Information Security Compliance Program Manager

About the job

Job Description

The mission of the Broad Institute is to transform medicine by dramatically accelerating the understanding and treatment of disease. The Broad creates a vibrant research environment with close links to top academic institutions including Harvard, MIT and the Harvard hospitals.

The Broad IT Services (BITS) group believes exceptional people produce exceptional products and services. We are committed to building the best team we can in service of the Institute’s mission of “Accelerating the Understanding and Treatment of Disease.” Our team of highly accomplished technical experts work with 1000’s of Broad researchers to create, scale, and run a wide range of technology solutions. We believe that a diverse and inclusive community is essential to achieving our mission. We are always looking for committed, mission-driven individuals to bring new viewpoints, experiences, and creativity to the team. We are seeking driven candidates who are motivated to learn new technologies and are willing to take on challenges with enthusiasm!

We are looking for an information security compliance program manager to be part of a team focused on implementing and improving information security best practices in support of Broad’s transformative research initiatives. You will be considered an authority within your security domain and collaborate with scientists and researchers to establish and maintain information security programs. Does this sound like something you are interested in?

What You Will Be Doing

• Directly supporting infosec compliance initiatives within Broad’s Genomics Platform
• Evaluating, communicating and implementing infosec compliance requirements in complex, heterogeneous IT environments
• Engaging deeply with the research community to understand, and document, scientific workflows and pipelines
• Collaborating with third party regulatory bodies to negotiate infosec requirements and implementation
• Assessing and completing partner/vendor information security questionnaires
• Conducting internal assessments to validate compliance
• Partnering with multi disciplinary teams in support of the Broad’s mission

What You Bring Along

• Five to seven years of experience operating within a compliance framework (FISMA, GDPR, HIPAA, ISO 27k, NIST SP 800 series, PCI DSS, SOC-2)
• Familiarity with a Governance Risk Compliance (GRC) tool
• High level of attention to detail, supreme organizational skills
• Demonstrated ability to understand infosec requirements, engage with users to understand their needs and implement workable controls to maintain compliance

Bonus Points

• You love to learn new things and strive to continuously learn and challenge yourself and others
• You know how to work with infosec regulators and super-smart technical subject matter experts and can guide both towards implementing workable infosec controls
• Exposure to information technology or information security domains such as application security, governance, risk & compliance, system administration, networking
• Professional certifications in infosec, networking, infrastructure, etc. are a plus but not required
• Experience within the medical, pharmaceutical or higher-ed sectors
• Bachelor’s or Master’s degree or equivalent in STEM field

All Broad employees, regardless of work location, must be fully vaccinated for COVID-19 by Tuesday, October 12, 2021. Requests for exemption for medical or sincerely held religious beliefs will be considered.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.

EEO is The Law – click here for more information

Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled

Check out this video for a look into our community!