|
DIRECTOR, CYBERSECURITY GOVERNANCE, RISK, AND COMPLIANCE - Bedford Massachusetts
Company: Lantheus Location: Bedford, Massachusetts
Posted On: 11/19/2024
Lantheus is headquartered in Bedford, Massachusetts with offices in New Jersey, Canada, and Sweden. For more than 60 years, Lantheus has been instrumental in pioneering the field of medical imaging and has helped physicians enhance patient care with its broad product portfolio. Check below to see if you have what is needed for this opportunity, and if so, make an application asap. Lantheus is an entrepreneurial, agile, growing organization that provides innovative diagnostics, targeted therapeutics, and artificial intelligence (AI) solutions that empower clinicians to find, fight and follow disease. At Lantheus, our purpose and values guide our behaviors in all interactions and play a vital role in creating a dynamic environment that contributes to our success. Every employee is crucial to our success; we respect one another and act as one knowing that someone's health is in our hands. We believe in helping people be their best and are seeking to bring together a diverse group of individuals with different viewpoints and skill sets to be a part of a productive and inclusive team. The Director of Cybersecurity Governance, Risk, and Compliance will report directly to the Chief Information Security Officer and is tasked with managing and overseeing the Lantheus cybersecurity risk landscape. You'll be tasked with identifying and assessing cybersecurity risks across business lines, remediating and reporting risk insights to relevant leaders, while providing advice and playing a critical role in Lantheus' regulatory engagement. Cybersecurity GRC focuses on strengthening and guarding the firm from the many risks we face while fostering a transparent and risk-aware culture. Responsibilities include, but are not limited to: - Develop the operating model and a service-oriented customer engagement model supporting all GRC services and capabilities.
- Operationalize GRC capability areas including policy and exception management, security awareness and training, third-party risk management, security reviews and audits, enterprise security risk management, compliance management, business continuity, disaster recovery.
- Establish and provide security metrics and reporting for all GRC services.
- Perform risk assessments addressing security threats, changes to systems and/or applications, process improvement initiatives.
- Monitor the security risk profiles of our suppliers to objectively determine high-risk suppliers that require additional review.
- Maintain cybersecurity risk register.
- Partner with the Enterprise Risk Management and Compliance organization to achieve corporate strategies and objectives.
- Provide oversight and management for the Data Privacy solution and support resources.
- Work with various operational and business teams to drive toward a cohesive view of security risk while driving remediation items to closure. Maintain accurate reporting of remediation activities to bring appropriate visibility to stakeholders.
- Respond to customer security/compliance questionnaires.
- Ensure HIPAA, GDPR, and PCI requirements are adhered to as Globally applicable. Lead annual certification or audit programs associated with achieving compliance with these regulatory requirements. Develop and implement Policies and Processes necessary for the success and support of the GRC program.
- Conduct regular and ongoing Risk Assessments, Global Phishing simulations, Security Controls Analyses, and both Resiliency and Disaster Recovery testing.
- Create and coordinate various Risk Committee(s) to ensure key business/IT initiatives or high-value assets consider and adhere to established risk and Compliance Policies.
- Promote a culture of Security, Risk, and Compliance awareness through organization-wide forums, regular communications, and a robust Security/Risk awareness/training program.
- Develop and deliver the GRC strategic roadmap and investment plan addressing People, Process, and Technology.
Minimum Requirements: |
|