Sage Bionetworks is a nonprofit biomedical research and technology development organization of about 100 scientists, technology developers, and other support staff. We have an opening to lead Sage’s IT Security and Risk Assessment program. The role requires an individual that can blend high level leadership and strategic development of the program with the ability to directly lead and engage in engineering work to keep our systems in compliance with key regulations, especially FISMA / FedRAMP. As a highly collaborative role in a small organization, the successful candidate will need to work effectively with people from many different disciplines with varying levels of technical experience.
What you’ll be doing:
- Execute and monitor a complete Security program, reporting to the Chief Technology Officer. Work in strong partnership with the IT risk management team and individuals in a variety of departments including IT, Software Engineering, Data, Governance and Operations.
- Ensure the organization is able to achieve and maintain FedRAMP Moderate Authority to Operate for key components of our 100% cloud-hosted IT infrastructure.
- Represent organization in interactions with security professionals in partner organizations, including Sage’s response to security audits.
- Manage staff compliance efforts through hiring, selection and management of vendors, and training / mentoring of Sage employees in security and compliance.
- Lead incident responses and maintain documentation of responses and mediations.
- Chair periodic security review meetings, as required by our security program.
- Conduct business continuity and disaster recovery tests.
- Manage periodic vulnerability assessments and penetration tests. Review findings and coordinate with cybersecurity engineering staff for remediation.
- Periodically review and update security policies, procedures, risk assessments and other related artifacts of the organization’s security program.
- Partner with Sage’s Data Protection Officer to interpret or apply data protection rules and maintain regulatory compliance readiness.
We’d love to hear from you if:
- Five years of leadership experience in risk management, enterprise information security and/or cyber security functions.
- A track record of delivering security compliance certification in FISMA/FedRAMP for organizations whose infrastructure is cloud based.
- Bachelor’s degree or certification in a technology, security or related field recommended.
- Experience with ISO 27001 required, HIPAA, HITRUST desirable.
- Knowledge of cloud security tools, especially in the Amazon Cloud desirable.
About Sage Bionetworks
Sage Bionetworks is a nonprofit biomedical research and technology development organization that was founded in Seattle in 2009. Our focus is to develop and apply open practices to data-driven research for the advancement of human health. Data-driven research has become an important component of biomedicine, but it’s not always easy to understand how to apply computational approaches appropriately or how to interpret their results. Sage believes open practices can help. Our interdisciplinary team of scientists and engineers work together to provide researchers access to technology tools and scientific approaches to share data, benchmark methods, and explore collective insights, all backed by Sage’s gold-standard governance protocols and commitment to user-centered design. Sage is supported through a portfolio of competitive research grants, commercial partnerships, and philanthropic contributions.
Sage embraces diversity, equity and inclusion. We are committed to pay parity and making our salary ranges available to all employees. We invite you to apply and we welcome a conversation. We are based in Seattle, WA, and collaborate broadly throughout the world.
Sage provides a flexible work environment and will accommodate requests for geographically remote work with manager approval. Sage will also accommodate local employees who choose to work remotely from the Washington area with the option to come into the office on a flexible schedule.
All interviews will be conducted remotely at this time.
This is a Principal level position on our Technical & Engineering Professional Career Ladder, with a compensation range of $135,729-183,633. Actual compensation is dependent upon experience.