Summary:

The Associate Director of Information Security will be responsible for leading the operations and improvements of the company’s overall Information Security program. This key role will work with stakeholders within Information Technology, Pacira business functions, and liaise with various external partners to understand threats, plan and execute the closure of gaps, and help manage risk to the company while maintaining business agility.

The role will oversee the Security Operations Center, inform the overall Information Security strategy for the company, and be the subject matter expert on all general Information Security matters including incident response, vulnerability management, access controls, third-party risk management, data privacy and enterprise risk management.

Essential Duties and Responsibilities: The following statements are intended to describe the general nature and level of work being performed by an individual assigned to this job. Other duties may be assigned.

• Spearhead the development and implementation of the Information Security Program, balancing risk with operational efficiencies.
• Take ownership of the day-to-day operations of the Information Security program, including incident response, vendor security reviews, firewall rule reviews, and business consultations.
• Lead the IT Risk Management process to capture enterprise-level risk, provide business context, and collaborate with IT peers to address risk based on priorities.
• Take responsibility for the creation, monitoring, and updating of Security policies and procedures to ensure accuracy and operational excellence.
• Establish and manage a Third Party Risk Management program, assessing critical business suppliers for Cyber Risk that may impact the company.
• Develop and implement a Data Protection program, including data classification, security controls, and a full Data Loss Prevention utility.
• Present a Board-level set of metrics identifying risk and program effectiveness.
• Conduct assessments of information systems and their vendors to ensure that appropriate security functions have been included in the systems design and architecture.
• Monitor and evaluate the performance of information systems in support of information systems security program accomplishments based on appropriate measures.
• Determine risk response options and evaluate their efficiency and effectiveness in managing risk in alignment with business objectives.
• Take charge of managing incidents to closure, providing regular reporting to the VP of IT, corporate/legal functions, Executive Team, and the Board of Directors as necessary.
• Play a key role as an integrated part of the IT Leadership team, helping to formulate our roadmap to address current and future business needs.

Supervisory Responsibilities:

This role may have supervisory responsibilities.

Interaction:

This role will interact with all levels of the organization.

Education and Experience:

• A B.A./ B.S. in Computer Science, Computer Engineering, Information Security, Intelligence Analysis or Cyber Security or other relevant field required.
• Overall 7 years of relevant professional experience with 5 years in Information & Cyber Security required
• Experience in and knowledge of industry frameworks and regulations (e.g. NIST, ITIL, ISO, COBIT, SOX, GDPR) required
• CISSP/CISM/CISA or equivalent certification is a plus

Qualifications:

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions

Knowledge, Skills, and Abilities:

• Experience in IT security and risk management (understanding risk assessment, legal and regulatory requirements, threats, vulnerabilities, security policies etc.).
• General understanding of infrastructure components, including infrastructure security components (e.g. Network security, Firewalls, IDS, IPS etc.)
• Hands-on experience with Microsoft M365 / O365 security suite a plus
• Demonstrated experience in working with an external operations partner
• Experience with protected health information or personally-identifiable information
• Knowledge of current Security standards regulations and frameworks such as HIPPA, ISO/IEC 27001/27002, SOX, NIST, GDPR
• Demonstrable ability to balance and prioritize security requirements with business objectives and financial constraints
• Ability to work independently on initiatives with little oversight
• Strong analytical skills/problem solving/conceptual thinking
• Effective communication skills
• Awareness of Cloud Security Solutions
• Enterprise Incident handling experience
• Experience in leading or coordinating activities across a diverse group of professionals with visibility to senior management
• Excellent organizational, planning, problem solving and decision-making
• Strong interpersonal skills, including verbal, written, and listening skills with the ability to influence and lead others

Physical Demands:

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

While performing the duties of this job, the employee is regularly required to sit, talk, move between spaces, reach with hands and arms and stoop. Close vision and the need to focus on computer screen, use of hands, fingers and wrist to type on keyboard and manipulate mouse. Will need to lift and move boxes of paper and binders weighing up to 20 pounds.

Work Environment:

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.

Typical office setting, staff in cubicles, noise level is moderate with consistent printer, telephone ringing and conversation.

• Medical, Prescription, Dental, Vision Coverage
• Flexible Spending Account & Health Savings Account with Company match
• Employee Assistance Program
• Mental Health Resources
• Disability Coverage
• Life insurance
• Critical Illness and Accident Insurance
• Legal and Identity Theft Protection
• Pet Insurance
• Fertility and Maternity Assistance
• 401(k) with company match
• Flexible Time Off (FTO) and 11 paid holidays
• Paid Parental Leave