Associate Director, IT Security Engineer

CareDx, Inc.•Brisbane, CA

8d•$173,000 - $252,000

About The Position

CareDx, Inc. is a leading precision medicine solutions company focused on the discovery, development, and commercialization of clinically differentiated, high-value healthcare solutions for transplant patients and caregivers. CareDx offers products, testing services, and digital healthcare solutions along the pre- and post-transplant patient journey, and is the leading provider of genomics-based information for transplant patients. This role will blend business and technical knowledge with strong analysis and technology skills in support of the company’s cybersecurity program. This person will have the ability to prioritize multiple projects, dynamically transition between supporting on-prem, cloud, and application development. Mentoring a security team to support the company’s growth is a key responsibility. This person will develop, implement, manage and improve the Information Security Program. The ideal candidate will have a broad working knowledge of both cybersecurity frameworks and information security capabilities from working in roles that included exposure to risk management, compliance, technical and business operations. This candidate will enjoy working with business units to analyze and document business processes in a way that ensures secure and compliant processes. Experience with security frameworks and their application in a working environment with sensitive data is key to this role. Familiarity with technical security toolsets, their capabilities and limitations will be needed to fulfill the requirements of this role, as well as the desire and ability to remain current on information security trends, cyber threats, laws and regulations.

Requirements

Bachelor’s degree in business, Computer Science, Engineering or related discipline or equivalent experience.
8 years in an IT security leadership role required, or related technical leadership experience.
Solid understanding of NIST CSF cybersecurity framework; including the ability to apply appropriate identification, proration, detection, respond, and recover capabilities.
Experience managing SOC 2 audit efforts and HIPAA risk assessments.
Business analyst and/or audit experience encompassing information technology systems and security controls.
Experience with cloud provider security concerns and documenting risk treatment initiatives is highly preferred.
Understanding of application security disciplines, exploits, and frameworks such as OWASP.
Working knowledge of directory services, application development, and infrastructure (networks, server and end computing devices) as required to ensure compliance with information security controls.
Experience with IDR, EDR, PAM, SIEM and NAC tools
Experience providing technical oversight on managed, or internal, security services including endpoint protection, vulnerability assessments, patch management, log management, and perimeter controls.
Office O365 experience focusing on security best practices and configuration.
Azure experiences focusing on Security Center and best practices and configuration.
Experience working with application development teams (DevOps).
A broad range of exposure to business continuity, systems analysis and risk management.
Project or engagement management experience with the ability to manage multiple and complex priorities across cross-functional teams.
Takes initiative on improvements and proposes solutions to security and audit gaps.
Ability to handle multiple tasks and projects simultaneously in an organized and timely manner.
Detailed oriented, with the ability to plan, prioritize, and meet deadlines in a fast-paced environment
Ability to communicate professionally and effectively, both written and verbally, particularly when under pressure.
Ability to work independently, as well as part of a team.

Nice To Haves

Experience with CrowdStrike, ArticWolf, Abnormal Security, Microsoft Purview a plus

Responsibilities

Security operational and governance focus. Ensuring the business stays aligned with applicable risks and regulatory requirements.
Ensure cybersecurity strategy and road map are in alignment with industry, threats, audit gaps, and best practices. Keep maturity efforts on-track.
Develop, document, manage and improve security controls across all departments.
Support configuration management by providing security best practice configuration recommendations.
Support secure application development through Dev/Sec/Ops.
Ensure compliance to security policies, standards and processes.
Provide audit support through activities like, quarterly user role and access, ensuring alignment with role and access matrixes, working with external auditors.
Conduct third-party risk management through risk assessments and provide recommendations.
Provide risk management activities by qualifying and performing internal risk assessments and risk treatment recommendations.
Assist in the development, delivery, training and administration of security awareness programs to the workforce.
Ability to operate security tools, e.g. Endpoint protection, Web filtering, VM, MDM, SIEM, DLP, etc.
Collect and gather metrics from tools and teams for security reporting. Prepare and present reports to security committee and leadership.
Support and lead cybersecurity incident response efforts.
Manage DR and BCP programs.
Manage IT security budget
Other duties as assigned.

Benefits

Competitive base salary and incentive compensation
Health and welfare benefits, including a gym reimbursement program
401(k) savings plan match
Employee Stock Purchase Plan
Pre-tax commuter benefits
Living Donor Employee Recovery Policy that allows up to 30 days of paid leave annually to a full-time employee who makes the selfless act of donating an organ or bone marrow.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume