IT Security & Risk Mgmt Analyst, Data Privacy

Foster City
See job description.
September 02 2021
Other, Other
Position Type
Full Time
Organization Type
Job Type

IT Security & Risk Mgmt Analyst, Data Privacy
United States - North Carolina - Raleigh

Gilead Sciences, Inc. is a research-based bio-pharmaceutical company that discovers, develops and commercializes innovative medicines in areas of unmet medical need. With each new discovery and investigational drug candidate, we seek to improve the care of patients living with life-threatening diseases around the world. Gileads therapeutic areas of focus include HIV/AIDS, liver diseases, cancer and inflammation, and serious respiratory and cardiovascular conditions.

Making an impact on a global scale
Inclusion is one of the companys five core values. Thats because we know that we are stronger and more innovative at Gilead when we are informed by a diverse set of backgrounds, experiences and points of view. Gilead Sciences is a biopharmaceutical company that discovers, develops and commercializes innovative therapeutics in areas of unmet medical need. The company's mission is to advance the care of patients suffering from life-threatening diseases worldwide.

When you join Gilead, you join our mission to change the world by enabling people to live healthier and more fulfilling lives. Come join a mission-driven bio-pharmaceutical organization that values inclusion and diversity, has a strong portfolio of products, and is constantly #CreatingPossible

Gilead Sciences, Inc. is a biopharmaceutical company that has pursued and achieved breakthroughs in medicine for more than three decades, with the goal of creating a healthier world for all people. The company is committed to pursuing scientific invention to prevent and treat life-threatening diseases, including HIV, viral hepatitis and cancer. Gilead has operations in more than 35 countries worldwide, with headquarters in Foster City, California.

You will be part of a team that is helping millions of people live healthier, more fulfilling lives. We are a close community where every individual matters and everyone has a chance to enhance their skills through ongoing development. Inclusion is one of our core values, which means we are creating and fostering a work environment where our differences are valued, and everyone feels respected and empowered to bring their authentic selves to work. By joining Gilead, you will further our mission to discover, develop and deliver innovative therapeutics for people with life-threatening diseases.

The Gilead Business Services center in Raleigh's Research Triangle region will be home to some of the company's critical shared service teams in North America, including Information Technology, Global Financial Solutions, HR Operations and Procurement Services Desk. These functions provide the necessary support to ensure Gilead's business runs effectively and efficiently. The center will also be a catalyst for standardization of processes, digital transformation and technology optimization. Please check out more at

The IT Security & Risk Mgmt Analyst - Data Privacy is a key member of the Security Risk Compliance (SRC) - DP team and works closely with the Data Protection Working Group (DPWG), Legal Privacy and other IT teams to ensure privacy program and controls are in place. They will provide expertise on Information Security and Privacy principles; company policies and standards; and regulatory requirements as they pertain to data privacy. The person in this position will be required to understand and communicate the reporting requirements as defined by company policy and interpret and apply the concepts and requirements when processing and managing privacy and security incidents.

Essential Job Functions:
  • Develop / update / maintain data related privacy policies, standards and documentation.
  • Provide input to the data privacy program strategy and roadmap
  • Be responsible for working on Data Privacy sustainment project tasks and deliverables ensuring compliance and progressing identified risks
  • Serve as an initial point of contact / escalation for operational teams & works relating to Data Privacy (i.e. PIAs / HRCs / Vendor assessments and related contract reviews), leading resolution of compliance issues and escalating when appropriate
  • Provide assessor / manager related lead activities for Data Privacy Incidents (DPIs) & work collaboratively with CyberSecurity / SOC team for interactions between DPIs and SOC Security incidents
  • Provide inputs for Data Privacy related assessments providing review / approval for resultant reports
  • Feed into requirements for and reviews of vendor proposals
  • Support the Privacy Champion by advising business partners on compliant ways to optimize business success
  • Contribute to the creation and delivery of Data Privacy educational, training and orientation programs for all employees, contractors and other appropriate third parties
  • Maintains current knowledge of global data protection laws and accreditation standards
  • Contribute and collaborate with the organization\'s DPWG
  • Builds and develops strategic working relationships across business groups communicating highly technical information to various audiences
  • Review system-related information security plans throughout the practice / organization\'s network to ensure alignment between security and privacy practices
  • Provide support and conduct reviews of contracts, service level and evaluation agreements
  • Collaborates within various business groups to analyze and evaluate reported potential privacy incidents to determine whether a loss of sensitive data, protection health information, policy violation, and / or cyber or other threat to the enterprise has occurred
  • Analyzes and identifies trends from privacy and security reportable issues
  • Assist with defining and create privacy and security reportable issues metrics and reports
  • Participate in other activities relating to security and privacy incident management

Basic Qualifications:

High School Degree and Eleven Year\'s Experience OR Associates Degree and Nine Years Experience OR Bachelor\'s Degree and Seven Years' Experience OR Masters\' Degree and Five Years' Experience

Preferred Qualifications:
  • 5+ years hands on work experience within IT security/privacy
  • Strong knowledge of information systems security concepts and current information security / privacy trends and practices.
  • Knowledge of global security and privacy-related regulatory requirements
  • Self-starter with the ability to work independently, prioritize, multi-task, and maintain flexibility in fast-paced, changing environment. Be proactive, independent and responsive - requires little supervisory attention
  • Ability to write and communicate in proper business English (including writing our formal assessment documents), with strong verbal skills and ability to adapt information delivery based on the target audience
  • Life Sciences or Pharmaceutical industry experience a plus
  • CIPP / EU, CIPM, CHP, or other certified privacy or security-related certifications or credentials, strongly desired
  • In-depth knowledge and experience of vendor / supplier-based security and privacy assessments and on-site audits
  • A significant level of progressively responsible IT experience including information security / privacy & risk management, and coordinating a team / service provider functions
  • Experience developing and implementing compliance monitoring processes and procedures
  • Experience with formal project planning and risk assessment methodologies
  • Must be able to prepare formal reports and presentations as needed
  • Must be detailed oriented and possess the ability to prioritize tasks so work is completed in an accurate, timely manner
  • Strong business and technical skills in the planning, administration, and management of information systems, operational and technical security controls; and security risk analysis and management
  • Knowledge about medical records and other medical information, patient privacy and confidentiality, and release of information
  • Experience in appropriately managing confidential and sensitive information
  • Strong Knowledge of Security Frameworks (ISO 27001, NIST 800-53, etc.)
  • Ability to confront conflict and progress difficult issues in a professional, assertive and proactive manner
  • Ability to build strong working relationships at all levels, internal and/or external to the organization
  • Prior working experience in a Pharmaceutical company is a big plus
  • Highly organized, results-oriented and attentive to details
  • Excellent presentation, facilitation and diplomacy skills
  • High level of personal integrity consistent with Gilead's core values
  • Performs other duties as assigned

For jobs in the United States:

As an equal opportunity employer, Gilead Sciences Inc. is committed to a diverse workforce. Employment decisions regarding recruitment and selection will be made without discrimination based on race, color, religion, national origin, gender, age, sexual orientation, physical or mental disability, genetic information or characteristic, gender identity and expression, veteran status, or other non-job related characteristics or other prohibited grounds specified in applicable federal, state and local laws. In order to ensure reasonable accommodation for individuals protected by Section 503 of the Rehabilitation Act of 1973, the Vietnam Era Veterans\' Readjustment Act of 1974, and Title I of the Americans with Disabilities Act of 1990, applicants who require accommodation in the job application process may contact for assistance.

Following extensive monitoring, research, consideration of business implications and advice from internal and external experts, Gilead has made the decision to require all U.S. employees and contractors to receive the COVID-19 vaccines as a condition of employment. Full vaccination is defined as two weeks after both doses of a two-dose vaccine or two weeks since a single-dose vaccine has been administered. Anyone unable to be vaccinated, either because of a sincerely held religious belief or a medical condition or disability that prevents them from being vaccinated, can request a reasonable accommodation.\u200b

For more information about equal employment opportunity protections, please view the EEO is the Law' poster.



Our environment respects individual differences and recognizes each employee as an integral member of our company. Our workforce reflects these values and celebrates the individuals who make up our growing team.

Gilead provides a work environment free of harassment and prohibited conduct. We promote and support individual differences and diversity of thoughts and opinion.

For Current Gilead Employees and Contractors:

Please log onto your Internal Career Site to apply for this job.

To apply, visit

Copyright 2021 Inc. All rights reserved.

Posted by the FREE value-added recruitment advertising agency


Similar jobs

Similar jobs