Roivant is a global biopharma company improving health by rapidly delivering innovative medicines and technologies to patients. We do this by building Vants - nimble, independent, entrepreneurial subsidiaries focused on delivering results in quick and innovative ways.
Roivant operates as a data-centric incubator, supporting our subsidiaries by building best-in-class technologies to support pharma development and commercialization. Our mission is to improve health by rapidly delivering innovative medicines to patients.
At Roivant, data is our biggest asset and our clear competitive advantage. We want to structure and make our data accessible to power a suite of uses from analytics to full featured “data products” to power the next generation of pharma companies. At Roivant, we're passionate about using data to fix a fundamentally broken pharmaceutical development process. Come join us and help accelerate bringing life-saving therapies to those who need them.
- Will define and document security policies and controls to secure production applications and data.
- Will be required to evaluate the security posture of Lokavant's production applications and infrastructure with respect to the defined controls and policies.
- Will perform continuous vulnerability monitoring of application and infrastructure and address remediations strategies with stakeholders.
- Will evaluate, select and manage relationships with 3rd party security penetration vendors and will schedule and manage attack/pen tests.
- Will liaison with IT security resources and be able to help define and assume additional IT specific related security controls over time.
- Will participate in customer security audits and will assist with systems integrations design that involves security considerations specific to data, transport or authentication/authorization.
- Will define and mature the processes for security audits across the entire organization.
Skills, Qualifications, and Requirements:
- BA/BS degree in Information Technology/Computer Information Systems or related.
- CIA (certified internal auditor), CISA (certified information systems auditor), or CISSP (certified information systems security professional)
- 3-5 years of previous experience in corporate security audit roles.
- Highly motivated, creative problem solver with a can-do attitude and willing to take on multiple responsibilities at once while working in a fast-moving environment and consistently delivering results.
- Demonstrated exposure to SAAS application security concepts and best practices within a contemporary application framework and public cloud-based infrastructure.
- Demonstrated awareness of cyber security trends and hacking techniques.
- Ability to work comfortably under pressure, frequently changing landscape and tight deadlines.
- Ability to think strategically with excellent business judgment.
- Resourceful and relentless: independently capable of seeking information, solving conceptual problems, corralling resources, and delivering results in challenging situations.
- Quick and scrappy learner who adapts well to a fast-moving environment and gets things done, combines creativity, problem-solving skills, and a can-do attitude to overcome any obstacle
- Highly Innovative problem solver possessing strong interpersonal, multi-tasking, organizational, project planning skills, and a demonstrated ability to meet aggressive deadlines
- Excellent verbal and written communication skills; ability to deal with complex problems and present recommendations and findings in a clear, concise format.
- Familiarity with security and regulatory frameworks including but not limited to: NIST, ISACA, HIPAA, GDPR, etc.
- Highly proficient in internal auditing, internal controls, and risk management.
Additional Preferred Qualifications:
- Previous experience in a startup early life cycle product development company.
- Comprehensive understanding of internal control environments within the IT function
- Experience with multiple technology domains including aspects of Windows, Firewalls (functionality), Office 365 Security, Endpoint Security, Multi Factor Authentication, software and networking.
- Experience with leading and managing incident response efforts.