Governance LeadApply Now
Location: Cambridge, Massachusetts
Employment Type: Contract
Classification: 12 Months Contract to Start (Strong Likelihood of Extensions and/or Conversion to Permanent Full-Time Status)
The individual will assist the leader of the Privacy, Risk, and Governance function in establishing and maintaining overall IT Controls program, which is designed to ensure that the company’s systems and information assets are adequately protected. The Governance Lead sets and delivers his/her strategy as a foundation to the global Information Security strategy enabling the company to deliver its commitments while protecting the security and integrity of important data, intellectual property, personal data and the company's overall brand in the marketplace. This leader will bring hands-on and strategic thought leadership regarding security assurance, cyber risk and methods to maintain our strong heritage of compliance.
The Governance Lead works proactively with the Risk Management lead, as well as various business units and other internal departments and organizations to implement practices that meet defined policies and standards for information risk management. Effective controls program requires a comprehensive and performance-based approach that aligns levels of protection with business needs. For this reason, the Governance Lead must be much more than simply a technology and controls expert, he/ she must also possess significant management, communications and leadership skills along with extensive business knowledge.
- Develop and execute an enterprise-wide governance strategy and roadmap that mitigates cyber and regulatory compliance risk through the right balance of controls, employee training, monitoring and testing
- Directly responsible for establishing and/ or enhancing governance framework of IT security policies, procedures and controls to assure compliance with applicable regulatory, legal and audit requirements as well as good business practices
- Build out and maintain current governance tools and processes within information security to provide visibility and transparency
- Facilitate documentation and maintenance of IT security controls and relevant processes
- Collaborate with IT leadership, control owners and business partners to ensure effective internal cyber security controls are implemented and maintained.
- Lead effective organizational change management initiative to introduce new controls and processes to the organization, including training and awareness as appropriate.
- Develop and maintain collaborative relationships with IT business partners, IT leadership and Internal Audit stakeholders
- Support Compliance - Participate in the development, implementation and ongoing compliance monitoring for the programs and regulations; examples include SOX, Privacy (GDPR, CCPA), GxP
- Provide training, lessons learned, and best practices guidance to IT leadership and IT personnel to improve IT governance, security and controls posture.
- Help Risk Management Lead build a process and culture of proactive risk identification by monitoring the IT control environment for changes and emerging risks, to inform business unit and functional group leadership of the top security/compliance risks, overall security health of their organizations and advise on risk treatment
- Promote an approved and evangelized governance, risk and compliance strategy and plan that supports the achievement of the global Information Security strategy
- Define program metrics driving awareness of progress to targets
The ideal candidate will employ a leadership approach that is engaging, imaginative and collaborative, along with the ability to establish the appropriate balance between governance strategy and business priorities.
The Governance Lead should possess expert-level knowledge of comprehensive governance, risk and compliance methods as well as the common pitfalls that threaten the success of these disciplines. The successful candidate must possess a blend of operational and situational knowledge to resolve issues with proven strategic capability. Ideally this person will have worked in a growth environment and have experience prioritizing initiatives to align with business strategy.
Additionally, the successful candidate will have well-developed change management skills, from strategy through the ongoing operation and process improvement deliverables. S/he will demonstrate the cost effectiveness benefit of governance initiatives in the context of overall business risk mitigation and the company's financial and operational objectives, including the ability to compare, contrast and prioritize alternative approaches.
The Governance Lead will be comfortable working in a fast-paced, collaborative environment developing a strategy for his/her function and a roadmap to achieve strategic goals. The person in this role must be comfortable working with ambiguity, have a strong leadership presence and demonstrate outstanding communication skills - specifically, they must have the ability to translate a complex technical vision, roadmaps and decisions into clear, inspiring stories, understandable at all levels of management (technical and non-technical) that enables the organization to quickly align and drive results.
The successful candidate will demonstrate the following qualities:
- Direct experience building, maintaining and operationalizing the NIST governance framework and optimization of that framework in a GRC tool (e.g. ServiceNow)
- A minimum of eight years of related work experience in IT compliance, audit, or enterprise risk management and governance with required knowledge, skills, and abilities
- Experience with auditing/ analyzing both internally-supported and vendor-supported software.
- Keenly developed business partnering and collaboration skills, adept at establishing and sustaining effective working relationships, both within and between departments.
- Ability to operate effectively in a matrixed environment: Building and managing peer and management-level relationships through achievement of results, accountable to schedule, and allocation of resources and meeting customer needs.
- Solution and results oriented. Strong analytical and problem-solving skills
- Proven ability to be an effective senior leader to a diverse team of employees and contractors; motivating and unifying a team to achieve common goals
- Excellent people skills, a team player; strong interpersonal and collaborative skills
- Proven ability to communicate with people at all levels — from developers to the board of directors
- Excellent written and verbal communication skills — including the ability to effectively communicate security- and risk-related concepts to technical and nontechnical audiences
- Project management skills with the ability to keep multiple projects moving forward simultaneously.
- Strong skills as a negotiator, to facilitate commitment to, and sign-off on, appropriate levels of residual risk from line-of-business managers
- High level of personal integrity, with the ability to handle confidential and otherwise sensitive matters professionally and with the appropriate level of judgment and maturity
- High degree of initiative, dependability and ability to work with little supervision
- Experience creating and leading organizational change
- Technical aptitude and understanding of IT systems and their connection to data collection and processing:
- Experience with most of these major technologies: Solaris, Linux, Unix, Windows servers, Oracle, Microsoft SQL server, ServiceNow.
- Familiarity with Identity and Access Management tools, Active Directory and Single Sign-On concepts.
- Experience with automated monitoring tools for firewalls, baselines, log monitoring and other automated computer security processes.
We anticipate successful candidates will have:
- 8-10 years of experience in security governance or a related discipline (for example, risk, privacy, business continuity management, audit or compliance).
- Experience working in the pharmaceutical or biotechnology industry preferred.
- Industry certifications relating to security and risk management are highly desired (for example, Certified Information Systems Auditor [CISA], Certified Information Systems Security Professional [CISSP]).
Ovrille is responsible for full lifecycle recruiting for JVT’s clients across several industry verticals. He supports the Contract Recruiting team, and specializes in identifying temp (contractual) and temp-to-perm resources for JVT’s clients.
Can't find your fit?
We get new jobs every day. Send us your resume and we'll let you know when we have the right opportunity for you.