Sr. Information Security Administrator
San Francisco, CA

Job Description

Sr. Information Security Administrator

Location San Francisco

Requisition Number 3494-850-R

Apply Now

Position Overview

The Sr. Information Security Administrator is a key position in the Nektar IT department.

The Sr. Information Security Administrator will be responsible for managing the existing systems responsible for securing the enterprise, as well developing and maintaining an ongoing security assessment and roadmap to ensure Nektar's multi-layered security infrastructure anticipates and matches emerging threats. Participates in new system implementations and vendor evaluations to ensure new system implementations adhere to the established security policies and practices. This job contributes to and supports the company's research and development efforts to create high value therapeutics to address unmet medical needs.

Proactively applies professional concepts to contribute to development of company's concepts and principles and to achieve objectives in creative and effective way. Provides guidance on extremely complex problems in which analysis of situations or data requires an evaluation of intangible variables. Exercises independent judgment in developing methods, techniques and evaluation criteria for obtaining results.

Ensures the confidentiality, integrity, and availability of Nektar's systems through proactive management of Nektar's security infrastructure with a focus on automating and leveraging analytics driven security models. Provides appropriate notification to IT management of security events and mitigation plans as appropriate. Develops and maintains a standards based (NIST/SO/IEC 27001) security assessment of Nektar's security capability and use these in combination with the emerging threat landscape to develop a security roadmap to guide the ongoing evolution of Nektar's security systems. Reviews, revises and develops security processes, SOPs, and end user training. Develops and maintains security architecture standards for reference and use by IT project teams. Implements and manages a technology vendor risk management program including initial assessments and recommendations on risks and mitigation prior to implementation as well as on going monitoring. Documents data flows of sensitive information in the organization (e.g., PII or ePHI) and recommends controls to ensure that this data is adequately secured (e.g., encryption and tokenization). Validates Security technologies configurations and access for best practices and recommend changes to enhance security and reduce risks. Liaises with the security steering team to review and evaluate the design and operational effectiveness of security-related controls also support the testing and validation of security controls. Works with IT teams to document storage and transmission of sensitive information and provide architecture and requirements to ensure that this data is secured in accordance with Nektar policy, laws, and regulations. Works on and may lead other projects as assigned.

A minimum of a Bachelors degree in a Computer Science, Information Systems, Cyber-Security Tools and Methodologies, Networking, Management Information Systems including Cloud Based services or related discipline is required. Equivalent experience may be accepted. A minimum of 10 years industry work experience is required. Previous experience working in the Pharmaceutical or Biotechnology industry is preferred. CISSP certification is preferred. Must have direct, hands-on experience managing a security infrastructure - e.g., Next Gen firewalls, IPSs, endpoint protection, Email Security, DLP, CASB, SIEM, SSO, MFA, VPN etc. Direct, hands-on experience or a strong working knowledge of vulnerability management tools required. Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services. Full-stack knowledge of all layers of Enterprise: Applications, Databases, Operating systems, Hypervisors, IP networks, Storage networks,