The Associate Director, Information Security is responsible for the overall design, execution and day-to-day management of Avanir's information security capabilities in alignment with appropriate global information security standards. As the architect and thought leader in developing a comprehensive, risk-based information security strategy and roadmap, drive the maturity of Avanir's people, processes and tools to support and enhance this critical business capability. In partnership with other Otsuka affiliates, they will adapt and adopt enterprise information security frameworks, define and align on shared capabilities and represent Avanir's needs within the Otsuka affiliate information security community.
The successful candidate will be able to demonstrate a hand's-on approach to developing and managing information technology related risk assessment programs, vendor assessment programs, incident response programs, and information security audits; be equally comfortable in creating strategic plans and acting tactically to implement their vision. They will align Information Security risk management activities with Avanir's business objectives and risk tolerance; identifyand mitigate potential risks through threat analysis and support initiatives for Avanir and Otsuka global standards and compliance.
The Associate Director, Information Security has the ultimate responsibility for instantiating an information security aware culture and a business application security infrastructure in alignment with the highest quality standards, with success demonstrated through clear metrics and reporting.
This position will report directly to Avanir's Chief Information Officer (CIO).
Essential Job Functions:
* Analyze and assess the current and future information security threat landscape; develop, implement and continuously improve Avanir's information security program to ensure that an effective, risk-based security mindset is embedded throughout all people, processes and systems
* Create, socialize and implement an information security strategy and roadmap based on Avanir's current risk assessment and gap analysis
* Provide guidance and recommendations to Avanir's CIO regarding prioritization of investments and projects that mitigate risks and reduce vulnerabilities
* Lead security programs and initiatives to support business objectives and manage technology related risks to an acceptable level
* Provide ongoing security reviews designed to evaluate the current environment as well as new and emerging features and technologies to improve Avanir's security posture
* Develop and execute risk assessments and analysis initiatives, including the design and integration of solutions for risk assessments (internal or external assessments)
* Develop and execute local programs, policies and processes to ensure compliance with applicable governance policies, such as Otsuka's global CSIRT policy
* Collaborate within Avanir and across Otsuka information security counterparts to ensure alignment to global security standards
* Manage audit remediation initiatives across the infrastructure and information systems to satisfy compliance requirements and manage risks to an acceptable level
* In partnership with Avanir's key stakeholders, develop, publish and maintain comprehensive information security and privacy standards, policies, procedures and guidelines and enforce these in compliance with applicable global, federal and state regulations and standards
* In partnership with Avanir's compliance and legal functions, act as the Avanir IT contact for follow-up on information security incidents, oversee development of response plans and provide timely update reporting
* Monitor information security trends and evolving technologies and keep senior management informed about related information security issues and implications for the Company
* Conduct regular and ongoing monitoring of and reporting on Company-wide compliance with information security standards and policies
* Perform other duties as assigned by management
* Bachelor's degree in Information Technology, Engineering or related technical or business field
* 14+ years of related experience in an Information Technology role; 7+ years' experience serving in a management and leadership role within an Information Security function (IT Security, IT Audit, etc.) or a similar consulting organization is required
* Strong technical skills relevant to Information Security such as secure coding standards, ethical hacking techniques, IDS/IPS, and SEIM
* Working knowledge of information security technologies, markets and vendors including firewall, intrusion detection, assessment and monitoring tools, encryption, certificate authority, and cloud identity management
* Proficiency with MS Office applications and common web applications
* Familiarity with global Information Security industry standards/best practices and relevant regulations (e.g., PCI DSS, HIPAA, GDPR, NIST, ISO, CobiT, ISF)
* CISSP, CISM, CISA, GCIH, CEH or other related information security certifications preferred
* Core competencies for this role include: Adapt to Change - demonstrate Organizational Awareness, Self-Awareness, Proactivity and Learning Agility, Work Collaboratively - embody Teamwork, Influence without authority, and demonstrate Technical Expertise, Apply Judgment - effectively leverage Prioritization, Problem Solving and Decision Making skills to achieve superior results
This position primarily works in an office environment. It requires the ability to sit or stand for long periods of time and frequent walking. Daily use of a computer, phone, office equipment and other computing and digital devices is required. May be required to stand for extended periods when facilitating meetings or walking in the facilities. Some local travel may be necessary, so the ability to travel by plane, operate a motor vehicle and maintain a valid Driver's license and/or effectively navigate public transportation is required. While performing the responsibilities of the job, the employee must be able to read and respond to interoffice communications as well as effectively participate in meetings. The employee is often required to sit and use their hands and fingers, to lift up to 20 lbs., pull, push, carry, handle or feel. The employee is required to carry, handle items, reach with arms and hands, to stoop, kneel, or crouch; talk or hear. Mental demands may require prolonged concentration, reading comprehension, understanding and interpretation of concepts, ideas and philosophies. The physical demands of the position described herein are essential functions of the job and employees must be able to successfully perform these tasks for extended periods. Reasonable accommodations may be made for those individuals with real or perceived disabilities to perform the essential functions of the job described unless such accommodations would cause Avanir an undue burden.
While performing the responsibilities of the job, these work environment characteristics are representative of the environment the job holder will encounter. Reasonable accommodations may be made to enable people with disabilities to perform the essential functions of the job unless such accommodations would cause Avanir an undue burden. While performing the duties of this job, the employee is occasionally exposed to moving carts, mechanical equipment (copiers, computers, coffee machines) and vehicles. May be subject to smells and odors. The noise level in the work environment is usually quiet to moderate. The passage of employees through the work area is average and normal.
As an equal opportunity employer, Avanir Pharmaceuticals is committed to providing all applicants and employees with equal access to employment opportunities, regardless of sex, race, age, color, national origin, ancestry, disability, pregnancy, religion, genetic information, sexual orientation transgender status, gender identity, marital status, military or veteran status, or any other characteristic protected by federal, state, or local law. All Avanir Pharmaceuticals employees, officers, principles, agents, and representatives are expressly prohibited from engaging in unlawful discrimination. Consistent with federal, state, and local requirements, Avanir Pharmaceuticals will reasonably accommodate any qualified individual with a disability if such accommodation would allow the individual to perform the essential functions or the job, unless doing so would create an undue hardship.
Avanir Pharmaceuticals shall abide by the requirements of 41 CFR-60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals on the basis of protected veteran status or disability, and require affirmative action by covered prime contractors and subcontractors to employ and advance in employment qualified protected veterans and individuals with disabilities.
About Avanir Pharmaceuticals
Avanir Pharmaceuticals is a biopharmaceutical company focused on providing medicines to patients with central nervous system disorders.