POSITION TITLE: Sr. Director, Head of Information Security (CISO)
Successful applicants for this position must be fully vaccinated against COVID-19 as a condition of employment. Vaccine verification will be required.
LOCATION: San Carlos, CA or Austin, TX
The Sr. Director, Head of Information Security is a senior-level executive within Natera is responsible for establishing and maintaining the global enterprise's strategy and program to ensure information assets and technologies are protected. The role will work cross-functionally across the Natera organization to manage and oversee all aspects of application and corporate security and infrastructure, maintaining a thorough understanding of the current threat and attack landscape and latest security trends and principles.
To be successful, this role requires credibility and deep and broad expertise in security related executive leadership within a complex global business environment. Must be a strong leader, with the ability to influence throughout the organization and effectively communicate a business vision, key objectives, and security needs. Experience with highly sensitive consumer and regulated data and maintaining its security as a top priority; understanding cloud platform and technology at scale.
- Own strategy and vision for corporate information security, inclusive are application security, infrastructure security, and data security.
- Assess current needs; develop, implement, and monitor a strategic and comprehensive enterprise-wide information security and risk management program to ensure the integrity, confidentiality, and availability of information owned, controlled or processed by Natera.
- Oversee critical cybersecurity areas including incident response, disaster recovery, awareness, monitoring, remediation, information governance, and digital security.
- Develop and oversee the development and enforcement of security policies and procedures based on industry- standard best practices.
- Build strong relationships within the security organization and across the enterprise order to implement the appropriate security controls to protect the enterprise.
- Partner closely with executive leadership to ensure that all applications and platforms are developed with security in mind and that appropriate security controls have been implemented while driving continuous investment into the Cyber security areas
- Promote and oversee strategic security relationships between internal and external entities.
- Utilize business-relevant metrics to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation and increase the maturity of the security program.
- Work closely with internal stakeholders and business units to keep abreast of planned changes to technologies, working practices, and business activities that could have an impact on the organization's Information Security or risk profile
- Manage SOC2 audit process and assess other certifications (e.g. ISO 27001/27002, NIST-CSF, HITRUST) as appropriate, designing plans to satisfy regulatory and compliance requirements related to security and privacy.
- Direct and assist as necessary, investigations into information security breaches liaising with the Legal, Risk and Privacy teams on data protection legislation ensuring root-causes of such breaches are understood and addressed
- Grow and manage information security team / strategize and think through team structure and growth. Directs staff in identifying, developing, implementing, and maintaining processes across the enterprise
- Bachelor/Master's degree in Computer Science, Engineering, or related fields.
- 12+ years in security management function, leading initiatives across an organization. Previous company-wide leadership experience is required
- 8+ years of people management experience, leading teams to build systems, practices and policies that comply with important security standards
- Proven experience leading certifications and audits program, and adept at managing external service providers.
- In-depth expertise in security framework and certifications for public and regulated global industries, including COSO, ISO 27001/27002, HITRUST, FDA.
- Significant experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of the business
- Ability to communicate security risks in business terms that can be clearly understood at all levels of the organization
- Experience managing and configuring web applications hosted on AWS & Azure
- An excellent understanding of legislation and regulations that impact information Security E.g. GDPR, CCPA, Data Protection Act (2018), Freedom of Information Act, PCIDSS
- An understanding of current and emerging threats and countermeasures and the organizational challenges to addressing these threats
- An understanding of Application Security threats and countermeasures
- A good practical knowledge of security technologies and wider business solutions including Firewalls, IDS/IPS, Identity and access management, SIEM, Data Loss Protection, BCP, remote working and cloud Security
- Working knowledge in the areas of Risk, Compliancy and Privacy desirable
- Excellent people leadership skills - providing direction, monitoring performance, motivating staff and building a positive working environment
- Duties are typically performed in an office setting. This position requires the ability to use a computer keyboard, communicate over the telephone and read printed material.
- Duties may require working outside normal working hours (evenings and weekends) at times.
- Travel required for this position: No
Driven by the passion for elevating the science and utility of genetic testing, Natera is committed to helping families identify and manage genetic diseases. Natera is a rapidly-growing diagnostics company with proprietary bioinformatics and molecular technology for analyzing DNA. Our complex technology has been proven clinically and commercially in the prenatal testing space and we are actively researching its applications in the liquid biopsy space for developing products with oncology applications.
The Natera team consists of highly dedicated statisticians, geneticists, doctors, laboratory scientists, business professionals, software engineers and many other professionals from world-class institutions, who care deeply for our work and each other. When you join Natera, you'll work hard and grow quickly. Working alongside the elite of the industry, you'll be stretched and challenged, and take pride in being part of a company that is changing the landscape of genetic disease management.
WHAT WE OFFER
Competitive Benefits - Employee benefits include comprehensive medical, dental, vision, life and disability plans for eligible employees and their dependents. Additionally, Natera employees and their immediate families receive free testing in addition to fertility care benefits. Other benefits include pregnancy and baby bonding leave, 401k benefits, commuter benefits and much more. We also offer a generous employee referral program!
For more information, visit www.natera.com.
Natera is proud to be an Equal Opportunity Employer. We are committed to ensuring a diverse and inclusive workplace environment, and welcome people of different backgrounds, experiences, abilities and perspectives. Inclusive collaboration benefits our employees, our community and our patients, and is critical to our mission of changing the management of disease worldwide.
All qualified applicants are encouraged to apply, and will be considered without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, age, veteran status, disability or any other legally protected status. We also consider qualified applicants regardless of criminal histories, consistent with applicable laws.