Cybersecurity Architect

Job Description

General Summary:

The Cybersecurity Architect is responsible for establishing and maintaining a comprehensive information security management program to optimize the organization's cybersecurity posture to protect and enable Vertex's mission. This role provides vision, strategic leadership and management of cybersecurity governance, policy, strategy, risk management, engineering, day to day operations, cybersecurity incident response, vendor risk assessment, and privacy by design for a set of new medicine launches at Vertex. This role maintains strong business relationships across the organization, including DTE, legal, HR, compliance and risk, and privacy.

Key Duties and Responsibilities:

• Define and execute new platform cybersecurity strategy

• Stay up to date on emerging technologies, cybersecurity threats and risk management to provide direction on which technologies should be assimilated

• Evangelize cybersecurity across the organization

• Ensure the risk posture and security, audit and fraud detection programs (including SOC 2, HITRUST, ISO) support successful platform operations

• Integrate vulnerability detection and incident response protocols to provide visibility across digital platforms enabling operational security efficiency

• Identify application/operating systems vulnerabilities and assist in their remediation

• Analyze cybersecurity risks across the organization and work with business/system/information owners to develop mitigation plans

• Lead efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for Vertex's information and technology systems

• Create security policies, standards, controls, and cyber incident response planning

• Participate in security compliance efforts (e.g., SOX, GxP)

• Interfaces with other IT functional area leaders to define and support initiatives and solutions for improving the security, efficiency and effectiveness of their services

• Manage and develop teams and individuals

• Develops and manages to a budget and develops accurate forecasts

• Oversees and coordinates relationships with vendors

Knowledge and Skills:

• Proven background in security architecture, consulting and operations management experience and a solid background in the development and execution of an enterprise-wide information security program

• Broad understanding of cybersecurity controls, frameworks and practices

• Demonstrated knowledge and understanding of IT security practices and how they apply to life sciences

• In-depth understanding of computer network technology and network operations

• Comprehensive knowledge of cyber threats and attacks experienced by life science organizations

• Ability to understand and explain complex technical processes and security issues to others

• Proven leadership approach that is engaging, imaginative, and collaborative, including the ability to work with other senior leaders to set the best balance between security strategies and other priorities

• Proven experience cultivating product direction and innovative solutions while fostering effective technology and operational culture

• Ability to think strategically and act tactically

• Excellent communication skills including the ability to produce strategic documents, present ideas and solutions to non-technical audiences, and listen effectively to understand user needs

• Effective influencing and negotiating skills when working across business units and with vendors

• Demonstrated ability to lead diverse teams within a complex and fast-paced environment

• Ability to ask questions, constantly learn, adapt and evolve

• Knowledge of cybersecurity best practices and a background in one or more of the following: security architecture, security and risk management consulting, security operations, incident response

• Industry recognized security certification (e.g., CISSP, CISM, etc.)

Education and Experience:

• Bachelor's degree or equivalent experience

• Typically requires 12 years of work experience and 5 years of management/supervisory experience, or the equivalent combination of education and experience

Flex Designation:

Hybrid-Eligible Or On-Site Eligible

Flex Eligibility Status:

In this Hybrid-Eligible role, you can choose to be designated as:

1.Hybrid: work remotely up to two days per week; or select

2.On-Site: work five days per week on-site with ad hoc flexibility.

Note: The Flex status for this position is subject to Vertex's Policy on Flex @ Vertex Program and may be changed at any time.

Company Information

Vertex is a global biotechnology company that invests in scientific innovation.

Vertex is committed to equal employment opportunity and non-discrimination for all employees and qualified applicants without regard to a person's race, color, sex, gender identity or expression, age, religion, national origin, ancestry, ethnicity, disability, veteran status, genetic information, sexual orientation, marital status, or any characteristic protected under applicable law. Vertex is an E-Verify Employer in the United States. Vertex will make reasonable accommodations for qualified individuals with known disabilities, in accordance with applicable law.

Any applicant requiring an accommodation in connection with the hiring process and/or to perform the essential functions of the position for which the applicant has applied should make a request to the recruiter or hiring manager, or contact Talent Acquisition at ApplicationAssistance@vrtx.com