Security Assurance Risk Manager - Accumulus Synergy
Burlingame, CA
About the Job
Background
Accumulus Synergy is a nonprofit trade association working on behalf of industry to address the global need for digital transformation. To help solve for this need, Accumulus is developing a transformative data exchange platform to enable enhanced collaboration and efficiency between life sciences organizations and National Regulatory Authorities worldwide. The Accumulus Platform aims to improve efficiencies in the regulatory process by leveraging advanced technology, including data science and AI, as well as tools for secure data exchange to improve patient safety, help reduce the cost of innovation, and ultimately bring patients safe and effective medicines faster. Accumulus is working with key stakeholders in the life sciences - regulatory ecosystem to build and sustain a platform that aims to meet regulatory, cybersecurity, and privacy requirements spanning clinical, safety, chemistry and manufacturing, and regulatory exchanges and submissions. Accumulus Synergy sponsors include Amgen, Astellas, AstraZeneca, GSK, Johnson & Johnson, Lilly, Merck, Pfizer, Roche, Sanofi, and Takeda.
Job Description
Accumulus is seeking a Security Assurance Risk Manager. This will be a key role on the Security team, reporting to the Director of Security Assurance.
The Security Assurance Risk Manager is responsible for identifying, assessing, and managing security risks across the organization. Key tasks include performing annual and third-party security risk assessments, developing and implementing risk management strategies, and ensuring compliance with industry standards. The role involves maintaining the Risk Register, providing security risk reports, and managing documentation related to security programs.
Collaboration and training are also vital, involving integration of risk management practices across departments, regular reviews and updates of risk frameworks, and mentoring team members on risk management principles.
Responsibilities
Risk Identification and Assessment:
- Identify, assess, and manage security risks across the organization.
- Perform annual security risk assessments, business impact assessments, and critical systems assessments.
- Own and conduct third-party security risk assessments.
- Triage and manage new or changing security requirements, security issues, and potential risks from third parties, customers, or external sources.
Risk Management and Mitigation:
- Develop and manage the operational security risk management program.
- Develop and implement risk management strategies.
- Support the implementation of controls to mitigate risks to an acceptable level.
- Monitor the threat landscape and adjust risk management practices accordingly.
- Ensure compliance with industry standards and regulations.
Documentation and Reporting:
- Own and maintain the Risk Register.
- Provide comprehensive security risk reports to management.
- Maintain documentation, including handbook pages, policies, standards, procedures, and runbooks related to Security Risk programs.
Collaboration and Training:
- Collaborate with other departments to integrate risk management practices into overall business processes.
- Conduct regular reviews and updates of risk management frameworks and practices.
- Train and mentor team members on risk management practices and principles.
Qualifications
- At least 5 years of experience conducting security and risk management activities for regulated markets
- Detailed experience with common risk management standards and models such as: ISO 31000, NIST 800-39
- Demonstrated experience with security control frameworks such as: SOC 2, ISO, NIST
- Detailed understanding of security risk within cloud-native technology stacks
Benefits
While we hope the Accumulus mission is what really attracts you, we also have a lot to offer. Organizations are built by great people, and to attract great people you need to offer a great employee experience. Accumulus can provide:
- Very competitive compensation w/ bonus plan. We must compete with big names in tech & pharma for top talent and compensate accordingly.
- 401(k) matching, immediately vested
- A full benefits package: multiple health plans, vision, dental, life, and disability insurance
- 100% remote work. Accumulus is a fully remote organization, and we intend to remain so
- Experienced leadership to mentor you. We have drawn successful leaders from the biopharma industry with a deep understanding of regulatory affairs and combined them with similarly successful leaders in SaaS product development. Learning opportunities abound.
Unsolicited Contact Policy
Please note that we do not consider resumes submitted by unsolicited third-party recruitment firms. Additionally, we kindly request that candidates refrain from sending unsolicited resumes or making unsolicited contact directly to Accumulus employees. To be considered for any open positions, please utilize our online job application system. We appreciate your cooperation and understanding.
Important Notice: Please note that all official communication from Accumulus Synergy Inc. regarding this job application will be conducted through an email address ending in @accumulus.org. If you receive any communication from an email address that does not match this domain, please disregard it as it may not be legitimate.