Pharmacyclics is committed to the development and commercialization of novel therapies intended to improve the quality and duration of life and to resolve serious unmet medical needs for cancer patients. Pharmacyclics is a wholly-owned subsidiary of AbbVie (NYSE:ABBV), a global, research-based biopharmaceutical company. Oncology is a key therapeutic area for AbbVie, with a portfolio consisting of three marketed products and a pipeline containing multiple promising new molecules that are being studied in more than 200 clinical trials for over 20 different types of cancer.
More than 1,200 Pharmacyclics and AbbVie research scientists, clinicians, marketing, operations and corporate professionals work in the San Francisco Bay Area. They combine their expertise in immuno-oncology, stem cells, and cell-signaling with their knowledge of bispecific antibodies, antibody-drug conjugates (ADCs), and covalent-inhibitor technologies to discover and develop novel cancer treatments. Together, we are striving to outsmart cancer.
General Position Summary/Purpose:
Reporting to the Director of IT Security and Infrastructure, the IT Sr Security Engineer is a key member of the IT Architecture, Security, Infrastructure Team supporting the Information Technology organization within Pharmacyclics, in the development, implementation, maintenance, and compliance of IT security solutions across the enterprise.
The IT Sr Security Engineer is also responsible for managing risks related to information security, physical security, business continuity planning, crisis management, privacy, and compliance. In addition, this role ensures all staff members are trained on enterprise and governmental security requirements through awareness programs.
Develops and implements security technologies, standards, processes, policies, and guidelines for the enterprise including Identity and Access management
Ensures and monitors security compliance with industry and government rules and regulations
Ensures security compliance and meets all service-level agreements requirements
Reports security performance against established security metrics
Understands the trade-offs required to manage the different levels of risk tolerance and risk exposure across the organization and balance this with risk investments
Coordinates with other IT groups to assess, implement, and monitor IT-related security risks/hazards
Ensures Identity and Access reviews are performed periodically and follow through on findings and remediation's
Follow standards in accordance with company policies and regulations (SOX, 21 CFR Part 11, FDA/GMP, NIST, ISO 27001, Six Sigma, etc.)
Prepare and present Security testing findings to stakeholders.
Lead and manage continuous improvement initiatives within the team
Bachelor's Degree and minimum 5+ years of work experience with a global company
Experience planning and executing IT Security initiatives end to end
Execution of Security Assessments, including Vulnerability testing and remediation, Penetration testing etc.
Experience with Endpoint Security solutions such as McAfee Suite including Anti-virus, DLP, and Encryption. Including malware remediation techniques.
Implementation and Management of SIEM technologies, preferred SPLUNK, Enterprise Security App.
Implementation and management of Qualys Vulnerability Management suite
Implementation and maintenance of CyberArk Privileged Access Management suite
Implementation and maintenance of Active Directory, Okta Single Sign-On, and 2-factor authentication solutions
Experience with Palo Alto Networks Next Generation Firewall, WildFire, Cyvera Traps
Experience with Endpoint Forensics using tools such as EnCase Enterprise
Experience with Mail Gateways such as Mimecast or Proofpoint
Familiarity with Dell SecureWorks managed Security Services such as 24*7 monitoring and Incident Response processes.
Experience with BYOD and Mobile Device Management
Experience with User Behavior Analytics and Cyber Threat Intelligence solutions preferred.
Experience analyzing and applying information security, risk management, and privacy practices
Knowledge of national and international regulatory compliances and frameworks such as ISO, SOX, NIST, CSA STAR.
Self-starter / tenacious problem solver
Ability to work on a team or independently
Technical Leadership capability with Project and time management skills
Excellent communication, verbal and writing skills.
Ensure that the IT team is consistently projected in a positive light with the business users
Ability to react to high pressure dynamic changing environments