Senior Manager, IT Security

Job Description

The Senior Manager, Information Security will play a key role at Exelixis by focusing on enhancing the security posture of our corporate infrastructure and organization. This position will work closely with the other members of the department to execute and enhance a comprehensive information security program. This includes defining and implementing security policies, processes, and standards. This position will select and deploy technical technologies to meet specific security requirements and defines processes and standards to ensure that security configurations are maintained.

Qualifications

ESSENTIAL DUTIES AND RESPONSIBILITIES: Integrate with various teams on technology initiatives to improve security of our systems and operations. Document policies, processes, and controls. Evaluate and enforce IT security controls, security policies, and secure computing practices. Perform scheduled vulnerability scanning, patch management and reporting. Assess and manage vendor risk. Manage a diverse set of security platforms and generate reports for senior leadership consideration. Operate SIEM and other intelligence systems to monitor the environment for actionable events. Manage security tools and services for authentication, authorization and other security services. Participate in monthly, quarterly and annual security and compliance audits by providing evidence and metrics and improving the process through tools and automation. Coordinate incident response, analysis, remediation, and cleanup. Partner and coordinate with Security service providers. Follow industry and Exelixis best practices and procedures in a SOX and an FDA regulated environment. Mentor and cross train team members. Work off hours and weekends as required. 24/7/365 on-call availability for emergency escalations.

SUPERVISORY RESPONSIBILITIES: Directing work only (no direct reports, but directing work to a CMO, Consultant or 3rd party.)

EDUCATION/EXPERIENCE/KNOWLEDGE & SKILLS:Education: BS/BA degree in related discipline and eight years related experience; or, MS/MA degree in related discipline and six years related experience; or, Equivalent combination of education and experience. IT Security Certifications (SANS, ISACA, (ISC)2, GIAC, etc.)

Experience: Experience in IT Security or related infrastructure administration in a highly available and production environment. Experience securing Cloud environments. Experience in management of secure coding practices. Technical lead experience is preferred. Experience implementing and following security frameworks or compliance standards, such as PCI-DSS, CIS Controls, NIST, COBIT, etc Experiencing managing complex projects with various stakeholders. Experience assessing, designing, and implement network and security solutions for corporate and Cloud-based network. Experience working in a SOX and FDA regulated environment is a plus.

Knowledge/Skills: Comprehensive knowledge and experience with security such as vulnerability management, incident response, threat management, and others. General knowledge of CLI and scripting language experience (Python, PowerShell, etc) Comprehensive knowledge of DNS, network protocols, firewalls, VPNs, web application firewalls, email security, IPS/IDS, SIEM, DLP, cryptography, application whitelisting and endpoint protection. Ability to engage and collaborate with employees to leverage security to help the organization succeed. Strong ability to interface with internal customers and technical staff. Strong customer-facing skills (oral, written, and verbal skills); ability to define and articulate complex process flows. Ability to organize and prioritize numerous tasks and completes them under time constraints. Ability to work with minimal guidance, to adapt to frequent priority changes, and response to ad-hoc requests

WORKING CONDITIONS: Primarily working indoors in office scenarios. 24/7/365 on-call availability for emergency escalations.

#LI-LC1

Additional Information

DISCLAIMER

The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to the job.

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.