ERT is hiring for a Manager of Security & Risk Management reports to the Chief Information Security Officer (CISO). The role is to lead ERT’s efforts to ensure that it protects the information it collects, maintains, and distributes, electronically or otherwise. This role interacts effectively with ERT’s Data Privacy Officer and team as well with R&D teams supporting all ERT clinical SaaS portfolio. Will have the responsibility to ensure that appropriate security policies, standards, procedures and IT security infrastructure (including cybersecurity platforms, servers, databases, personal computers, 3rd party hosted services, and mobile devices) are designed (“security by design”) and maintained to protect ERT’s information, both clinical data that ERT is a steward of for customers, and internal data. Will contribute to the building of the current information security strategy at ERT, and working with the CISO and departments across ERT to ensure that budget, planning, infrastructure and implementation of information security based initiatives can be managed efficiently. This is a wide-reaching security role, and requires an individual with a strong technical background, a solid understanding of network, host, applications and data security, and a demonstrated knowledge of compliance-related laws and regulations. Will need to be well versed in building information security programs to attain a high level of maturity. This position carries the responsibility to ensure the timely identification, remediation and tracking of technical, procedural and policy-based items that may impact the security, use and stewardship of the ERT’s customers and corporate data and information systems. Writing policies and documentation, communicating complex topics with ERT organizations and training on new policies and procedures are key responsibilities.
The role will work with various ERT departments in assessing, developing, implementing, and maintaining information security standards, communicating policies and procedures related to information security, within ERT data centers, SaaS and Cloud environments.
Finally, this position will implement control frameworks and ensure adherence with ISO 27001, HIPAA/HITECH, 21CFR Part11 and manage security across all IT departments to ensure auditable and documented end-to-end processes for the operation and handling of ERT’s data and systems.
Define policies, procedures, communications and training for the following:
Other Duties and Responsibilities:
Effectively collaborate and communicate with Development, DevOps, Executive Management and Lines of Business to report out security operations status
The duties and responsibilities listed in this job description represent the major responsibilities of
the position. Other duties and responsibilities may be assigned, as required. ERT reserves the
right to amend or change this job description to meet the needs of ERT. This job description and
any attachments do not constitute or represent a contract.
Qualifications and Skills Needed
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.