Security Assurance Risk Manager

at  Accumulus Synergy

BACKGROUND

Accumulus Synergy is a nonprofit trade association working on behalf of industry to address the global need for digital transformation. To help solve for this need, Accumulus is developing a transformative data exchange platform to enable enhanced collaboration and efficiency between life sciences organizations and National Regulatory Authorities worldwide. The Accumulus Platform aims to improve efficiencies in the regulatory process by leveraging advanced technology, including data science and AI, as well as tools for secure data exchange to improve patient safety, help reduce the cost of innovation, and ultimately bring patients safe and effective medicines faster. Accumulus is working with key stakeholders in the life sciences - regulatory ecosystem to build and sustain a platform that aims to meet regulatory, cybersecurity, and privacy requirements spanning clinical, safety, chemistry and manufacturing, and regulatory exchanges and submissions. Accumulus Synergy sponsors include Amgen, Astellas, AstraZeneca, Bristol Myers Squibb, GSK, Johnson & Johnson, Lilly, Merck, Pfizer, Roche, Sanofi, and Takeda.

JOB DESCRIPTION

Accumulus is seeking a Security Assurance Risk Manager. This will be a key role on the Security team, reporting to the Director of Security Assurance.
The Security Assurance Risk Manager is responsible for identifying, assessing, and managing security risks across the organization. Key tasks include performing annual and third-party security risk assessments, developing and implementing risk management strategies, and ensuring compliance with industry standards. The role involves maintaining the Risk Register, providing security risk reports, and managing documentation related to security programs.
Collaboration and training are also vital, involving integration of risk management practices across departments, regular reviews and updates of risk frameworks, and mentoring team members on risk management principles.

QUALIFICATIONS

• At least 5 years of experience conducting security and risk management activities for regulated markets
• Detailed experience with common risk management standards and models such as: ISO 31000, NIST 800-39
• Demonstrated experience with security control frameworks such as: SOC 2, ISO, NIST
• Detailed understanding of security risk within cloud-native technology stacks

Risk Identification and Assessment:

• Identify, assess, and manage security risks across the organization.
• Perform annual security risk assessments, business impact assessments, and critical systems assessments.
• Own and conduct third-party security risk assessments.
• Triage and manage new or changing security requirements, security issues, and potential risks from third parties, customers, or external sources.

Risk Management and Mitigation:

• Develop and manage the operational security risk management program.
• Develop and implement risk management strategies.
• Support the implementation of controls to mitigate risks to an acceptable level.
• Monitor the threat landscape and adjust risk management practices accordingly.
• Ensure compliance with industry standards and regulations.

Documentation and Reporting:

• Own and maintain the Risk Register.
• Provide comprehensive security risk reports to management.
• Maintain documentation, including handbook pages, policies, standards, procedures, and runbooks related to Security Risk programs.

Collaboration and Training:

• Collaborate with other departments to integrate risk management practices into overall business processes.
• Conduct regular reviews and updates of risk management frameworks and practices.
• Train and mentor team members on risk management practices and principles.