About Krystal Bio:
At Krystal Biotech, Inc., we bring together the brightest and most eager minds to relentlessly pursue the discovery, development and commercialization of gene delivery medicines for patients with serious and life-threatening genetic diseases. Founded in 2016, Krystal is a leader in gene therapy. Krystal received U.S. FDA approval for the first-ever redosable gene therapy treatment, VYJUVEK™, for the treatment of Dystrophic Epidermolysis Bullosa. Krystal continues to leverage our proprietary platform to develop new treatments across a robust clinical pipeline. Krystal Biotech is based in Pittsburgh, PA which is home to our two state-of-the-art GMP facilities. Additional offices are situated in Boston, MA and in Zug, Switzerland.
Join us on our journey to implement our mission to identify, develop and deliver genetic medicines to patents!
Job Description Summary:
Krystal Biotech, Inc is seeking a highly motivated Director of Information Security to oversee our enterprise’s security and responsible for defining an information security program and roadmap that optimizes key controls to identify, prevent, detect, escalate, respond and recover from information security related risks and incidents. The role will ensure that Krystal’s systems comply with all legal, regulatory, industry requirements (e.g. SOX, ISO27001, NIST, etc.), corporate policies, standards, and procedures.
This position required a strategic view with tactical execution and partnering across the organization to provide the highest levels of information security with equal focus on people, processes and technology.
Primary Responsibilities:
Lead and motivate a team of indirect reports along with a cross functional team to design, implement, and assess controls that are designed to protect Krystal’s information and supporting technology platforms. The position is responsible for serving as the Security subject matter expert supporting processes, continuous improvement, corrective and preventive actions and driving automation of controls. This function includes, but is not limited to, independently performing complex and often unique work assignments and problem resolution within enterprise projects and functions.
- Own Enterprise Information Security Program to drive risk mitigation, meet compliance requirements, and oversee operational controls
- Develop and execute on tactical and strategic goals to ensure a comprehensive information security program and roadmap. Establish annual security and compliance goals are met
- Implement standards, governance and security policies that reduce vulnerability
- Ensure effective identity and access management (IAM) controls are deployed and used
- Communicate information security policies, standards and guidelines across the company
- Provide current status reporting of the information security program to the Executive Team
- Manage the people, processes and technologies that provide situational security awareness through the detection, containment, and remediation of IT threats
- Assure ongoing penetration, vulnerability, disaster recovery, and data breach tests occur.
- Collaborate with all areas of IT and Business led IT to mitigate vulnerabilities and implement security measures
- Integrate security into the development lifecycle for new solutions
- Oversee the Information Security Committee
- Apply risk management methods to information technology in order to manage IT risk
- Protect integrity, availability, authenticity, non-repudiation and confidentiality of data
- Work with internal auditors and outside advisors on required security assessments
- Support and guide disaster recovery planning and testing
- Lead security incident management including planning, testing, and remediation activities. Provide immediate response and action plans in the event of a data security threat or issue. Act as primary control point during significant information security incidents
- Promote a data privacy culture by advocating best practices, advising associates on how to deliver compliance, and informing key stakeholders on their obligation to adhere to those laws when dealing with personal data
Requirements and Desired Competencies:
- A Bachelor’s Degree in a technical field (engineering, computer science, mathematics, statistics, management information systems, operations research, etc.) is required.
- M.S. or M.B.A. is strongly preferred.
- Certified Information Systems Security Professional (CISSP) - Strongly Desired
- Good presentation skills and excellent written and verbal communication skills.
- Interpersonal skills and ability to interact and work with staff at all levels.
- Ability to work independently and in a team environment.
- Ability to pay attention to details and be organized.
- Ability to project professionalism and to handle multiple tasks in a fast-paced environment.
- Commitment to “internal client” and customer service principles
- Depth in modern technology stacks, specifically infrastructure, software engineering, data and analytics, and cloud - both public and “hybrid” models.
- Has 10+ years of experience leading information security in a complex enterprise and possesses a strong understanding of data privacy and protection.
- Demonstrated track record of information security transformation - A thought leader in the delivery of innovative cyber and risk management solutions through security rigor.
- Ability to travel 50% of the time (if not local to Pittsburgh area)
Krystal Biotech, Inc. is an Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Headhunters and recruitment agencies may not submit resumes/CVs through this Web site or directly to managers. Krystal Biotech, Inc. does not accept unsolicited headhunter and agency resumes.
Krystal Biotech, Inc. will not pay fees to any third-party agency or company that does not have a signed agreement with Krystal Biotech, Inc.
