Listing Description

Job Description

Accumulus is seeking a Chief Information Security Officer (CISO).  This will be a key leadership role within our Technology Division, reporting directly to the Chief Technology Officer. The CISO is responsible for maintaining and continuing to develop a best-in-class security operation for our company and product, as well as guiding Accumulus through a number of important certifications necessary to gain the trust of life sciences organizations and health authorities.

Accumulus is a non-profit startup funded by some of the most well known companies in pharma. You can expect a unique blend of technical & people leadership, hands-on work, executive and sponsor relationship building,  and meaningful engagements with global health authorities. 

Responsibilities

• Oversee and grow a security operations team at Accumulus responsible for the Accumulus SaaS platform and IT landscape.


• Develop, update, and own the execution of relevant policy & process to support Accumulus’ Quality Management System (QMS). Devise and execute training programs for these policies and processes, and for measuring their effectiveness.


• Advise Accumulus product leadership on security requirements and risks for features in our product roadmap.


• Advise executive leadership and our board of directors on security matters pertinent to Accumulus operations. 


• Provide security subject matter expertise in Accumulus engagements with our sponsors, health authorities and customers from industry. 


• Partner with legal counsel and our business operations division to run an effective Compliance & Risk Management team.


• Obtain FedRAMP High certification in support of our commercial launch, followed by additional compliance certifications.

Qualifications

• 10+ years experience in technical roles such as cloud engineering, administration, or as a consulting technologist, w/ minimum of 5 years focused on IT security and risk management.


• Minimum of 3 years as a manager and leader, w/ past experience in hiring and managing highly technical staff (5 or more) and using outsourcing arrangements.


• Knowledgeable regarding information security management frameworks such as ISO/IEC 27001 and NIST.


• Knowledgeable of a variety of compliance frameworks and certifications:  FedRAMP,  HIPAA/HITECH, SOC-II and GxP’s “Part 11”.  You have orchestrated an initial certification under one or more of these programs and/or been responsible for recurring compliance.


• Broad base of relevant technical knowledge to draw upon:




• Cloud infrastructure & devops atop a major CSP: Azure, Google or AWS


• Infrastructure-as-code frameworks


• Scripting or programming ability


• Security specific tools such as Splunk, Fortify,  Burp Suite, Nessus and similar.




• Broad base of agile and traditional project management skills. Adept in using Scrum/Kanban for organizing teams, while still tracking project progress using more traditional methods (tasks w/ Gantt charts, etc).


• First rate written and verbal communications.  Able to distill highly complex, technical concepts to multiple audiences:  board members and executives, customers, health authorities and non-technical staff.


• Preferred: 




• Graduate degree (MS in relevant field, MBA or JD) or certifications (CISSP, CISM or similar).


• Experience w/ Accumulus chosen tech stack (Azure, Terraform, GitLab, Fortify, Splunk, etc)


• Experience securing a SaaS product in regulated industry (pharma, life sciences, financial, health, defense)