Director of Information Security

The OraSure family of companies empowers the global community to improve health and wellness by providing access to accurate, essential information. Our ability to positively affect change is powered by the innovative tools, services and diagnostics we deliver to the market. 
Together with its wholly owned subsidiaries, DNA Genotek, Diversigen, and Novosanis, the OraSure family of companies provides its customers with end-to-end solutions that encompass tools, services, and diagnostics. Our teams play a role in empowering people to discover healthier lives by creating effortless tests, collection kits, and services. 
It’s first-to-market, innovative products include rapid tests for the detection of antibodies to HIV and Hepatitis C (HCV) on the OraQuick® platform; sample self-collection and stabilization products for molecular applications; and oral fluid laboratory tests for detecting various drugs of abuse.  
Overview Here at the OraSure family of companies our innovative sampling tools, services and diagnostics unlock access to accurate, essential information that advances global health and well-being. Our products include molecular sampling kits for the genome and microbiome, cutting-edge services and analytics, rapid diagnostics for infectious disease, and tests for substance abuse.  
Reporting to the Vice President, Information Technology, the Director of Information Security is responsible for establishing and maintaining appropriate components of an enterprise-wide information security program to assure information assets are adequately protected and information risks are managed appropriately. The position will provide leadership as well as overseeing day-to-day operations and activities related to the creation and delivery of security projects; planning and managing complex multi-year projects and associated initiatives designed to improve the company’s overall information security program.

Snapshot of Responsibilities

• Develop and advance company information security policies, standards, procedures and tools to assure the company remains compliant with industry standards (which may include CIS, GDPR, PCI, HIPAA, etc.).
• Evaluate Cyber Risk across company systems, both on-premise and cloud; develop prioritized implementation plans for compliance to policies and standards.
• Evaluate and Manage Security Vendor relationships: Managed Security Services, Internal and External Penetration Testing, Incident Response, Cyber Maturity, and other cybersecurity partners and vendors.
• Develop and report business-relevant metrics to measure the efficiency and effectiveness of the Information Security Program.
• Design and Manage Vulnerability Detection and remediation.
• Keep abreast of industry trends and current emerging risks. Advise the company on security best practices.
• Perform reviews of security infrastructure configurations including firewall, intrusion detection, web filtering, SIEMs, DLP, application whitelisting across sites and develop common standards.
• Develop and lead appropriate table-top exercises. Incorporate lessons learned into security program
• Review alerts (based on your defined alert parameters) on a daily basis and act accordingly
• Manage user cyber security training and phishing programs.
• Manage spam filtering and rules to balance risk with business needs
• Assist the company with customer facing security requests and audits, including SOX.
• Assist the company with cyber-insurance applications and reviews.

What You Bring

• BA/BS Degree in Cyber Security, Information Systems, or relevant work experience required 
• 5+ years of experience in a dedicated cyber security role is required
• 5+ years of experience in a leadership capacity of technical or cross-functional teams.
• CompTIA Security+ certification required.
• Certified Information Systems Security Professional Certification (CISSP) or Certified Information Security Manager Certification (CISM) are assets
• Knowledge of Cyber Security Framework for e.g. NIST, CIS
• Understanding of these technologies: Network topology, Firewall, Anti-Virus, Anti-Malware, Intrusion Prevention Systems, Endpoint Detection & Response, Identity Access Management, Privileged Access Management, Web Content filtering solutions, DLP Technologies, Web Application Firewalls, SIEM (Security Information and Event Management) Solution
• AWS, Azure and Google Cloud Platform Security experience.
• IT Process (e.g., ITIL) and System Development Life Cycle experience.
• Ability to work independently with minimal supervision or function in a team environment sharing responsibility, roles, and accountability.
• Knowledge of networking, including remote user VPN client connectivity support. 
• Experience managing a Disaster Recovery plan
• Excellent oral and written communication skills at technical and leadership level
• Strong interpersonal and organizational skills
• Must be a team player, be organized and have the ability to handle multiple projects.

The base salary range for this full-time position is $129,000 - $233,000 USD. In addition to base salary this position is eligible for participation in our annual bonus program. The range displayed on the job posting reflects the minimum and maximum base salary for the position, based on our defined salary pay ranges. Our ranges are broad to account for differences in roles, performance, experience, skillsets, education and business needs and individual pay is determined by a variety of factors. We offer a comprehensive Total Rewards package, as noted below.
 The OraSure family of companies encourages applications from all qualified candidates who represent the full diversity of the communities in which we operate.  We apply a rigorous, consistent, and equitable standard to the assessment of all candidates, regardless of race, color, national origin, sex (including pregnancy), sexual orientation, gender identity, disability status, age, religion, veteran status or any other protected characteristic. We are committed to creating a diverse and inclusive environment where all employees are welcomed and belong.   What we offer:  - Tiered Medical PPO, EPO, Vision and Dental coverage  - Disability and Life Insurance Benefits  - Generous 401K plan and company-matching contributions  - Highly competitive paid time-off  - Maternity Leave and Parental Leave Coverage  - Employee Referral Program – you may be eligible for a cash bonus if your referrals are hired   - Employee Assistance Program - Employee Service Recognition  - Job-related Training Programs - Ability to participate in Teams, Committees, Events and Clubs - Depending on the role you may be eligible to work in a hybrid environment or fully remotely  - Free Onsite Parking 
Please note, if the position you are applying for is a Contract position, some of the above listed components of the Total Rewards package may not apply.
Culture, People & Community 
The OraSure family of companies recognizes that the long-term health of our business is directly connected to the health of the planet, local communities and the OraSure family of companies employees.  
- LIVE IT Committee – committed to creating an environment that embodies our values  - All Means U: Employee Committee on Belonging hosts various events across all company locations such as monthly book club and mentorship program - Wellness Committee empowers colleagues to make critical decisions to improve and protect health - Sustainability Committee aims to minimize impact on the environment - Social Committee who organize and run events for both remote and onsite employees, to create connection and community 
At the OraSure family of companies, we have a clear vision; cultivate an environment of equal employment opportunity where we do not tolerate discrimination or allow the harassment of employees or applicants on the basis of sex, gender identity, sexual orientation, race, color, religious creed, national origin, physical or mental disability, protected Veteran status, or any other characteristic protected by law with regard to any employment practices.  
The OraSure family of companies aims to create and foster workplaces that reflects and contributes to the global communities in which we do business and the customers and partners we serve. This includes all communities impacted by our corporate presence. As part of this commitment, the OraSure family of companies and its subsidiaries will ensure employees and applicants are provided reasonable accommodation per request.  If you require disability-related accommodation during the recruitment process, please contact Rebecca Zeleney at rebecca.zeleney@dnagenotek.com. The OraSure family of companies will consult with all applicants who request disability-related accommodation during the recruitment process to ensure that the accommodation provided takes into account the applicant's individual accessibility needs.