We believe conquering cancer is a big data problem. That's why we built the world's leading comprehensive liquid biopsy. This non-invasive tool for accessing & sequencing tumor DNA is used by thousands of oncologists to help tens of thousands of advanced cancer patients. We believe the boom in cancer data acquisition we helped launch will drive important discoveries & new products. We're working on some exciting ones, including in early detection, where the impact on patients can be profound. We've raised more than $500 million from investors including Sequoia Capital, Khosla Ventures, OrbiMed, & SoftBank.
We are building a unique software stack to manage an ecosystem of microservices, RESTful APIs, & data integrations with internal & external systems to deliver useful & elegant user experiences in the extraordinarily complex oncology diagnostic & therapeutic landscape. We connect patients with clinical trials, help clinicians order our test & receive our clinical reports, & deliver valuable genomic datasets to researchers to help uncover important insights into treatment paradigms & drug discovery. Our technology stack reflects our views of using the best tools for the job, employing Java, Python, Ruby along with Kubernetes, Docker, Mulesoft, MySQL, MongoDB, high-performance computing clusters (HPC), & a variety of AWS services to analyze & disseminate vast volumes of genomic data.
Dealing with sensitive information such as Protected Health Information (PHI) & human genomic data, Guardant Health takes the approach of Security & Compliance by Design. As the Director of Information Security & Compliance reporting to the head of Senior Director of IT & Global Infrastructure, you will:
- Work with all business functions to understand the security risks & compliance requirements, develop a long-term corporate strategy for these areas, create alignment with business unit leaders, & represent the strategy to executives & Board of Directors
- Provide leadership in the definition & execution of an Information Security & Compliance roadmap, to include aligning with the defined Information Security strategy, business & product strategy, gaining executive approval & support, & overseeing successful execution
- Serve as an expert advisor to senior management in the development, implementation & maintenance of information systems to ensure that best practice control objectives, as policies & procedures, are achieved in protecting information assets
- Partner closely with R&D & product teams to create & maintain a Secure Product Development Lifecycle & ensure that Information Security requirements/controls can be embedded within the product development process
- As a member of the compliance committee, establish & maintain a close working relationship with global Privacy & Data Protection Officers, ensuring alignment of the objectives & plan between Information Security, Corporate Compliance, & Data Privacy
- Own the Information Security policies & SOPs; ensure they meet business requirements & are in compliance with US federal, state, EU & additional global initiatives
- Be responsible for a global corporate-wide security event monitoring & incident management
- Develop & execute an enterprise-wide identity management architecture & strategy
- Drive regular internal audits of security & compliance controls. Represent the company in external Security & Compliance audits, & track/close related action items
- Oversee security assessments for industry partners & technology vendors
You enjoy an agile, fast paced & highly technical environment.
You are passionate & deeply knowledgeable about building Information Security ( #infosec ) & Compliance into the day-to-day processes.
You are comfortable with tackling technical problems, driving solutions from conception to birth, leading cross-functional collaborations, & communicating technical & non-technical information across multiple functions & levels.
In addition, you bring the followingto the table:
10+ years of experience as Information Security leader & engineer; & a minimum of 3 years in senior leadership role
Solid knowledge of Information Security standards & frameworks such as NIST Cyber Security Frameworks & ISO 27002; along with +++hands on experience in implementing such frameworks
Extensive hands on experience in IT & application security industry trends & direction, network & internet security, IT standards, procedures, & policies
Proven experience in developing & executing a roadmap to comply with regulations such as HIPAA & SOC2
International experience creating collaboration with offshore & outsourced teams
Industry security certifications such as CISA, CISM, CISSP, CCSP, or equivalent
Experience in Healthcare & Life Science industry is a big plus
Bachelor's degree in Computer Science, Engineering or related discipline is preferred