Director, Security Engineering

Successful applicants for this position must be fully vaccinated against COVID-19 as a condition of employment. Vaccine verification will be required.

JOB TITLE: Director, Security Engineering

Position Summary:

Director, Security Engineering builds our security and privacy team in engineering that will work closely with many other functions to ensure we build secure and compliant software solutions. You will be responsible for the overall Security and Privacy in the Engineering organization.

As a senior leader in the IS&T organization, you will lead a team and partner closely with Natera's Chief Compliance Officer (CCO), Data Protection Officer (DPO) and Information Security Officer (ISO) to develop, maintain and execute security and privacy policies into the Engineering development and infrastructure spaces. This will be executed in close alignment with Natera's overall Information Security and Privacy policies, processes and frameworks of the CCO, DPO and ISO.

• As a change agent, seeking opportunities to challenge the status quo to build and manage a security and privacy function in engineering that journey to best-in-class
• Be part of the company security and compliance leadership teams to define strategic plans for security and privacy.
• Work closely with our corporate compliance and privacy team to develop and execute privacy and compliance policies and processes for the software development organization.
• Work closely with and under guidance of our ISO, DPO and IT security team to develop and manage processes, policies and guidelines to ensure secure software development.
• Develop or license applications and tooling that are used every day by Engineering and Security to make their jobs easier and embed security into Natera's software development lifecycle (SDLC).
• Partner with leaders and staff across the Engineering, IT, Compliance and Risk organizations to ensure that security and privacy projects are completed to specification and maintainable.
• Develop and promote a 'security-by-design mindset' across the engineering organization and partner with engineering to ingrain it into day to day software development processes.
• Work with the software operations team to ensure implementation of security risk detection tooling in CI and delivery pipelines.
• Build and own procedures for security and privacy incident management for the developed software solutions.
• Perform needed risk and impact assessments (I.e. PIAs, DPIAs, FMEAs, etc)
• Work closely with the ISO's and DPO's team to update and maintain the corporate Dataflow and Data Repository documentation to ensure its relevance and accuracy.
• Participate in all 3rd party and government regulators compliance assessments.
• Participate as part of Natera's extended Compliance, Information Security and Privacy teams including regular Incident reviews and collaboration/architecture meetings.
• Attract top talent and develop team to ensure high functioning organization while adhering to budgetary constraints

• Bachelor's degree in IT, Computer Science, or similar, or equivalent experience
• 8+ years of leadership experience.
• 10+ years of security engineering experience.
• 5+ years of privacy experience in a complex healthcare organization
• 3+ years of experience creating and implementing strategic security plans and roadmaps.
• 3+ years of experience with technical requirements, design, testing, and implementation of security tools and technologies.

• Excellent verbal, written, and interpersonal communication skills.
• Effective in building partnerships with senior technical, functional and business leaders to forward short-term and longer term security initiatives.
• Ability to build modern agile security processes (ie DevSecOps) that ensure security and privacy pragmatically
• Familiarity with any of the technologies used in our stack is a strong plus - Java, APIs, Python,MyAQL, Kafka, Redis, Snowflake, AWS, GCP, Terraform and Kubernetes.
• Practical and current knowledge of IT security risk profiles and mitigation strategies, patterns and technical solutions.
• Deep technical knowledge of the current threat landscape in relevant environments (web, cloud platforms, on-premise).
• Deep familiarity with relevant security frameworks and regulations such as HIPAA, GDPR, CCPA, SOC-2 Type 2, HITRUST, NIST Cybersecurity Framework, AWS Well-Architected.
• Industry Security and Privacy certifications are a plus (like CISSP, CISM, CIPT, CEH, CCSK).