Charter Communications has flagged the Senior Director, Customer Security & Compliance job as unavailable. Let’s keep looking.

About SpringWorks Therapeutics

SpringWorks is a commercial-stage biopharmaceutical company applying a precision medicine approach to developing and delivering life-changing medicines for people with severe rare diseases and cancer.

SpringWorks has a diversified targeted oncology pipeline spanning solid tumors and hematological cancers, including clinical trials in rare tumor types and highly prevalent, genetically defined cancers. SpringWorks’ strategic approach and operational excellence in clinical development have enabled it to rapidly advance its lead product candidates into late-stage trials and enter into multiple collaborations with innovators in industry and academia to unlock the full potential for its portfolio and create more solutions for patients with cancer. 

The Sr. Director, Security, Risk & Compliance is a senior role that serves as the process owner of all assurance activities related to the availability, integrity and confidentiality of company, business partner, and employee business information in compliance with all applicable regulatory requirements and company risk management objectives. This role works closely with the C-Suite to consult in a variety of areas including data/cyber security as well as addressing regulatory and board/corporate concerns. The Sr. Director, Security, Risk & Compliance will also lead security risk assessments, compliance audits, oversee execution of remediation activities, guide security/performance measures, and evaluate opportunities to improve current and future services in support of company objectives. This role will report into the VP of IT and may also be required to provide updates to the Board of Director and/or Audit Committee. 

Key Responsibilities:

  • Strategic Planning: Develop and implement a comprehensive information security strategy and compliance & risk management program aligned with the business goals. This involves understanding SpringWork’s risk tolerance and creating a roadmap to mitigate potential threats. 
  • Risk Management: Identify, assess, and prioritize potential security risks. This includes evaluating new technologies, assessing vulnerabilities, and avoiding emerging threats by working directly with the business units to facilitate risk assessment and risk management processes. 
  • Policy Development: Create and enforce information security policies and procedures that align with industry recognized security frameworks. 
  • Security Architecture: Design and implement security systems and practices in accordance with of industry best practices including, assessing information security risk periodically and conducting gap analyses to determine the extent to which key systems and practices comply with regulatory requirements and align with company risk tolerances. 
  • Incident Response: In the unfortunate event of a security breach, lead the incident response efforts. This involves investigating the breach, coordinating with internal external parties if necessary, and taking steps to prevent future incidents. 
  • Compliance: Ensure company systems and practices comply with relevant laws, regulations, and industry standards related to information security. 
  • Security Awareness: Educating employees about security best practices. Conduct training sessions and awareness campaigns to reduce the risk of human error. 
  • Vendor Management: Demonstrates leadership and partner management skills to ensure security and compliance services are delivered successfully whether they are provided internally or via outside vendors. 
  • Collaboration: Work closely with executives, technology service delivery teams, and business units to ensure the consistent application of policies and standards across all technology projects, systems, and services. 
  • Leadership: Provide leadership to the enterprise's information security and compliance organizations consistent with SpringWorks Leadership Principles to drive a collaborative function that embraces change and drives excellence while providing coaching and mentoring to team. 
  • Influencer: Influences the strategic thinking of the executive team to make security and compliance integral to their planning and operations. 
  • Educator: Partner with business stakeholders across the company to raise awareness of risk management concerns. 
  • Deep Thinker: Demonstrated experience and knowledge of major aspects of information technology including information security, risk management, and compliance, with broad exposure and practical experience in general IT management. 
  • Communicator: Shows good judgement in communication: Communicates successes and issues accurately, urgently, and to the right audience, and takes accountability for ensuring effective management of expectations with business leaders. 
  • Boldly acts with urgency: Shows courage, tenacity, and respect to remove roadblocks to value delivery.
  • Other: Perform other duties and responsibilities as assigned. 

Qualifications:

  • Education: Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field, Master's or Ph D. is preferred 
  • Industry-recognized certifications, including Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and Certified Ethical Hacker (CEH) strongly preferred.
  • 12+ years of progressive IT experience including a combination of risk management and information security with healthcare or pharmaceutical industry experience. 
  • 10+ years of audit, risk, and compliance background, with demonstrated experience in the following CSF and Regulatory Frameworks including CIS, NIST, SOX, GxP, CCPA, GDPR. 
  • Experience responding to, analyzing, and communicating information security incidents. 
  • Knowledge of Cloud Platform and managed services models and security considerations in such models. 
  • 5+ years of people leadership experience, leading internal and external IT teams
  • Experience with contract and vendor negotiations and management including managed services. 
  • Demonstrates a high degree of confidentiality and discretion. 
  • Ability to work in a fast-paced environment, prioritize appropriately, and handle multiple tasks simultaneously. 
  • Experience in researching, identifying, assessing, and driving new security technology capability opportunities that support organizational priorities. 
  • Track record of leading the analysis of complex and ambiguous business needs and integrating those into compelling and actionable strategic plans and investment business cases. 
  • Experience in technical architecture or solutions architecture including communications and information governance systems. 
  • Ability to scan technical landscape for leading edge solutions and creates business case for support and application, including level of effort/ cost required to implement solutions / services, and facilitating risk assessments. 
  • Demonstrated ability to communicate, influence and partner with senior business leaders. 
  • Possesses familiarity with and awareness of the full pharmaceutical industry lifecycle. 
  • Willingness and ability to play a hands-on technical role on the team. 
  • Act as backup to other IT Team members. 
  • Must be available after hours to resolve issues escalated by subordinates or colleagues.
  • Extensive knowledge of securing information management and communications technologies from both internal and external threats. 
  • Experience with and technical understanding of Azure security, networking, and infrastructure solutions. 
  • Broad and deep understanding of modern computing technologies, systems, and cloud-based services 
  • Model SpringWorks Leadership Principles to drive a collaborative function that embraces innovation and drives superior employee experience through growth management. 
  • Embody the SpringWorks Values to act with empathy and humility to drive a culture that takes ownership and accountability for their individual and teams’ performance. 
  • Strong interpersonal communication skills to collaborate with colleagues, stakeholders, and vendors effectively and clearly in a remote hybrid work environment. 
  • Ability to travel occasionally including overnight stay driven by business need. 
  • This position must be able to work East Coast hours. #LI-Remote

Compensation:

The expected salary range for this position is $220,000 – $265,000. Actual pay will be determined based on experience, qualifications, location, and other job-related factors permitted by law. A discretionary annual bonus may be available based on individual and Company performance.

We also offer a comprehensive benefits package for our team of SpringWorkers and their families, including competitive compensation, annual cash bonuses and equity grants, 401K matching, fully covered medical, dental, and vision plans, and a full week of holiday break at year end. It’s the right thing to do – and helps us be healthy, happy, and at our best for the people who need us.

At SpringWorks, we believe in fostering a culture of belonging. Our Employee Resource Group’s (ERG) mission is to boldly live the SpringWorks values, provide resources, and deeply engage SpringWorkers and the communities we serve to foster a culture of belonging. Ensuring diversity, equity, and inclusion are integral to our organization’s DNA. 

SpringWorks maintains an EEO Policy providing for equitable opportunities for employment and conditions of employment to all employees and applicants regardless of actual or perceived sex (including pregnancy, childbirth, breastfeeding or related medical conditions), gender, gender identity or gender expression, sexual orientation, partnership status, marital status, familial status, pregnancy status, race, color, national origin, ancestry, caste, religion, religious creed, age, alienage or citizenship status, veteran status, military status, physical or mental disability, past or present history of mental disorder, medical condition, AIDS/HIV status, sickle cell or hemoglobin C trait, genetic predisposition, genetic information, protected medical leaves, victims of domestic violence, stalking, or sex offense, political affiliation and any and all other characteristics or categories protected by applicable federal, state or local laws. SpringWorks treats all employees and applicants fairly in the selection process (and in other personnel activities) by giving all employees and applicants the same opportunities for employment. SpringWorks’ Equal Employment Opportunity Policy is intended to ensure that there are no barriers that would prevent members of a protected group from a fair and equitable opportunity to be hired, promoted, or to otherwise take advantage of employment opportunities.

This Equal Employment Opportunity Policy applies to all aspects of employment, including, without limitation, recruitment, hiring, placement, job assignment, promotion, termination, transfer, leaves of absence, compensation, discipline, and access to benefits and training. Any violation of this Policy will result in disciplinary action up to and including termination of employment.

GDPR Statement: When you apply to a job on this site, the personal data contained in your application will be collected by SpringWorks Therapeutics (“Controller”), which is located at 100 Washington Blvd, Stamford CT 6902 and can be contacted by emailing hr@springworkstx.com . Your personal data will be processed for the purposes of managing Controller’s recruitment related activities, which include setting up and conducting interviews and tests for applicants, evaluating and assessing the results thereto, and as is otherwise needed in the recruitment and hiring processes. Such processing is legally permissible under Art. 6(1)(f) of Regulation (EU) 2016/679 (General Data Protection Regulation) as necessary for the purposes of the legitimate interests pursued by the Controller, which are the solicitation, evaluation, and selection of applicants for employment.

Your personal data will be shared with Greenhouse Software, Inc., a cloud services provider located in the United States of America and engaged by Controller to help manage its recruitment and hiring process on Controller’s behalf. Accordingly, if you are located outside of the United States, your personal data will be transferred to the United States once you submit it through this site. Because the European Union Commission has determined that United States data privacy laws do not ensure an adequate level of protection for personal data collected from EU data subjects, the transfer will be subject to appropriate additional safeguards under the standard contractual clauses. You can obtain a copy of the standard contractual clauses by contacting us at hr@springworkstx.com.

Your personal data will be retained by Controller for as long as Controller determines it is necessary to evaluate your application for employment. Under the GDPR, you have the right to request access to your personal data, to request that your personal data be rectified or erased, and to request that processing of your personal data be restricted. You also have to right to data portability. In addition, you may lodge a complaint with an EU supervisory authority.

Read Full Description
Confirmed 20 hours ago. Posted 5 days ago.

Discover Similar Jobs

Suggested Articles