusion and diversity, has a strong portfolio of products, and is constantly #CreatingPossible


POSITION SUMMARY: The Sr IT Security & Risk Mgmt Analyst - Data Privacy is a key member of the Security Risk Compliance (SRC) - DP team and works closely with the Data Protection Working Group (DPWG), Legal Privacy and other IT teams to ensure privacy program and controls are in place. They will provide expertise on Information Security and Privacy principles; company policies and standards; and regulatory requirements as they pertain to data privacy. The person in this position will be required to understand and communicate the reporting requirements as defined by company policy and interpret and apply the concepts and requirements when processing and managing privacy and security incidents.

ESSENTIAL JOB FUNCTIONS:

 

 

  • Develop / update / maintain data related privacy policies, standards and documentation.
  • Provide input to the data privacy program strategy and roadmap
  • Be responsible for working on Data Privacy related project tasks and deliverables ensuring compliance and progressing identified risks
  • Serve as an initial point of contact / escalation for operational teams & works relating to Data Privacy (i.e. PIAs / HRCs / Vendor assessments and related contract reviews), leading resolution of compliance issues and escalating when appropriate.
  • Provide assessor / manager related lead activities for Data Privacy Incidents (DPIs) & work collaboratively with CyberSecurity / SOC team for interactions between DPIs and SOC Security incidents.
  • Provide inputs for Data Privacy related assessments providing review / approval for resultant reports.
  • Feed into requirements for and reviews of vendor proposals
  • Support the Privacy Champion by advising business partners on compliant ways to optimize business success.
  • Contribute to the creation and delivery of Data Privacy educational, training and orientation programs for all employees, contractors and other appropriate third parties
  • Maintains current knowledge of application EU and global data protection laws and accreditation standards
  • Contribute and collaborate with the organization's DPWG
  • Builds and develops strategic working relationships across business groups communicating highly technical information to various audiences.
  • Review system-related information security plans throughout the practice / organization's network to ensure alignment between security and privacy practices
  • Provide support and conduct reviews of contracts, service level and evaluation agreements
  • Collaborates within various business groups to analyze and evaluate reported potential privacy incidents to determine whether a loss of sensitive data, protection health information, policy violation, and / or cyber or other threat to the enterprise has occurred.
  • Analyzes and identifies trends from privacy and security reportable issues.
  • Assist with defining and create privacy and security reportable issues metrics and reports.
  • Participate in other activities relating to security and privacy incident management.

 


REQUIRED SKILLS & JOB QUALIFICATIONS:

 

 

  • A significant level of progressively responsible IT experience including information security / privacy & risk management, and coordinating a team / service provider functions.
  • Experience developing and implementing compliance monitoring processes and procedures.
  • Experience with formal project planning and risk assessment methodologies.
  • Strong knowledge of information systems security concepts and current information security / privacy trends and practices.
  • Knowledge of EU and global security and privacy-related regulatory requirements (i.e. GDPR, PIPA, PIPEDA, etc.).
  • Must be able to prepare formal reports and presentations as needed.
  • Must be detailed oriented and possess the ability to prioritize tasks so work is completed in an accurate, timely manner.
  • Strong business and technical skills in the planning, administration, and management of information systems, operational and technical security controls; and security risk analysis and management.
  • Knowledge about medical records and other medical information, patient privacy and confidentiality, and release of information.
  • Ability to write and communicate in proper business English (including writing our formal assessment documents), with strong verbal skills and ability to adapt information delivery based on the target audience
  • Experience in appropriately managing confidential and sensitive information
  • Strong Knowledge of Security Frameworks (ISO 27001, NIST 800-53, etc.)
  • Self-starter with the ability to work independently, prioritize, multi-task, and maintain flexibility in fast-paced, changing environment. Be proactive, independent and responsive - requires little supervisory attention
  • Ability to confront conflict and progress difficult issues in a professional, assertive and proactive manner.
  • Ability to build strong working relationships at all levels, internal and/or external to the organization.
  • Prior working experience in a Pharmaceutical company is a big plus
  • Highly organized, results-oriented and attentive to details
  • Excellent presentation, facilitation and diplomacy skills
  • High level of personal integrity consistent with Gilead's core values
  • Performs other duties as assigned

 


EDUCATION & CERTIFICATION

 

 

  • Significant relevant experience
  • University degree, industry appropriate certifications beneficial (CIPP / EU, CIPM, CHP, or other certified privacy or security-related credentials).
  • In-depth knowledge and experience of vendor / supplier-based security and privacy assessments and on-site audits.
  • Awareness of US data protection principles would be advantageous.

 


Equal Employment Opportunity (EEO)
It is the policy of Gilead Sciences, Inc. and its subsidiaries and affiliates (collectively "Gilead" or the "Company") to recruit select and employ the most qualified persons available for positions throughout the Company. Except if otherwise provided by applicable law, all employment actions relating to issues such as compensation, benefits, transfers, layoffs, returns from layoffs, company-sponsored training, education assistance, social and recreational programs are administered on a non-discriminatory basis (i.e. without regard to protected characteristics or prohibited grounds, which may include an individual's gender, race, color, national origin, ancestry, religion, creed, physical or mental disability, marital status, sexual orientation, medical condition, veteran status, and age, unless such protection is prohibited by federal, state, municipal, provincial, local or other applicable laws). Gilead also prohibits discrimination based on any other characteristics protected by applicable laws.


For Current Gilead Employees and Contractors:
Please log onto your Internal Career Site to apply for this job.


To apply, visit https://gilead.wd1.myworkdayjobs.com/en-US/gileadcareers/job/United-Kingdom---Uxbridge/Senior-IT-Security---Risk-Mgmt-Analyst---Data-Privacy_R0016936





Copyright 2017 Jobelephant.com Inc. All rights reserved.

Posted by the FREE value-added recruitment advertising agency

jeid-07a89ef94d26b440b264de15ecd159de