Director, Information Security Risk Management, Governance and Privacy

Endo • Full-time • Malvern, PA, US • 1w ago

Why Endo?

We want the best and brightest people at Endo to help us achieve our mission to develop and deliver life-enhancing products through focused execution. Our nearly 3,000 global team members understand the important role we play in delivering healthcare and are dedicated to supporting each other as we work to bring the best treatments forward. Our shared values of Integrity & Quality, Innovation, Drive, Collaboration and Empathy guide our team and enable us to deliver upon our vision of helping everyone we serve live their best life.

At Endo, we are building a diverse, equitable and inclusive workplace, and we are looking for talented individuals to join our team.

Job Description Summary

The Director of Information Technology Risk, Governance, and Privacy, under the direction of Endo’s Chief Information Security Officer, is responsible for the development and execution of Endo’s Information Security Risk Management Program. This leader will spearhead the enterprise risk management framework's transformation and align risk management strategies with the organizational goals. This role creates and maintains the overall information technology risk management framework while ensuring compliance with all legal and regulatory requirements. This role will oversee developing and managing policies, standards, and controls to protect the company's data and assets. This leader will work closely with various departments, including Privacy, Legal, Audit, Compliance, Information Technology, and Human Resources, to ensure the protection of information and compliance with relevant regulations.

Accountability

Job Description

Refine and lead the IT Third Party Risk Program, including periodic reassessment of incumbent vendors.
Configuration of security tools used in the risk assessment program.
Integrate privacy considerations into vendor risk assessment scoring criteria.
Develop and implement risk management policies, processes, and tools.
Lead the design, implementation, and operational support of IT security controls, audit corrective action programs, and procedures.
Identify controls policies and recommend risk-mitigating solutions for process gaps.
Ability to effectively communicate residual risk to senior stakeholders.
Advise management on high-priority risks and controls gaps.
Ability to influence others and develop effective company-wide relationships across all areas of compliance, audit, and information technology.
Collaborate with cross-functional teams to identify, assess, and mitigate risks.
Lead the development and collection of key performance metrics (KPIs).
Cultivate capabilities of junior IT security team members
Actively contributes to enterprise compliance and governance programs across cross-functional process areas and supports corporate strategic objectives.
Monitor adherence to ensure effective work relationships and business goal realization.

Education & Experience

Bachelor’s degree in Business, Information Technology, Computer Science, or a related field preferred.
Minimum of 8 years of experience of Risk Management experience required.
8+ years of audit, control, and compliance in technology processes supporting risk management initiatives across security functional areas.
Strong knowledge of IT security control concepts
Excellent written and verbal communication skills and collaboration skills. Possesses strong stakeholder management skills.
Ability to develop and implement effective IT risk management and security strategies.
Experience working with Privacy, Legal, Audit, Compliance, Information Technology, and Human Resources departments.
Relevant certifications such as CISSP, CISM, CRISC, and CERP are preferred.

Knowledge

Incident response and security event analysis
Threat intelligence & mitigation strategies
Risk & Vulnerability Management
NIST 800-53 and CSF 2.0
Risk scoring and calculations
Corrective Action Program Management
Privacy regulations for HIPAA, GDPR, CCPA

Skills & Abilities

Significant business knowledge of risk management and regulatory requirements.
Strong analytical and organizational skills with a focus on attention to detail.
Exceptional executive presentation and communication skills
Excellent influencing, collaboration, and problem-resolution skills
Ability to deliver messaging across a broad spectrum of team members having varying degrees of technical understanding
Strong leadership qualities which enable you to work with peers and various levels of management.
Understanding and knowledge of industry best practice methodologies
Continuous improvement based on lessons learned

Commitment To Diversity, Equity, And Inclusion

At Endo, our diversity unites and empowers us as One Team, and we are committed to cultivating, and valuing, each person’s unique perspective. We actively promote a culture of inclusion that draws strength from our broad spectrums of diversity, including race, ethnicity, religion, gender identity or expression, national origin, color, sexual orientation, disability status, age, and all our other unique characteristics, qualifications, demonstrated skills, achievements, and contributions, backgrounds, experiences, cultures, styles, and talents.

EEO Statement

At Endo, we firmly believe in the principles of equal employment opportunity and strive to create an atmosphere where all employees, regardless of their race, color, creed, religion, sex, gender identity or expression, sexual orientation, national origin, genetics, disability (including pregnancy), age, or military or veteran status, feel valued, respected, and empowered. Our commitment to EEO extends to every aspect of employment, including recruitment, hiring, training, promotions, compensation, benefits, transfers, terminations, and all other employment practices. We are dedicated to ensuring that all employment decisions are based on qualifications, skills, and merit.