Celgene is a global biopharmaceutical company leading the way in medical innovation to help patients live longer, better lives. Our purpose as a company is to discover and develop therapies that will change the course of human health. We value our passion for patients, quest for innovation, spirit of independence and love of challenge. With a presence in more than 70 countries - and growing - we look for talented people to grow our business, advance our science and contribute to our unique culture.
- HES / Bachelor's degree in a technical discipline or equivalent
- A minimum of 7 years of computer, network, or other technical related experience, including 3-5 years of information security experience required.
Reporting to Celgene’s Information Security Director the Senior Security Specialist II position is part of an overall team responsible for day to day enterprise-wide oversight and coordination of information technology security efforts to reduce risks, respond to incidents and limit exposure to liability and risk with regard to IT systems, networks and applications. Emphasis is on information protection and the related technological solutions used to support an Information Protection Program. The ‘hands on’ position requires strong policy and process knowledge along with skills/expertise in technologies such as DLP and File Protection. It also involves a working interaction with numerous other departments and business functions.
Responsibilities will include, but are not limited to, the following:
- Accountable as part of a team for implementation of the Information Security program for Celgene Corporation.
- Assist with the development, deployment and support of Data Loss Protection (DLP) and File Protection solutions and conduct hands on triage of events.
- Assist in researching investigations of security events (e.g., unauthorized access, non-compliance with company policies, fraud, service exploitation, etc.) to determine malfunctions, breaches, and remediation steps.
- Assist with the implementation of Security Awareness goals defined as part of organization's strategy; help design and implement programs and activities to achieve those goals.
- Ability to identify information security risks, execute design and assist in implementation of strategies and programs to prevent or reduce the loss of organizational assets.
- Support the design, implementation, operation and maintenance of security applications and tools based upon the established security architecture.
- Communicate effectively with users in addressing information security questions, issues or concerns independently.
- Actively conduct user security awareness, educational sessions / workshops as needed.
- Create and review status, activity and metric reports as requested by management.
- Develop close working relationships with management, company peers and industry counterparts to ensure alignment of company goals with current information security industry and regulatory trends.
- Stay current on changes in the Pharmaceutical industry, with Celgene products and services, and information security terms, concepts, practices, and policies, as well as changes in the regulatory and audit requirements with respect to information security and privacy on a Global basis.
- Stay abreast of current technology solutions and innovative information security management techniques to safeguard organizational assets.
- Perform other related duties as assigned.
Education, experience & skills required
- Bachelor's degree in a technical discipline or equivalent plus a minimum of 7 years of network, computer, or other technical experience, including 3 or more years of information security experience required.
- Well versed in information security concepts (e.g. defense in depth, separation of duties, control environments, malicious software, security awareness etc.).
- Strong, hands on working experience with security monitoring solutions such as DLP (Data Loss Prevention), File Protection software, encryption and Endpoint.
- Working knowledge of security monitoring solutions (e.g. IPS, NAC, SIEM etc.).
- Working experience with incident response and forensics.
- Experience in role based application and infrastructure security (e.g. Active Directory / Identity Management / LDAP etc.).
- Demonstrated experience with technology and methodologies standard to network engineering.
- Demonstrated understanding of relevant terminology, such as: threat, vulnerability, risk, asset, exposure, safeguards, etc.
- Demonstrated knowledge of industry best practices in regard to network security (e.g. NIST, SANS, NSA etc.).
- Working knowledge of various regulatory and broad security best practice standards and guidelines (e.g. ISO 27002, PCI, EU Privacy etc.).
- Proficient at multitasking and prioritizing in a fast-paced environment.
- Strong interpersonal, analytical, and customer service skills, including the ability to explain complex technical terms in language understandable to the business.
- Ability to effectively communicate verbally and in written forms in a professional manner.
- Ability to manage one’s own time effectively (organize & schedule).
- Ability to work as both a team member and leader, meet team schedules, and contribute to the team's goals and objectives.
- Provide security guidance and expert advice to management and other groups.
- Experience working in a global (multinational) environment is required.
- Experience in the Pharmaceutical industry is a plus.
Current certification status in CISSP, CISM, Security+, CISA, OSCP, CEH or other security related certifications are preferred.