Chief Information Security Officer

Accumulus is seeking our first Chief Information Security Officer (CISO). This will be a key leadership role with our Technology Division, responsible for developing a best-in-class security operation for our company and product, as well as guiding Accumulus through a number of important certifications necessary to gain the trust of our sponsors and health authorities.

Starting day one, you will work with our CTO to develop a vision for Accumulus’ security operations and certification portfolio, then begin executing a plan for bringing it to reality. Initially you will be “hands on” - familiarizing yourself with our product and current security stack so as to understand our mission & needs, quickly preparing you to represent Accumulus in critical conversations with our sponsors and global health authorities. From there, you can set about operationalizing the security team we need - bringing in the right blend of skills and competencies via direct hiring and contracting, and putting together the security tech stack to get the job done. Finally, as an early member of our growing leadership team, you will have significant influence in defining Accumulus organizational identity and culture.

Accumulus is a new entity - a non-profit startup funded by some of the most well known companies in pharma. You can expect a unique blend of technical & people leadership, hands-on work, executive and sponsor relationship building and meaningful engagements with global health authorities.

• Envision and staff a security operations team at Accumulus responsible for the Accumulus SaaS platform and IT landscape. Recruit, train and lead an ideal blend of talent combined with the best tech stack you can devise to meet our security needs.
• Develop and own execution of relevant policy & process to support Accumulus’ Quality Management System (QMS). Devise and execute training programs for these policies and processes, and for measuring their effectiveness.
• Participate on Technology architecture team with CTO, Platform Architect and other technical leaders.
• Advise Accumulus product leadership on security requirements and risks for features in our product roadmap.
• Advise executive leadership and our board of directors on security matters pertinent to Accumulus operations.
• Provide security subject matter expertise in Accumulus engagements with our sponsors, health authorities and customers from industry.
• Partner with outside counsel and our business operations division to run an effective Compliance & Risk Management team.
• Orchestrate and obtain FedRAMP certification in support of our commercial launch, followed by additional compliance certifications.

• 10+ years experience in technical roles such as cloud engineering, administration, or as a consulting technologist, w/ minimum of 5 years focused on IT security and risk management.
• Minimum of 3 years as a manager and leader, w/ past experience in hiring and managing highly technical staff (5 or more) and using outsourcing arrangements.
• Knowledgeable regarding information security management frameworks such as ISO/IEC 27001 and NIST.
• Knowledgeable of a variety of compliance frameworks and certifications: FedRAMP, HIPAA/HITECH, SOC-II and GxP’s “Part 11”. You have orchestrated an initial certification under one or more of these programs and/or been responsible for recurring compliance.
• Broad base of relevant technical knowledge to draw upon:
• Cloud infrastructure & devops atop a major CSP: Azure, Google or AWS
• Infrastructure-as-code frameworks
• Scripting or programming ability
• Security specific tools such as Splunk, Fortify, Burp Suite, Nessus and similar
• Broad base of agile and traditional project management skills. Adept in using Scrum/Kanban for organizing teams, while still tracking project progress using more traditional methods (tasks w/ Gantt charts, etc).
• First rate written and verbal communications. Able to distill highly complex, technical concepts to multiple audiences: board members and executives, customers, health authorities and non-technical staff.
• Preferred:
  • Graduate degree (MS in relevant field, MBA or JD) or certifications (CISSP, CISM or similar).
  • Experience w/ Accumulus chosen tech stack (GCP, Terraform, GitLab, Fortify, Splunk, etc)
  • Experience securing a SaaS product in regulated industry (pharma, lifesciences, financial, health, defense)

While we hope the Accumulus mission is what really attracts you, we have a lot to offer in addition. Organizations are built by great people, and to attract great people you need to offer a great employee experience. Accumulus can provide:

• Very competitive compensation w/ bonus plan. We have to compete with big names in tech & pharma for top talent and compensate accordingly.
• 401k matching, immediately vested
• A full benefits package: multiple health plans, vision, dental & life
• 100% remote work. Accumulus is a fully remote organization and we intend to remain so.
• Experienced leadership to mentor you. We’ve drawn successful leaders from pharma with a deep understanding of regulatory affairs and combined them with similarly successful leaders in SaaS product development. Learning opportunities abound.