Manager, IT Risk and Compliance

Gilead's mission is to discover, develop, and deliver therapies that will improve the lives of patients with life‑threatening illnesses worldwide. The Manager, IT Risk and Compliance is a key member of the Security Risk Compliance (SRC) - DP team and works closely with the legal Privacy & Data Ethics (P&DE) team, and other IT teams to ensure privacy program and controls are in place. They will serve as a subject matter expert on Information Security and Privacy principles; company policies and standards; and regulatory requirements as they pertain to data privacy. The person in this position will be required to understand and communicate the reporting requirements as defined by company policy and interpret and apply the concepts and requirements when processing and managing privacy and security incidents.

Key Responsibilities

• Develop / update / maintain data related privacy policies, standards and documentation.
• Contribute directly to the data privacy program strategy and roadmap.
• Be responsible for working on and leading Data Privacy related projects, project tasks and deliverables.
• Serve as an initial point of contact & escalation for other team members, operational teams & works relating to Data Privacy (i.e. PIAs / Vendor Security Assessments and contract reviews and security rider updates) and escalate when appropriate.
• Provide assessor / manager related lead activities for Data Privacy Incidents (DPIs) & work collaboratively with the Cybersecurity / SOC team for interactions between DPIs and SOC Security incidents.
• Lead inputs for Data Privacy related assessments providing review / approval for resultant reports.
• Participate in requirements for and reviews of vendor proposals.
• Support the Privacy Champions group by delivering awareness and education beyond IT to other Gilead business units.
• Drive continual improvements for the creation and delivery of Data Privacy educational, training and orientation programs for all employees, contractors and other appropriate third parties.
• Maintain current knowledge of application U.S and EU and global data protection laws and accreditation standards.
• Builds and develops strategic working relationships across business groups and provide lead coverage on more complex issues.
• Review system‑related information security plans throughout the practice / organization’s network to ensure alignment between security and privacy practices.
• Provide support and conduct reviews of contracts, service level and evaluation agreements.
• Collaborates within various business groups to analyze and evaluate reported potential privacy incidents to determine whether a loss of sensitive data, protection health information, policy violation, and / or cyber or other threat to the enterprise has occurred.
• Analyses and identifies trends from privacy and security reportable issues.
• Define and creates privacy and security reportable issues metrics and reports.
• Participate in other activities relating to security and privacy incident management.

Basic Qualifications

Preferred Qualifications

People Leader Accountabilities

Create Inclusion - knowing the business value of diverse teams, modeling inclusion, and embedding the value of diversity in the way they manage their teams.

Develop Talent - understand the skills, experience, aspirations and potential of their employees and coach them on current performance and future potential. They ensure employees are receiving the feedback and insight needed to grow, develop and realize their purpose.

Empower Teams - connect the team to the organization by aligning goals, purpose, and organizational objectives, and holding them to account. They provide the support needed to remove barriers and connect their team to the broader ecosystem.

Share : #J-18808-Ljbffr