This is a very hands on role with no direct staff. This technical securityarchitecture and leadership position reports to the Global Head of Information Services (GIS) and is responsible for ensuring the operations, implementation, compliance, and ongoing activities involving the protection of the enterprise information assets and manages that program. This is a hands on technical position. The scope of responsibility will encompass establishing the strategy and overall policies, goals and procedures for the information security function at Accuray. The candidate will drive programs to mitigate cyberrisks, strengthen perimeters, and reduce enterprise vulnerabilities.
This involves monitoring information security/privacy issues as they relate to enterprise data and infrastructure, inclusive are on-premise and cloud domains. The Information Security Architect will promote a corporate-wide security and privacy philosophy, supporting a comprehensive and practical set of privacy and security policies, procedures, and technology to not only protect the organization from security-related liability, but also to use security and data privacy practices as a way to create customer goodwill and market returns.
In this role, you should share our passion for solving complicated business and security problems, while minimizing friction and maximizing productivity and impact. You will be responsible for the ongoing management of all information security policies, procedures, and technology systems in order to maintain the confidentiality, integrity, and availability of all organizational healthcare/customer information system and protected health information. This is a strategic as well as hands-on position and will include extensive and broad internal interface with Engineering, Legal, Regulatory/Quality Affairs, and Information Technology to ultimately ensure the protection of information and assets including data, systems, databases, networks, applications, and other resources.
- Direct, approve, implement and maintain enterprise security systems and technology
- Develop comprehensive enterprise information security, IT risk and compliance management program
- Develop, and maintains policy, standards, processes, and procedures to assess, monitor, report, escalate and remediate risk and security issues
- Develop, implement and monitor an ongoing employee education program for all employees on technologyrisk and appropriate mitigation strategies and approaches.
- Coordinate organizational efforts in response to securityevents
- Stay abreast of trends and advances in cybersecurity solutions and monitor changes in legislations that may affect information security. Ensure compliance with the changing laws and applicable regulations
- Ensure that disaster recovery and business continuity plans are in place and tested
- Review investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities
- Maintain a current understanding the IT threatlandscape for the industry
- Schedule periodic securityaudits and penetration testing
- Oversee identity and access management
- Constantly update the cybersecurity strategy to leverage new technology and threat information
- Brief the executive team on status and risks, including taking the role of champion for the overall strategy
- Communicate best practices and risks to all parts of the business, outside IT.
- Partner with leaders across the company, to ensure that information security efforts receive appropriate prioritization and resources.
- Take a leadership role in working across the company on security projects and provide security guidance on a constant stream of new projects and technologies.
- Bachelors in Computer Science or Engineering with an emphasis in Information Security or a related field, or equivalent experience.
- CISSP (Certified Information System Security Professional) or equivalent
- Knowledgeable in security trends, products and tooling.
- 7 to 10 years of knowledge and experience in Cybersecurity leadership role, including strategy and operations
- Proven ability to contribute at both strategic and operational levels, including leading Security Incident Response program.
- Demonstrated hands-on capability and technicality across a range of security disciplines.
- Expertise in in data privacy laws, access, security, release of information, or access control technologies.
- Experience with complex processes engineering/re-engineering
- Knowledge and experience within the healthcare industry
- Demonstrated organization, facilitation, communication, and presentation skills
- Experience and effectiveness in leading cybersecurity initiatives and projects
- Ability to assess and weigh current and evolving business risks and enforce appropriate information security measures
- In depth knowledge of the cybersecurity rule and other government technologylaws and standards.International exposer is desirable
- Experience with contractlaw is preferred but not necessary
- Have passion for real security and be able to positively spread this enthusiasm to partner teams.