We believe conquering cancer is a big data problem. That's why we built the world's leading comprehensive liquid biopsy. This non-invasive tool for accessing & sequencing tumor DNA is used by thousands of oncologists to help tens of thousands of advanced cancer patients. We believe the boom in cancer data acquisition we helped launch will drive important discoveries & new products. We're working on some exciting ones, including in early detection, where the impact on patients can be profound. We've raised more than $500 million from investors including Sequoia Capital, Khosla Ventures, OrbiMed, & SoftBank.
We are building a unique software stack to manage an ecosystem of microservices, RESTful APIs, & data integrations with internal & external systems to deliver useful & elegant user experiences in the extraordinarily complex oncology diagnostic & therapeutic landscape. We connect patients with clinical trials, help clinicians order our test & receive our clinical reports, & deliver valuable genomic datasets to researchers to help uncover important insights into treatment paradigms & drug discovery. Our technology stack reflects our views of using the best tools for the job, employing Java, Python, Ruby along with Kubernetes, Docker, Mulesoft, MySQL, MongoDB, high-performance computing clusters (HPC), & a variety of AWS services to analyze & disseminate vast volumes of genomic data.
Guardant Health is looking for an experienced & visionary leader who wants to be partofa teamoftechnology & business professionals supporting our missionofconquering cancer with data. CustodiansofProtected Health Information (PHI) & human genomic data, we adopt an approachofSecurityand Compliance by Design. As the InformationSecurityOfficer reporting to the Chief InformationOfficer, you will:
- Work with all business functions to understandsecurityrisks & opportunities, develop & maintain a holisticsecuritystrategy, & represent the strategy to our executives & BoardofDirectors
- Advocate on mattersofinformationsecurity, trust & privacy to internal & external stakeholders
- Partner with R&D, product & software teams to ensure that InformationSecurityrequirements/controls are embedded within the product & software development processes
- Establish & maintain close working relationships with global Privacy & Data ProtectionOfficers, ensuring alignmentofthe objectives & plans between InformationSecurity, Corporate Compliance & Data Privacy
- Own the InformationSecuritypolicies to meet business requirements & in compliance with US federal, state, EU & other regulatory bodies
- Establish a comprehensivesecurityprogram, & build an informationsecurityfunction, based on assessed informationsecurityrisk & business priorities; communicate regular status updates on progressofstrategy implementation & maturityofthe program
- Oversee or directly managesecuritycapabilities such as: design & approvalofsecuritysystems; event monitoring & incident management; identity & access management; training - both specific (eg secure coding practices), & general (eg employee education & awareness); selectionoftools & vendors
- Drive regularsecurityreviews, including penetration testing & vulnerability assessments; own remediation plans through completion, in conjunction with other business & technical leaders
- Overseesecurityassessmentsofindustry partners & technology vendors
- Remain current with thesecuritythreat landscape, emerging technologies andsecuritysolutions, changes to regulations or legislation
- Participate as a memberofthe CIO leadership team in strategy, architecture, development, operations & data governance
- You enjoy an agile, fast paced & highly technical environment.
- You are passionate & deeply knowledgeable about building InformationSecurity( #infosec ) into day-to-day business processes within a high-growth environment.
- You are comfortable with tackling technical problems, driving solutions from conception to birth, leading cross-functional collaboration, & communicating technical & non-technical information across multiple functions & levels.
- 10+ yearsofexperience in InformationSecuritybased on deep technical knowledge; a minimumof3 years in senior leadership roles
- Familiarity with InformationSecuritystandards, frameworks & reference sources, such as NIST; ISO 27000 series; MITRE ATT&CK; OWASP; along with hands on experience in implementing such frameworks or leveraging sources to govern & maintain operational excellence insecurityoperations
- Extensive hands-on experience in IT & applicationsecuritybest practice & trends, network & internetsecurity, IT standards & policies
- Proven experience in developing & executing a roadmap to comply with regulations such as HIPAA, SOC2, SOX, GDPR as well as integration between informationsecurityand other frameworks such as COBIT
- Current with enterprise technology stacks, practices & trends, such as cloud, CI/CD, big data, digital transformation, collaboration, BYOD & infrastructure virtualization
- UnderstandingofUS & international legal structures, precedents & remedies pertaining to informationsecurity, for example breach notification procedures, as well as specific requirements to satisfy CCPA, GDPR, HIPAA or equivalent legislation
- International experienceofcollaboration withoffshore & outsourced teams
- Experience in Healthcare & Life Science industries preferred
- Industrysecuritycertifications such as CISA, CISM, CISSP, CCSP, or equivalent are welcome but not required
- Bachelor's degree in Computer Science, Engineering or related discipline is preferred; equivalent knowledge & experience acceptable
We would like to talk with you about our exciting projects we currently have ongoing. Please seewww.guardanthealth.com/jobsfor more information & to apply.
To learn more about the information collected when you apply for a position at Guardant Health & how it is used, please review ourPrivacyNotice for Job Applicants.
All your information will be kept confidential according to EEO guidelines. NO AGENCIES PLEASE.