Director of Information Security and Data Privacy

BostonGene is a pioneer company that uses biomedical software to identify new and personalized treatment options with next-generation multi-platform analytics, improving and optimizing cancer patient outcomes. We develop a distributed information and analytical system that provides oncologists with the necessary data for diagnosis and personalized treatment of patients.

We are looking for a highly skilled and dynamic Director of Information Security to join our team to ensure information security and compliance privacy and cyber security standards. The Director of Information Security will report to the Vice President, Legal. The Director of Information Security will be responsible for developing, implementing, and overseeing the organization's information security and compliance programs.

Responsibilities

• Identify and assess security risks, vulnerabilities, and threats to the organization's information systems and develop risk mitigation strategies in compliance with common privacy frameworks.
• Create and implement a company and affiliate-wide data privacy program.
• Consult with internal teams to ensure that products and services remain compliant and that product strategies are aligned with our privacy, security, and compliance requirements.
• Lead the organization's response to security incidents, breaches, and data breaches involving sensitive information, including conducting investigations, containment, notification, and remediation in accordance with privacy laws and HIPAA if applicable.
• Implement security awareness training programs for employees to educate them on best practices, and the importance of protecting sensitive information.
• Oversee the security of third-party vendors and business associates handling sensitive information, ensuring they comply with company requirements through contracts, audits, and assessments.
• Coordinate and manage HIPAA compliance audits, assessments, and monitoring activities to ensure the organization's adherence to HIPAA regulations and address any non-compliance issues.
• Provide regular reports to executive leadership and board members on the organization's cybersecurity and privacy compliance status, security posture, and ongoing security and privacy initiatives.
• Support the company’s information security and privacy needs as it grows.

Qualifications

• Bachelor's or Master's degree in Information Security, Cybersecurity, or related field.
• Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) certification.
• Extensive experience in information security, cybersecurity, and compliance management, with a focus on the healthcare industry.
• Highly developed legal drafting, analytical, communication, and organizational skills; excellent interpersonal, oral and written communication skills with the ability to demonstrate a high degree of integrity and engender trust at all levels of an organization.
• Ability to distill and present complex legal matters in a clear and concise manner in communication with different internal and external stakeholders.
• Demonstrated sound judgment in ambiguous situations and a willingness to seek additional input when needed; ability to think about legal issues in a practical and interdisciplinary manner with a focus on solutions.
• Equally adept at working independently and collaborating with others; demonstrated ability to take ownership with a strong work ethic and follow-through skills.
• Team player with a high level of professionalism and commitment to developing strong relationships with colleagues, internal clients, and business teams across the enterprise.
• Knowledge of HIPAA Privacy, Security, and Breach Notification Rules and security standards including ISO 27001, NIST, SOC2, 21 CFR Part 11, and GDPR.

We offer:

• Relocation for candidates (and their immediate family members) to Armenia
• Full documentation and bureaucracy support on-site (bank accounts, residence permit, etc.)
• Full-time position, permanent contract, flexible working hours
• On-site catering in the office in Yerevan
• Competitive salary and medical insurance (with special plans for family members)
• Corporate plans for English language lessons and gym and other perks