InfoSec Engineer (3rd Party Risk) (DTJ)

InfoSec Engineer (3rd Party Risk) (DTJ) Req ID #:  178508 Location: 

US At Charles River, we are passionate about improving the quality of people’s lives. When you join our global family, you will help create healthier lives for millions of patients and their families. 

Charles River employees are innovative thinkers, who are dedicated to continuous learning and improvement. We will empower you with the resources you need to grow and develop in your career. 

As a Charles River employee, you will be part of an industry-leading, customer-focused company at the forefront of drug development. Your skills will play a key role in bringing life-saving therapies to market faster through simpler, quicker, and more digitalized processes. Whether you are in lab operations, finance, IT, sales, or another area, when you work at Charles River, you will be the difference every day for patients across the globe.

IMPORTANT:   In order to be considered for this position, a resume/CV must be uploaded and submitted during the application process.  Please make sure work history and education are added correctly.   

  Job Summary The InfoSec Engineer (3rd Party Risk) is a subject matter expert (SME) who works as part of a team to assess cybersecurity and technology risk against established frameworks, standards, policies and methodologies. The individual reviews and recommends controls and best practices, and continually evaluates risk exposure and tolerance as defined by business leaders and external entities. The role also reviews and documents deficiencies, advocates for change, and when appropriate, escalates issues to senior risk leadership. The individual focuses on third-party risk, as well as risks within internal and business-controlled areas of security, technology and business processes. With an emphasis on securing systems, applications, third-party connections, service providers and ancillary systems, the security engineer is responsible for securing business-to-business initiatives, third-party relationships, outsourced solutions and vendors. Practical hands-on technology experience in security principles, risk management and some business acumen is ideal.

Essential Duties and Responsibilities 

•Serve on a distributed risk team responsible for reviewing and documenting where security and technology controls are adequate, as well as areas requiring improvement and where risk is too high. 

•Recommend risk reduction steps to be implemented and maintained through policies, procedures, frameworks and technical controls. 

•Work closely with risk management and security leadership, teammates and stakeholders to evaluate and recommend models aligning with organizational risk posture.

•Analyze workflows, design documents and procedures to identify gaps in risk posture and risk acceptability based on controls. 

•Create and present risk posture discovery and recommendation reports to risk management leadership.

•Monitor plans of action and milestones for risk remediation requirements from internal and external security assessments, vulnerability reports, audit findings and security gaps.

•Liaison with technical and business teams related to business continuity and disaster recovery requirements.

•Provide strong oversight of third parties, vendors and business partners to safeguard against undue risk presented by external entities. 

•Perform other duties as assigned.

  Job Qualifications Qualifications:

•Education:  Bachelor’s degree (B.A./B.S.) or equivalent in computer science, information technology, or related discipline.

•Experience:  Minimum of 3-5 years related experience in IT security, 2+ years is risk management preferrable.

•An equivalent combination of education and experience may be accepted as a satisfactory substitute for the specific education and experience listed above.

•Certification/Licensure:  IT security related certification desired (e.g., Security +, CISSP, CRISC, GCCC, GSEC, or similar professional certification).

Preferred:  

•Understanding of HIPAA-HITECH, PCI, SOX, GxPs, Data Privacy regulations, etc.

•Knowledge of IT and information security best practices.

•Able to handle moderate problem resolution with general supervision.

•Experience in risk assessment, audit, and IT security assessments.

•Must have strong interpersonal, teamwork, self-initiative skills.

IMPORTANT: A resume is required to be considered for this position. If you have not uploaded your resume in your candidate profile, please return to upload field and attach your resume/CV. 

About Corporate Functions

The Corporate Functions provide operational support across Charles River in areas such as Human Resources, Finance, IT, Legal, Sales, Quality Assurance, Marketing, and Corporate Development. They partner with their colleagues across the company to develop and drive strategies and to set global standards. The functions are essential to providing a bridge between strategic vision and operational readiness, to ensure ongoing functional innovation and capability improvement.  

About Charles River

Charles River is an early-stage contract research organization (CRO). We have built upon our foundation of laboratory animal medicine and science to develop a diverse portfolio of discovery and safety assessment services, both Good Laboratory Practice (GLP) and non-GLP, to support clients from target identification through preclinical development. Charles River also provides a suite of products and services to support our clients’ clinical laboratory testing needs and manufacturing activities. Utilizing this broad portfolio of products and services enables our clients to create a more flexible drug development model, which reduces their costs, enhances their productivity and effectiveness to increase speed to market.

With over 17,000 employees within 90 facilities in 20 countries around the globe, we are strategically positioned to coordinate worldwide resources and apply multidisciplinary perspectives in resolving our client’s unique challenges. Our client base includes global pharmaceutical companies, biotechnology companies, government agencies and hospitals and academic institutions around the world. And in 2019, revenue increased to $2.62 billion.

At Charles River, we are passionate about our role in improving the quality of people’s lives. Our mission, our excellent science and our strong sense of purpose guide us in all that we do, and we approach each day with the knowledge that our work helps to improve the health and well-being of many across the globe. We have proudly supported the development of ~85% of the drugs approved by the FDA in 2019.

Equal Employment Opportunity

Charles River Laboratories is an Equal Opportunity Employer - all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.

If you are interested in applying to Charles River Laboratories and need special assistance or an accommodation due to a disability to complete any forms or to otherwise participate in the resume submission process, please contact a member of our Human Resources team by sending an e-mail message to crrecruitment_US@crl.com. This contact is for accommodation requests for individuals with disabilities only and cannot be used to inquire about the status of applications.

For more information, please visit www.criver.com.

Job Segment: Manufacturing Engineer, Pharmaceutical, Quality Assurance, Information Security, Biotech, Engineering, Science, Technology