Sr. Manager, IS Risk and Compliance - Remote
Philadelphia, PA, United States
Applications have closed
Medable
Streamline your clinical trial and generate high-quality data with a #1 rated, easy-to-use platform, offered in over 60 countries and 120 languages. Book a demo to learn more.Company Description
Medable's mission is to get effective therapies to patients faster. We provide an end-to-end, cloud-based platform with a flexible suite of tools that allows patients, healthcare providers, clinical research organizations and pharmaceutical sponsors to work together as a team in clinical trials. Our solutions enable more efficient clinical research, more effective healthcare delivery, and more accurate precision and predictive medicine. Our target audiences are patients, providers, principal investigators, and innovators who work in healthcare and life sciences.
Our vision is to accelerate the path to human discovery and medical cures. We are passionate about driving innovation and empowering consumers. We are proactive, collaborative, self-motivated learners, committed, bold and tenacious. We are dedicated to making this world a healthier place.
Job Description
- Oversee and prioritize IS Risk and Compliance staff workloads, objectives, and SLAs.
- Manage ISO 27001 Certification compliance and annual surveillance audit, in alignment with the latest version of the standard.
- Establish and maintain annual SOC-2 reporting processes in collaboration with key stakeholders and third-party auditors.
- Own and maintain alignment of Medable IT/IS related policies and procedures with applicable IS industry and regulatory standards.
- Participate in customer requested audits of the IS program, present requested evidence, and respond to audit reports.
- Oversee IS related audit findings and work with key stakeholders to establish and execute remediation plans within SLAs.
- Conduct critical vendor IS Risk and Compliance audits in accordance with Vendor Management SOP.
- Manage customer and vendor RFI assessment Q&As, oversee remediation plans to meet customer and Medable Information Security requirements.
- Own and maintain a Governance Risk and Compliance (GRC) tool for vendor and asset risk management.
- Oversee IS Risk Management process, participate, review, and approve risk assessment documentation in the quality management system.
- Oversee/facilitate IS related Incident Management investigation and reporting activities in collaboration with key stakeholders and incident response team members.
- Oversee Access Management compliance activities by system owners and review and approve all access review reports in accordance with Access Management policy.
- Maintain Business Continuity and Disaster Recovery Plans and oversee annual testing in collaboration with key stakeholders.
- Other duties as assigned.
Qualifications
- 3 to 5 years experience specifically in an IS or IT Compliance Manager role.
- 8+ years combined experience in any IT or IS related professional or manager role.
- Preferred experience in the Clinical Research/Technology industry.
- Extensive experience with ISO 27001 standards alignment and implementation.
- Extensive experience with SOC-2 Type II controls and reporting compliance.
- Experience with Risk Management activities and documentation.
- Experience in IS related incident investigation, reporting, and compliance.
- Extensive experience IT/IS audit.
- Experience managing customer and vendor RFI requirements.
- Extensive experience authoring and maintaining IT/IS related policies and procedures.
- Extensive experience with Business Continuity and Disaster Recovery planning.
- Strong leadership, organizational, and communication skills
- Critical thinking and problem-solving skills
- Ability to build strong cross-functional relationships
- Strong mentoring ability
- Proficient process enhancement skills
Education, Certification, Licenses:
- Batchelor's degree in IT/IS related field preferred, or equivalent combination of certifications and work experience.
- One or more IS or Risk and Compliance related certifications including but not limited to (CISSP, CRISC, CGEIT, GRCP, etc.)
#LI-MQ1
#LI-REMOTE
Additional Information
Medable, Inc provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.
U.S. employees and contractors, and International workers with travel to the U.S. must have a willingness and ability to provide proof of completed COVID-19 vaccination prior to start date. All strongly held beliefs, religious, medical, and other legally recognized exemptions regarding vaccination status will be considered.
Tags: Audits CISSP Cloud Compliance CRISC Governance Incident response ISO 27001 Risk assessment Risk management SLAs SOC Surveillance Vendor management
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Information Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open DevOps-related jobs
- Open Security assessment-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open DevSecOps-related jobs
- Open CEH-related jobs