Architect and sustain a robust and scalable security architecture that aligns with industry best practices, regulatory requirements, and organizational goals. - Develop, implement, and enforce comprehensive security policies, standards, and procedures to ensure the protection of sensitive information and mission-critical systems. - Collaborate closely with IT and business units to seamlessly integrate advanced security measures into system designs and development processes, fostering a secure-by... more details
At Eisai, satisfying unmet medical needs and increasing the benefits healthcare provides to patients, their families, and caregivers is Eisai’s human health care (hhc) mission. We’re a growing pharmaceutical company that is breaking through in neurology and oncology, with a strong emphasis on research and development. Our history includes the development of many innovative medicines, notably the discovery of the world's most widely-used treatment for Alzheimer’s disease. As we continue to expand, we are seeking highly-motivated individuals who want to work in a fast-paced environment and make a difference. If this is your profile, we want to hear from you.
This role is 20% focused on ESI and 80% focused on Global initiatives and processes. Designs, tests, and supports the implementation of secure operating systems, networks, security monitoring systems, applications and information handling solutions. Conducts risk and vulnerability assessment of the network, enterprise systems and critical business applications. Supports the closure of issues discovered through penetration testing, threat modelling and tabletop exercises, as needed. Develops and implements security controls and formulates operational risk mitigations.
Involved in a wide range of security issues including architectures, firewalls, electronic data traffic, and network access. Researches, evaluates and recommends new security tools, techniques, and technologies and introduces them to the enterprise in alignment with IT security strategy. Prepares security reports to regulatory agencies. Audits and manages access management.
Job Responsibilities:
· Architect and sustain a robust and scalable security architecture that aligns with industry best practices, regulatory requirements, and organizational goals.
· Develop, implement, and enforce comprehensive security policies, standards, and procedures to ensure the protection of sensitive information and mission-critical systems.
· Collaborate closely with IT and business units to seamlessly integrate advanced security measures into system designs and development processes, fostering a secure-by-design culture.
· Leads evaluation, design and analysis for the implementation of a solutions architecture across a group of specific business applications or technologies based on enterprise business strategy, business capabilities, value-streams, business requirements and enterprise standards.
· Creates architectural designs to guide and contextualize solution development across products, services, projects and systems (including applications, technologies, processes and information).
· Creates reference architectures focused on detailed design principles, decision points, detailed APIs, major systems and dependencies between business and IT.
· Analyzes the business-IT environment (run, grow and transform the business) to detect critical deficiencies, legacy and technical debt, and recommends solutions for improvement (systems of record, differentiation and innovation).
· Establishes and enforces secure and consistent data exchange standards with third parties based on data sensitivity.
· Creates and enforces onboarding standards for third-party engagement types (software providers, consultants, service providers, ad networks, cloud providers). Utilizes industry standard security questionnaires such as CAIQ, BITS for assessments that involve sharing high-sensitivity data with third parties.
· Develops and maintains a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers.
· Determines baseline security configuration standards for operating systems (e.g., operating system hardening), network segmentation, and identity and access management (IAM).
Other key areas that this role will support on a global scale, include:
1. Enable Compliance Adherence to Policies, Procedures, Methods and Standards by designing an appropriate security architecture and control environment both within the Americas and globally to continuously steer the organization toward processes and appropriate technologies that enable secure, compliant, efficient and scalable solutions that comply with Eisai’s regulatory requirements and security standards.
2. Develop and maintain IT Security-related policies, SOPs and standards for the relevant activities and documentation thereof, creation of security event reports, and for conducting post-event reviews in alignment of industry best practices. This may include: policies and SOPs defining vulnerability capture, organization and prioritization, oversight of mitigation/resolution, confirmation, reporting and trending.
3. Program Management and oversight to identify, catalogue and close out Security gaps in the Americas region. This requires partnership and collaboration with the global leads for penetration testing, red-blue team testing and gaps identified by table-top exercises.:
4. Develop response plans and playbooks, train key partners, automate wherever possible, and conduct exercises (including simulation) to test response plans.
5. Mentor and train global team members on best practices, standard approaches, alignment and harmonization of approaches to incident and vulnerability management functions
6. Partner in the development of innovative approaches to detect IOCs, respond to, and eradicate advanced threats and improve overall time to respond and recover.?
Requirements
· A passion for security, and a passion to envision, define, drive, and contribute to a critical function with high business value
· 5+ years working in IT Security and 3+ years as an enterprise, process or security architect
· Experience in program management, goal/mission/objective setting, aligning with stakeholders, driving outcomes
· Experience with risk management principles, articulating the risk and impact and driving clarity of operational risk throughout the organization
· Displays intellectual curiosity and integrity.
· Motivated and driven by achieving long-term business outcomes.
· Must be highly organized with the ability to multi-task and identify priorities, work with cross-functional global teams, and execute on schedule while managing long term strategic vision
· Strong verbal and written communication skills, tailoring the context of the conversation to the audience (technical or non-technical).? Excellent report writing and presentation skills
· Calm, stable presence in chaotic and demanding situations such as high-impact security events.? Ability to think on your feet and provide alternate paths to desired outcomes.
· Ability to demonstrate analytical expertise, close attention to detail, excellent critical thinking, logic, and solution orientation and to learn and adapt quickly.
· Working knowledge of common attack vectors and penetration techniques
· Demonstrated experience creating data flows, use cases, logical and physical architecture design diagrams
· Fluent in the latest threat detection technologies, application security technologies, and analytics toolsets
· Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services
· Full-stack knowledge of IT infrastructure:
o Applications
o Databases
o Operating systems (Windows, UNIX and Linux)
o Hypervisors
o IP networks (WAN, LAN)
o Storage networks (Fibre Channel, iSCSI and network-attached storage)
o Backup networks and media
· Strong working knowledge of IT service management (e.g., ITIL-related disciplines):
o Change management
o Configuration management
o Asset management
o Incident management
o Problem management
· Experience designing the deployment of applications and infrastructure into public cloud services (e.g., AWS or Microsoft Azure)
Eisai is an equal opportunity employer and as such, is committed in policy and in practice to recruit, hire, train, and promote in all job qualifications without regard to race, color, religion, gender, age, national origin, citizenship status, marital status, sexual orientation, gender identity, disability or veteran status. Similarly, considering the need for reasonable accommodations, Eisai prohibits discrimination against persons because of disability, including disabled veterans.
Eisai Inc. participates in E-Verify. E-Verify is an Internet based system operated by the Department of Homeland Security in partnership with the Social Security Administration that allows participating employers to electronically verify the employment eligibility of all new hires in the United States. Please click on the following link for more information:
Right To Work
E-Verify Participation