Roivant is a global biopharma company improving health by rapidly delivering innovative medicines & technologies to patients. We do this by building Vants - nimble, independent, entrepreneurial subsidiaries focused on delivering results in quick & innovative ways.
Roivant operates as a data-centric incubator, supporting our subsidiaries by building best-in-class technologies to support pharma development & commercialization. Our mission is to improve health by rapidly delivering innovative medicines to patients.
At Roivant, data is our biggest asset & our clear competitive advantage. We want to structure & make our data accessible to power a suite of uses from analytics to full featured data products to power the next generation of pharma companies. At Roivant, were passionate about using data to fix a fundamentally broken pharmaceutical development process. Come join us & help accelerate bringing life-saving therapies to those who need them.
- Will define & document security policies & controls to secure production applications & data.
- Will be required to evaluate the security posture of Lokavants production applications & infrastructure with respect to the defined controls & policies.
- Will perform continuous vulnerability monitoring of application & infrastructure & address remediations strategies with stakeholders.
- Will evaluate, select & manage relationships with 3rd party security penetration vendors & will schedule & manage attack/pen tests.
- Will liaison with IT security resources & be able to help define & assume additional IT specific related security controls over time.
- Will participate in customer security audits & will assist with systems integrations design that involves security considerations specific to data, transport or authentication/authorization.
- Will define & mature the processes for security audits across the entire organization.
Skills, Qualifications, & Requirements:
- BA/BS degree in Information Technology/Computer Information Systems or related.
- CIA (certified internal auditor), CISA (certified information systems auditor), or CISSP (certified information systems security professional)
- 3-5 years of previous experience in corporate security audit roles.
- Highly motivated, creative problem solver with a can-do attitude & willing to take on multiple responsibilities at once while working in a fast-moving environment & consistently delivering results.
- Demonstrated exposure to SAAS application security concepts & best practices within a contemporary application framework & public cloud-based infrastructure.
- Demonstrated awareness of cyber security trends & hacking techniques.
- Ability to work comfortably under pressure, frequently changing landscape & tight deadlines.
- Ability to think strategically with excellent business judgment.
- Resourceful & relentless: independently capable of seeking information, solving conceptual problems, corralling resources, & delivering results in challenging situations.
- Quick & scrappy learner who adapts well to a fast-moving environment & gets things done, combines creativity, problem-solving skills, & a can-do attitude to overcome any obstacle
- Highly Innovative problem solver possessing strong interpersonal, multi-tasking, organizational, project planning skills, & a demonstrated ability to meet aggressive deadlines
- Excellent verbal & written communication skills; ability to deal with complex problems & present recommendations & findings in a clear, concise format.
- Familiarity with security & regulatory frameworks including but not limited to: NIST, ISACA, HIPAA, GDPR, etc.
- Highly proficient in internal auditing, internal controls, & risk management.
Additional Preferred Qualifications:
- Previous experience in a startup early life cycle product development company.
- Comprehensive understanding of internal control environments within the IT function
- Experience with multiple technology domains including aspects of Windows, Firewalls (functionality), Office 365 Security, Endpoint Security, Multi Factor Authentication, software & networking.
- Experience with leading & managing incident response efforts.