IT Assurance Program Manager
TraceLink has built the world's largest cloud-based network dedicated to protecting patients, ensuring compliance and growing profits across global life sciences. The TraceLink Life Sciences Cloud is our network, platform and community that links people, processes and information everywhere from ingredient to patient.
Businesses across the globe, including 16 of the top-20 pharmaceutical companies, trust us to help them manufacture and deliver safe, secure medicines to the patients who need them anywhere in the world. We need game changers ready to break down business barriers, master new technologies and become trusted advisors for some of the largest and fasting growing companies on the planet. How will you challenge yourself? Learn more about TraceLink.
The IT Assurance Program Manager Security is responsible for driving alignment of TraceLink’s IT assurance programs with relevant industry and global regulations and standards. Primary focus is on information security and risk management, though this role will also support privacy, service management, business continuity, vendor oversight, and other initiatives.
Major Duties / Responsibilities:
- Lead the operation, support, and maintenance of TraceLink’s Information Security Management System (ISMS) based on the ISO/IEC 27000 series standards
- Manage policies, standards, procedures, and guidelines to ensure complete coverage with relevant standards, frameworks, and regulations
- Manage controls inventory and alignment with relevant standards, frameworks, and regulations
- Perform risk assessments of functions, processes, and controls; drive development of remediation/mitigation plans to improve design and operational effectiveness
- Manage and lead the design and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies and applicable laws and regulations
- Liaise with Subject Matter Experts (SMEs) to drive continuous improvement and obtain required approvals
- Manage exception process and tracking
- Manage remediation of nonconformities and corrective actions
- Support departments with security-related requirements for internal projects or external vendors
- Perform vendor risk assessments to support due diligence and oversight
- Coordinate with vendor managers to ensure identified risks are addressed
- Leads the preparation for ISO 27001 certification
- Manage the certification audit process and subsequent surveillance and recertification audits
- Develop plans for additional assurance programs (e.g., SOC 2, CSA STAR, etc.)
- Support responses to customers and prospects for RFIs, RFPs, and questionnaires
- Support information security awareness, training, and educational activities
Skills and Requirements:
- Bachelor's degree in Computer Science, Information Systems Security, Business Administration or related field
- Minimum 6-8+ year's relevant experience with a proven record of success
- Strong program management experience with proven results developing strategy and organizing cross-functional initiatives
- Strong project management experience with demonstrated success in leading, controlling, and completing IT projects
- Demonstrated ability to achieve results through cross-functional, virtual teams
- Strong organization and document management skills
- Strong working knowledge of IT processes and infrastructure
- Knowledgeable on business process management practices
- Experience designing, implementing, maintaining, and supporting and Information Security Management System (ISMS)
- Experience with the application of threat modeling or other risk identification techniques
- Experience performing risk assessments, either as individual or part of a team
- Excellent analytical, reasoning, and problem solving skills
- Excellent verbal and written communication skills, including executive-level presentations
- Experience applying IT controls in a cloud-first technology company
- ISO 27001 Lead Auditor certification
- CISSP, CGEIT, CISA, CISM, or CRISC certifications
- PMP certification
- Familiarity with ITIL, ISO 20000, ISO 22301, ISO 31000, CSA CCM, SOC 1/2/3, NIST CSF, NIST 800-53, GxP, Privacy Shield, HIPAA requirements
TraceLink offers their employees a comprehensive, best-in-class benefits package. The package includes, medical insurance (HMO and PPO), dental and vision coverage, life insurance, AD&D, short-term and long-term disability. Employees are also eligible for a bonus plan. Employees in the Sales department are offered a competitive commission structure. In addition, all employees are offered stock options at the time of hire.
- On-site Gym (Free)
- Fully stocked kitchens
- Free Catered Lunch and Dinner, every day
- Thirsty Thursdays (Beer and Wine Socials)
TraceLink is headquartered in North Reading, MA just off I-93 Exit 39 (Concord St).
The duties listed in this job description are intended only as illustrations of the various types of work that may be performed. The omission of specific statements of duties does not exclude them from the position if the work is similar, related, or a logical assignment to the position.