Director/Sr. Director, IT Security - United States
The head of IT Security is responsible for leading the global, enterprise-wide Security and Privacy efforts for IT at Incyte. This position reports to the global CIO and leads all aspects of strategy and operations for the IT Security platforms. The individual will partner with various leaders in the IT organization to design, implement and continuously improve the posture and processes pertaining to network, application, data and information security and privacy for the organization.
This role is responsible for governance, risk management, and compliance (GRC) controls and is the owner of the various IT security technologies, processes and policies. The role requires tight collaboration across multiple IT disciplines, internal & external business partners, hardware & software providers, and 3rd party service providers to ensure success.
- Builds and oversees a strategic and comprehensive information security program
- Identifies, evaluates and prioritizes IT security initiatives including the development of roadmaps that align with IT technology and enterprise business goals
- Works with internal and external business partners to facilitate IT risk assessment and risk management processes to identify acceptable levels of risk; identifies, develops and implements the required IT security programs to protect the enterprise in concurrence with the stakeholders
- Develops, maintains and implements policies and processes that enable consistent, effective information security practices
- Ensures IT security programs including policies, standards, and procedures are up-to-date and compliant with applicable laws and regulations.
- Identifies, negotiates and manages the use of external resources involved in various IT security programs
- Makes sure that all pertinent information security practices are communicated to all personnel and that compliance is enforced.
- Creates and maintains incident response plans including notification and escalation procedures
- Ensures that data security practices such as logging, monitoring and auditing do not conflict with privacy requirements
- Manages the IT Security organization consisting of employees and third-parties including the hiring, training, staff development, performance management and annual performance reviews
- 15 years of experience in a combination of IT/information security and risk management; 10 years of supervisory experience including 5 years in a senior leadership role; 5+ years of experience in a combination of IT risk management and assurance
- Bachelor?s degree in Computer Science, Management Information Systems, Information Assurance or related field of study is required; advanced degree preferred
- One or more security certifications, e.g., CISSP, CBCP, CISA, CISM, GCIH, CCSK, etc., is required
- Strong knowledge of common security frameworks and regulations is required along with significant experience with cloud environments
- Strong communications skills including experience presenting to executive audiences
- Ability to establish and maintain strong relationships.
- Ability to work effectively with all levels of the organization.