Information Security Specialist

POSITION: Information Security Specialist

POSTING: 67635 (JNJNJP00067635)

LOCATION: Client Site, Raritan, NJ*

* Hybrid - 3 days in office, 2 days remote

COMPENSATION: The hourly rate is a maximum range of $75.00 to $81.00. This will annualize to an estimated range of $150,000 to $162,000 based on 40 hour work weeks and 50 of 52 working weeks per year. OT is payable at 1.5X base rate and will add to the overall compensation based on actual hours worked.

JOB DESCRIPTION/EXPERIENCE:

Mason-Grey is hiring an Information Security and Compliance consultant with experience in providing security applications controls and assessments for pharmaceutical manufacturers located in Raritan, NJ. As a Cyber Security Analyst, this resource will work within the Information Security and Risk Management department, joining the team responsible for security consulting initiatives of Supply Chain, Make/OT and Deliver Platforms related application support. In this role, this resource will be responsible for security and controls throughout global projects related to Supply Chain applications including CAR-T Cloud-based software controls, and continuous collaboration and follow-ups with the business partners.

Minimum Qualifications

• Bachelor’s Degree in Information Technology, Computer Science, or a related field.
• Minimum 7 years of experience working with security and controls, consulting stakeholders throughout the application implementation process.
• Broad knowledge of information security processes and principles is useful in explaining the business value of cybersecurity.

Additional requirements:

• Experienced in identifying and articulating issues/obstacles regarding application security issues
• Working knowledge of Web/Cloud-based software
• Familiarity with SOX compliance requirements

Preferred Knowledge, Skills and Abilities:

• Certified Information Systems Security Professional (CISSP), CISM, CISA etc..
• Responsible for advancing cybersecurity of our Pharma systems, applications, and integrations across product lines and regions by identifying key risks and controls through security assessments.
• Orchestrate and deliver cybersecurity risk assessments of Supply Chain projects, applications, and the technologies that run them while maintaining awareness of the changing threat landscape.
• Understand and promote risk management activities associated with external regulations and internal policies such as IAPP, GxP, and GDPR.
• Bridge the gap between traditional Information Technology (IT) and business functions by relating cyber threats and vulnerabilities to business imperatives and communicating them to key business leaders.
• Actively advise, assess, and lead Business and IT stakeholders in the development of secure information systems and solutions in line with the organization’s cybersecurity architecture, IAPP policies, and regulatory requirements.
• Maintain connections across peer groups to continuously understand emerging security solutions that are ground-breaking enablers for mitigating supply chain risk.
• Shape the administrative controls for cybersecurity through advisory and assurance services. Support compliance assessments on regulatory (ie GxP or SOX).
• Make recommendations for application security including change, incident management, process enhancements, access management, and change management.
• Consult stakeholders about data classification and privacy, including data encryption and protection.
• Ensure appropriate controls are implemented for CAR-T Applications and coordinate alignment with Internal Audit and IT Compliance.
• Provide metrics and reports on a weekly basis tracking the entire portfolio, application assessment status, and Risk Acceptance status.

All candidates shall be legally authorized to work in the US and are subject to background screening, drug testing and verification of legal status in the United States using eVerify.