Director of Information Security Operations

Labcorp is in the process of spinning-off its Drug Development business, and is offering a key position for a Director of Information Security Operations. This role will oversee the strategic and operational aspects of our security operations program, as we expand our information risk management and compliance programs.

The Director will be responsible for identifying and implementing industry best practices related to operational metrics and oversight of Managed Security Service Providers (MSSPs), as well as key security controls, incident response, and threat and vulnerability management. Working closely with business owners and IT, the Director will provide support throughout internal and external assessments, including PCI-DSS, HIPAA, and Sarbanes-Oxley.

As Labcorp undergoes this strategic expansion, this is an exciting opportunity to join us at a pivotal moment in our history and have a lasting impact as the leader of our information security program.

Responsibilities include but are not limited to:

• Definition, oversight, and governance of the functions of the Security Operations team so as to ensure data security and regulatory compliance, including the identification and management of multiple security, risk, and performance metrics
• Lead staff to proactively identify, prevent and respond to security incidents
• Lead and manage security incidents from identification through remediation
• Management of Information Security Operations staff, including resourcing, mentoring, and career development
• Management of security controls and programs including vulnerability management, incident response, remediation programs, change management, etc.
• Contribute to and coordinate audit management efforts with regulators, internal and external auditors
• Contribute to the development of standards, procedures, and guidelines for multiple security controls
• Act as security advisor and SME to business and IT groups as needed
• Interface with law enforcement and sector resources as needed
• Drive continuous performance improvements in incident response and mitigation of threats and vulnerabilities

Requirements:

• Normally B.S. Degree required w/7-10 years of experience.
• 5 years' experience managing information security teams
• 5 years' direct experience in information security operations, including SIEM, IDS/IPS, network security, antimalware, email security, patching and lifecycle management, endpoint security, and incident response
• 5 years' experience in handling enterprise audit engagements and the associated documentary and governance obligations
• Strong understanding of, and experience with, PCI-DSS and HIPAA
• Detailed understanding of risk management best practices, tools, and technologies, including gap analyses, compensating control methodologies, etc.
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT and ones from NIST, SANS, etc.
• Ability to design and write technical instructions for policies and procedures
• Excellent oral and written communication skills
• CISSP, CISM, or 10 years' experience in multiple security domains
• Certification and experience in SCADA security and/or laboratory/equipment security a strong plus.
• Advanced education/certification in SDLC and/or Application Security a strong plus
• Experience with the implementation and oversight of fusion centers is a plus
• Experience in security programs in the healthcare and/or life sciences is a plus
• Expertise in Cloud Security Domains is a plus; CCSP certification is a strong plus
  • Cloud Concepts, Architecture, and Design
  • Cloud Data Security
  • Cloud Platform and Infrastructure Security
  • Cloud Application Security
  • Cloud Security Operations
  • Legal, Risk and Compliance

As a leading contract research organization (CRO), Labcorp Drug Development provides comprehensive drug development solutions for a range of industries. Our services cover the preclinical, clinical and post-market phases of drug development, the product life cycles for medical device and diagnostics and development services paired with regulatory support for the chemical testing and crop protection industries.

Labcorp Drug Development is a global leader in nonclinical safety assessment, clinical trial testing and clinical trial management services. Our unique perspectives are based on decades of scientific, medical and regulatory expertise.

Did you know?

In July 2022, Labcorp announced its intention to spin off its clinical development business as a separate public company, subject to the satisfaction of certain customary conditions. Fortrea will become the new brand identity for our Clinical Development business in connection with the spin-off, which is expected in mid-2023.

We believe that the exceptional is possible when you have the right partner, so we are looking for the right people to help build a transformative force in Clinical Development. www.fortrea.com

Labcorp is proud to be an Equal Opportunity Employer:

As an EOE/AA employer, Labcorp strives for diversity and inclusion in the workforce and does not tolerate harassment or discrimination of any kind. We make employment decisions based on the needs of our business and the qualifications of the individual and do not discriminate based upon race, religion, color, national origin, gender (including pregnancy or other medical conditions/needs), family or parental status, marital, civil union or domestic partnership status, sexual orientation, gender identity, gender expression, personal appearance, age, veteran status, disability, genetic information, or any other legally protected characteristic. We encourage all to apply.

For more information about how we collect and store your personal data, please see our Privacy Statement.