Director of Information Security
Remote, USA
Full Time Executive-level / Director USD 129K - 233K
OraSure Technologies
OraSure Technologies is a global company that empowers the world to improve health and wellness by providing access to accurate, essential information.Together with its wholly owned subsidiaries, DNA Genotek, Diversigen, and Novosanis, the OraSure family of companies provides its customers with end-to-end solutions that encompass tools, services, and diagnostics. Our teams play a role in empowering people to discover healthier lives by creating effortless tests, collection kits, and services.
It’s first-to-market, innovative products include rapid tests for the detection of antibodies to HIV and Hepatitis C (HCV) on the OraQuick® platform; sample self-collection and stabilization products for molecular applications; and oral fluid laboratory tests for detecting various drugs of abuse.
Overview Here at the OraSure family of companies our innovative sampling tools, services and diagnostics unlock access to accurate, essential information that advances global health and well-being. Our products include molecular sampling kits for the genome and microbiome, cutting-edge services and analytics, rapid diagnostics for infectious disease, and tests for substance abuse.
Reporting to the Vice President, Information Technology, the Director of Information Security is responsible for establishing and maintaining appropriate components of an enterprise-wide information security program to assure information assets are adequately protected and information risks are managed appropriately. The position will provide leadership as well as overseeing day-to-day operations and activities related to the creation and delivery of security projects; planning and managing complex multi-year projects and associated initiatives designed to improve the company’s overall information security program.
Snapshot of Responsibilities
- Develop and advance company information security policies, standards, procedures and tools to assure the company remains compliant with industry standards (which may include CIS, GDPR, PCI, HIPAA, etc.).
- Evaluate Cyber Risk across company systems, both on-premise and cloud; develop prioritized implementation plans for compliance to policies and standards.
- Evaluate and Manage Security Vendor relationships: Managed Security Services, Internal and External Penetration Testing, Incident Response, Cyber Maturity, and other cybersecurity partners and vendors.
- Develop and report business-relevant metrics to measure the efficiency and effectiveness of the Information Security Program.
- Design and Manage Vulnerability Detection and remediation.
- Keep abreast of industry trends and current emerging risks. Advise the company on security best practices.
- Perform reviews of security infrastructure configurations including firewall, intrusion detection, web filtering, SIEMs, DLP, application whitelisting across sites and develop common standards.
- Develop and lead appropriate table-top exercises. Incorporate lessons learned into security program
- Review alerts (based on your defined alert parameters) on a daily basis and act accordingly
- Manage user cyber security training and phishing programs.
- Manage spam filtering and rules to balance risk with business needs
- Assist the company with customer facing security requests and audits, including SOX.
- Assist the company with cyber-insurance applications and reviews.
What You Bring
- BA/BS Degree in Cyber Security, Information Systems, or relevant work experience required
- 5+ years of experience in a dedicated cyber security role is required
- 5+ years of experience in a leadership capacity of technical or cross-functional teams.
- CompTIA Security+ certification required.
- Certified Information Systems Security Professional Certification (CISSP) or Certified Information Security Manager Certification (CISM) are assets
- Knowledge of Cyber Security Framework for e.g. NIST, CIS
- Understanding of these technologies: Network topology, Firewall, Anti-Virus, Anti-Malware, Intrusion Prevention Systems, Endpoint Detection & Response, Identity Access Management, Privileged Access Management, Web Content filtering solutions, DLP Technologies, Web Application Firewalls, SIEM (Security Information and Event Management) Solution
- AWS, Azure and Google Cloud Platform Security experience.
- IT Process (e.g., ITIL) and System Development Life Cycle experience.
- Ability to work independently with minimal supervision or function in a team environment sharing responsibility, roles, and accountability.
- Knowledge of networking, including remote user VPN client connectivity support.
- Experience managing a Disaster Recovery plan
- Excellent oral and written communication skills at technical and leadership level
- Strong interpersonal and organizational skills
- Must be a team player, be organized and have the ability to handle multiple projects.
The OraSure family of companies encourages applications from all qualified candidates who represent the full diversity of the communities in which we operate. We apply a rigorous, consistent, and equitable standard to the assessment of all candidates, regardless of race, color, national origin, sex (including pregnancy), sexual orientation, gender identity, disability status, age, religion, veteran status or any other protected characteristic. We are committed to creating a diverse and inclusive environment where all employees are welcomed and belong. What we offer: - Tiered Medical PPO, EPO, Vision and Dental coverage - Disability and Life Insurance Benefits - Generous 401K plan and company-matching contributions - Highly competitive paid time-off - Maternity Leave and Parental Leave Coverage - Employee Referral Program – you may be eligible for a cash bonus if your referrals are hired - Employee Assistance Program - Employee Service Recognition - Job-related Training Programs - Ability to participate in Teams, Committees, Events and Clubs - Depending on the role you may be eligible to work in a hybrid environment or fully remotely - Free Onsite Parking
Please note, if the position you are applying for is a Contract position, some of the above listed components of the Total Rewards package may not apply.
Culture, People & Community
The OraSure family of companies recognizes that the long-term health of our business is directly connected to the health of the planet, local communities and the OraSure family of companies employees.
- LIVE IT Committee – committed to creating an environment that embodies our values - All Means U: Employee Committee on Belonging hosts various events across all company locations such as monthly book club and mentorship program - Wellness Committee empowers colleagues to make critical decisions to improve and protect health - Sustainability Committee aims to minimize impact on the environment - Social Committee who organize and run events for both remote and onsite employees, to create connection and community
At the OraSure family of companies, we have a clear vision; cultivate an environment of equal employment opportunity where we do not tolerate discrimination or allow the harassment of employees or applicants on the basis of sex, gender identity, sexual orientation, race, color, religious creed, national origin, physical or mental disability, protected Veteran status, or any other characteristic protected by law with regard to any employment practices.
The OraSure family of companies aims to create and foster workplaces that reflects and contributes to the global communities in which we do business and the customers and partners we serve. This includes all communities impacted by our corporate presence. As part of this commitment, the OraSure family of companies and its subsidiaries will ensure employees and applicants are provided reasonable accommodation per request. If you require disability-related accommodation during the recruitment process, please contact Rebecca Zeleney at rebecca.zeleney@dnagenotek.com. The OraSure family of companies will consult with all applicants who request disability-related accommodation during the recruitment process to ensure that the accommodation provided takes into account the applicant's individual accessibility needs.
Tags: Analytics Audits AWS Azure C CISM CISSP Cloud Compliance CompTIA Firewalls GCP GDPR HIPAA Incident response Intrusion detection Intrusion prevention ITIL Malware NIST Pentesting SIEM SOX VPN
Perks/benefits: 401(k) matching Career development Competitive pay Health care Insurance Medical leave Parental leave Salary bonus Team events Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Staff Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Specialist jobs
- Open Security Operations Analyst jobs
- Open Sr. Security Engineer jobs
- Open Security Consultant jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open ISO 27001-related jobs
- Open Threat intelligence-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open APIs-related jobs
- Open Security Clearance-related jobs
- Open Forensics-related jobs
- Open SaaS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs