Associate Director, IT Security Brisbane, CA

CareDx, Inc. is a leading precision medicine solutions company focused on the discovery, development, and commercialization of clinically differentiated, high-value healthcare solutions for transplant patients and caregivers. CareDx offers products, testing services, and digital healthcare solutions along the pre- and post-transplant patient journey, and is the leading provider of genomics-based information for transplant patients.

This role will blend business and technical knowledge with strong analysis and technology skills in support of the company's cybersecurity program. This person will have the ability to prioritize multiple projects, dynamically transition between supporting on-prem, cloud, and application development. Mentoring a security team to support the company's growth is a key responsibility. This person will develop, implement, manage and improve the Information Security Program.

The ideal candidate will have a broad working knowledge of both cybersecurity frameworks and information security capabilities from working in roles that included exposure to risk management, compliance, technical and business operations. This candidate will enjoy working with business units to analyze and document business processes in a way that ensures secure and compliant processes. Experience with security frameworks and their application in a working environment with sensitive data is key to this role. Familiarity with technical security toolsets, their capabilities and limitations will be needed to fulfill the requirements of this role, as well as the desire and ability to remain current on information security trends, cyber threats, laws and regulations.

Responsibilities

• Security operational and governance focus. Ensuring the business stays aligned with applicable risks and regulatory requirements.
  
• Ensure cybersecurity strategy and road map are in alignment with industry, threats, audit gaps, and best practices. Keep maturity efforts on-track.
  
• Develop, document, manage and improve security controls across all departments.
  
• Support configuration management by providing security best practice configuration recommendations.
  
• Support secure application development through Dev/Sec/Ops.
  
• Ensure compliance to security policies, standards and processes.
  
• Provide audit support through activities like, quarterly user role and access, ensuring alignment with role and access matrixes, working with external auditors.
  
• Conduct third-party risk management through risk assessments and provide recommendations.
  
• Provide risk management activities by qualifying and performing internal risk assessments and risk treatment recommendations.
  
• Assist in the development, delivery, training and administration of security awareness programs to the workforce.
  
• Ability to operate security tools, e.g. Endpoint protection, Web filtering, VM, MDM, SIEM, DLP, etc.
  
• Collect and gather metrics from tools and teams for security reporting. Prepare and present reports to security committee and leadership.
  
• Support and lead cybersecurity incident response efforts.
  
• Manage DR and BCP programs.
  
• Manage IT security budget
  
• Other duties as assigned.

Skills and Qualifications

• Bachelor's degree in business, Computer Science, Engineering or related discipline or equivalent experience.
  
• 8 years in an IT security leadership role required, or related technical leadership experience.
  
• Solid understanding of NIST CSF cybersecurity framework; including the ability to apply appropriate identification, proration, detection, respond, and recover capabilities.
  
• Experience managing SOC 2 audit efforts and HIPAA risk assessments.
  
• Business analyst and/or audit experience encompassing information technology systems and security controls.
  
• Experience with cloud provider security concerns and documenting risk treatment initiatives is highly preferred.
  
• Understanding of application security disciplines, exploits, and frameworks such as OWASP.
  
• Working knowledge of directory services, application development, and infrastructure (networks, server and end computing devices) as required to ensure compliance with information security controls.
  
• Experience with IDR, EDR, PAM, SIEM and NAC tools
  
• Experience with CrowdStrike, ArticWolf, Abnormal Security, Microsoft Purview a plus
  
• Experience providing technical oversight on managed, or internal, security services including endpoint protection, vulnerability assessments, patch management, log management, and perimeter controls.
  
• Office O365 experience focusing on security best practices and configuration.
  
• Azure experiences focusing on Security Center and best practices and configuration.
  
• Experience working with application development teams (DevOps).
  
• A broad range of exposure to business continuity, systems analysis and risk management.
  
• Project or engagement management experience with the ability to manage multiple and complex priorities across cross-functional teams.
  
• Takes initiative on improvements and proposes solutions to security and audit gaps.
  
• Ability to handle multiple tasks and projects simultaneously in an organized and timely manner.
  
• Detailed oriented, with the ability to plan, prioritize, and meet deadlines in a fast-paced environment
  
• Ability to communicate professionally and effectively, both written and verbally, particularly when under pressure.
  
• Ability to work independently, as well as part of a team.

Additional Details:

Every individual at CareDx has a direct impact on our collective mission to improve the lives of organ transplant patients worldwide. We believe in taking great care of our people, so they take even greater care of our patients.

Our competitive Total Rewards package for US Employees includes:

• Competitive base salary and incentive compensation
• Health and welfare benefits, including a gym reimbursement program
• 401(k) savings plan match
• Employee Stock Purchase Plan
• Pre-tax commuter benefits
• And more!
• Please refer to our page to view detailed benefits athttps://caredx.com/company/careers

In addition, we have a Living Donor Employee Recovery Policy that allows up to 30 days of paid leave annually to a full-time employee who makes the selfless act of donating an organ or bone marrow.

With products that are making a difference in the lives of transplant patients today and a promising pipeline for the future, it's an exciting time to be part of the CareDx team. Join us in partnering with transplant patients to transform our future together.

CareDx, Inc. is an Equal Opportunity Employer and participates in the E-Verify program.

By proceeding with our application and submitting your information, you acknowledge that you have read our U.S. Personnel Privacy Notice and consent to receive email communication from CareDx.

***We do not accept resumes from headhunters, placement agencies, or other suppliers that have not signed a formal agreement with us.***

Certain jurisdictions require notice of how we use and protect your personal information. For more information, please read our Privacy Policy