Guardant Health is a leading precision oncology company focused on helping conquer cancer globally through use of its proprietary blood tests, vast data sets & advanced analytics. Its Guardant Health Oncology Platform is designed to leverage its capabilities in technology, clinical development, regulatory & reimbursement to drive commercial adoption, improve patient clinical outcomes & lower healthcare costs. In pursuit of its goal to manage cancer across all stages of the disease, Guardant Health has launched multiple liquid biopsy-based tests, Guardant360 & GuardantOMNI, for advanced stage cancer patients, which fuel its LUNAR development programs for recurrence & early detection. Since its launch in 2014, Guardant360 has been used by more than 6,000 oncologists, over 50 biopharmaceutical companies & all 27 of the National Comprehensive Cancer Network centers.
We take the approach of Security & Compliance by Design-we build security & compliance into every element of our organization & day-to-day processes.
You will be a key part of that approach & serve with the Privacy Officer as the organization's point person for the protection of personal data, such as employee data & Protected Health Information (PHI), as well as human genomic data. You will help conceptualize, design, implement, & audit organization-wide data security policies as part of our governance, risk, & compliance activities. You will have responsibility for periodic risk assessments, policy enforcement, & security awareness & training, in addition to having an important role in incident response & in responding to any inquiries regarding our data security program, processes, & practices.
Essential Duties & Responsibilities:
- Advise the Compliance Officer, Management & the Board of Directors on information security risks & the current status of the information security program
- Oversee the monitoring of information technology assets for potential malicious activity & triage alerts accordingly
- Work with all business functions to understand current security risks & compliance requirements, develop a long term corporate strategy for these areas, present the strategy to executives & gain support
- Conduct or oversee periodic risk assessments to proactively identify & quantify risks to the confidentiality, integrity, & availability of ePHI & other sensitive or critical data
- Design & oversee implementation of risk management plans in response to the periodic risk assessments to reduce identified risks to acceptable levels
- Formulate security policies & practices which comply with HIPAA, including its technical, administrative, & physical safeguards for ePHI, as well as other relevant laws & regulations
- Promote enterprise-wide security awareness, including by designing & presenting comprehensive data security trainings for workforce members, as well as tailored programs for those with access to particularly sensitive data or systems
- Regularly audit effectiveness of the organization's information security controls & implement improvements where necessary
- Monitor & provide input into the Secure Product Development Lifecycle & help ensure that Information Security requirements/controls can be embedded within the product development process
- Evaluate the impact of technical & operational changes to the organization on information security & assist with designing & implementing controls to address any risks that arise from such changes
- Implement & oversee audit controls to monitor employee & third-party access to systems or data held by the organization
- In collaboration with the Privacy team, periodically evaluate compliance with HIPAA & other applicable information security laws through both technical means, such as overseeing vulnerability scanning & penetration testing, & non-technical means, such as periodic review of policies & procedures for compliance with current law
- Support the organization's efforts to obtain & maintain data security certifications & align with leading security frameworks & standards
- Oversee the organization's efforts to acquire threat intelligence & address potential future threats
- With the Chief Compliance Officer & Privacy Officer, coordinate the organization's response to security incidents, including submitting required disclosures or notifications
- Support security-related diligence & oversight of the company's service providers & vendors, including HIPAA-covered Business Associates
- Maintain current working knowledge of legal & regulatory developments in health data security & update the organization's policies & practices, as appropriate
- Develop a process for receiving, investigating, & tactfully responding to reports of employee noncompliance with security policies
- Support the Chief Compliance Officer with responding to security-related audits or investigations related to the organization's compliance with HIPAA, GDPR, & other applicable laws & relevant security requirements
- Where necessary, provide clear technical advice to senior executives, as well as compliance & governance committees
- Manage & train information security staff to ensure that the information security team is capable of adequately addressing risks to the confidentiality, integrity, & availability of data & systems
- 6+ years of experience in Information Security and/or Compliance roles demonstrating increasing responsibilities over time; 2+ years experience in senior leadership role
- Passion for building Information Security & Compliance into day-to-day processes across a complex organization, & a track record of success in doing so
- Detailed knowledge of the HIPAA Security Rule & its intricacies-as well as relevant state & international health data security laws-is required, in addition to familiarity with Information Security frameworks & standards
- Demonstrated ability to tackle technical problems, drive a solution from conception to birth, lead cross-functional collaborations, & communicate technical & non-technical information across multiple functions & levels
- Background in IT & cybersecurity is [preferred / a plus], such as a Bachelor's degree in Computer Science, Engineering, or related discipline, or relevant industry certifications, such as CISSP or equivalent
- Experience in the Healthcare or other Life Sciences industries is strongly preferred
All your information will be kept confidential according to EEO guidelines.
To learn more about the information collected when you apply for a position at Guardant Health & how it is used, please review ourPrivacy Notice for Job Applicants.