DIRECTOR, CYBERSECURITY GOVERNANCE, RISK, AND COMPLIANCE
Company: Lantheus
Location: Bedford
Posted on: November 18, 2024
Job Description:
Lantheus is headquartered in Bedford, Massachusetts with offices
in New Jersey, Canada, and Sweden. For more than 60 years, Lantheus
has been instrumental in pioneering the field of medical imaging
and has helped physicians enhance patient care with its broad
product portfolio.
Check below to see if you have what is needed for this opportunity,
and if so, make an application asap.
Lantheus is an entrepreneurial, agile, growing organization that
provides innovative diagnostics, targeted therapeutics, and
artificial intelligence (AI) solutions that empower clinicians to
find, fight and follow disease. At Lantheus, our purpose and values
guide our behaviors in all interactions and play a vital role in
creating a dynamic environment that contributes to our success.
Every employee is crucial to our success; we respect one another
and act as one knowing that someone's health is in our hands. We
believe in helping people be their best and are seeking to bring
together a diverse group of individuals with different viewpoints
and skill sets to be a part of a productive and inclusive team.
The Director of Cybersecurity Governance, Risk, and Compliance will
report directly to the Chief Information Security Officer and is
tasked with managing and overseeing the Lantheus cybersecurity risk
landscape. You'll be tasked with identifying and assessing
cybersecurity risks across business lines, remediating and
reporting risk insights to relevant leaders, while providing advice
and playing a critical role in Lantheus' regulatory engagement.
Cybersecurity GRC focuses on strengthening and guarding the firm
from the many risks we face while fostering a transparent and
risk-aware culture.
Responsibilities include, but are not limited to:
- Develop the operating model and a service-oriented customer
engagement model supporting all GRC services and capabilities.
- Operationalize GRC capability areas including policy and
exception management, security awareness and training, third-party
risk management, security reviews and audits, enterprise security
risk management, compliance management, business continuity,
disaster recovery.
- Establish and provide security metrics and reporting for all
GRC services.
- Perform risk assessments addressing security threats, changes
to systems and/or applications, process improvement
initiatives.
- Monitor the security risk profiles of our suppliers to
objectively determine high-risk suppliers that require additional
review.
- Maintain cybersecurity risk register.
- Partner with the Enterprise Risk Management and Compliance
organization to achieve corporate strategies and objectives.
- Provide oversight and management for the Data Privacy solution
and support resources.
- Work with various operational and business teams to drive
toward a cohesive view of security risk while driving remediation
items to closure. Maintain accurate reporting of remediation
activities to bring appropriate visibility to stakeholders.
- Respond to customer security/compliance questionnaires.
- Ensure HIPAA, GDPR, and PCI requirements are adhered to as
Globally applicable. Lead annual certification or audit programs
associated with achieving compliance with these regulatory
requirements. Develop and implement Policies and Processes
necessary for the success and support of the GRC program.
- Conduct regular and ongoing Risk Assessments, Global Phishing
simulations, Security Controls Analyses, and both Resiliency and
Disaster Recovery testing.
- Create and coordinate various Risk Committee(s) to ensure key
business/IT initiatives or high-value assets consider and adhere to
established risk and Compliance Policies.
- Promote a culture of Security, Risk, and Compliance awareness
through organization-wide forums, regular communications, and a
robust Security/Risk awareness/training program.
- Develop and deliver the GRC strategic roadmap and investment
plan addressing People, Process, and Technology.
Minimum Requirements:
- Bachelor's or master's degree in a relevant field of work or
equivalent combination of education and work experience.
- 10+ years' experience in cybersecurity with a minimum of 5+ in
cybersecurity governance risk and compliance.
- 5+ years management/leadership experience; managing people,
projects, budgets, and processes.
- CISSP preferred, but not required.
- Proven track record of promotion and collaboration of risk and
compliance policies and practices across IT and organizational
business units.
- Excellent oral and written communication skills with ability to
communicate risks to executive leadership and key
stakeholders.
- Strong understanding of cybersecurity risk frameworks and
ability to lead the execution and implementation of the frameworks
as well as articulate their value and purpose.
- Understanding of cybersecurity risk management and control
principles with a proven ability to anticipate and identify risks
and effective mitigating actions.
- Strong organizational, project management, multi-tasking and
stakeholder management skills with demonstrated ability to manage
expectations and deliver results with a high level of
professionalism, self-motivation, and integrity.
- Ability to determine and set the strategic direction of the
Cybersecurity GRC function(s).
- Strong understanding of industry standards and regulations
including: NIST, SOX, PCI, ISO, GDPR, CCPA, HITRUST, GxP, and
others.
- Experience developing, tracking, and reporting key KRIs and
KPIs.
Lantheus is committed to equal employment opportunity and
non-discrimination for all employees and qualified applicants
without regard to a person's race, color, sex, gender identity or
expression, age, religion, national origin, ancestry, ethnicity,
disability, veteran status, genetic information, sexual
orientation, marital status, or any characteristic protected under
applicable law. Lantheus is an E-Verify Employer in the United
States. Lantheus will make reasonable accommodations for qualified
individuals with known disabilities, in accordance with applicable
law.
Any applicant requiring an accommodation in connection with the
hiring process and/or to perform the essential functions of the
position for which the applicant has applied should make a request
to the Lantheus Talent Acquisition team at
talentacquisition@lantheus.com.
#J-18808-Ljbffr
Keywords: Lantheus, Salem , DIRECTOR, CYBERSECURITY GOVERNANCE, RISK, AND COMPLIANCE, Executive , Bedford, Massachusetts
Didn't find what you're looking for? Search again!
Loading more jobs...