JobsEQ by Chmura Logo

Senior Associate Security Assessments

Pfizer

Location: Tampa, Florida
Type: Full-Time, Non-Remote
Posted on: April 29, 2021
This job is no longer available from the source.
Why Patients Need You Technology impacts everything we do. Pfizer’s digital and ‘data first’ strategy focuses on implementing impactful and innovative technology solutions across all functions from research to manufacturing. Whether you are digitizing drug discovery and development, identifying solutions, or making our work easier and faster, you will be making a difference to countless lives.
The Global Information Security (GIS) organization delivers proactive cyber defense for the global Pfizer enterprise.  Our mission is to secure all of Pfizer’s information assets ranging from the manufacturing floor to the core data centers and out to the patient facing solutions.    We achieve this mission through a team of world-class talent, utilizing top-tier technologies, advanced analytics, and the promotion of a cybersecurity ownership culture across the company.  Additionally, Global Information Security oversees the compliance aspects of vendor engagements involving technology, including suppliers providing clinical services to the Pfizer business lines.
What You Will Achieve You will help Pfizer safeguard its robust information technology systems. You will evaluate, develop and maintain information security policies, procedures and systems. You will also test hardware, firmware and software for possible impact on systems security. You will play an important role in ensuring that information security architecture/designs, controls, processes, standards, policies and procedures are aligned with information security standards and overall information security.
As a Senior Associate, your knowledge and skills will contribute towards the goals and objectives of the team.  Your focus and ability to meet team targets will help in completing critical deliverables. Your innovative use of communication tools and techniques will facilitate in explaining difficult issues and establishing consensus between teams.
It is your dedication and focus that will help in making Pfizer ready to achieve new milestones and help patients across the globe.
The Security Assessment Senior Associate role will partner with the Global Product Development Information Management team to plan and conduct assessments of new suppliers or suppliers with new services, and for reassessments of existing suppliers. The Security Assessment Senior Associate will support the operation of the tools and processes associated with Vendor & Supplier Assessments activities leveraging a suite of Supplier Risk Assessment tools. The position, leveraging Risk Assessment tools, will support risk awareness, remediation and closure tracking within 3rd party supplier environments supporting the needs of GIS Secure Business Enablement and GIS C&RRM team.  The Security Assessment Senior Associate will also work routinely in the Cyber Risk Management Tool suite (IPRM / Vulnerability Risk Tracker) identifying and recommending enhancement opportunities which arise because of new or changing business requirements.
The position requires a demonstrated aptitude to rapidly apply expertise in a complex business and technical environment along with a proven ability to build partnerships with peer organizations across Pfizer.
How You Will Achieve It This role will have the following primary responsibilities, but will often act under the support and direction of the Manager of Assessment Operations:
• Provide support to the GPD Information Management coordinating/scoping assessments and to the Digital Supplier Assessment service conducting assessments.
• Perform daily routines in the suite of IPRM Risk Management services: Personnel Qualification, Records Management and Vendor Assessments routines. Responsible for GPD stakeholder management and communication of environmental changes and enhancements for Risk Management Service Operations.
• Create Work Orders for the individual system assessments and facilitate the business approval of the respective Work Orders.
• Perform pre-assessment supplier scoping (identifying critical business process requirements, requesting/evaluating supplier system inventory) and supplier system scoping (evaluating the system inventory responses provided by the supplier), conducting all communications with the Supplier, as appropriate.
• Initiate the Digital supplier assessment service and ensure supplier technology is appropriately assessed, based upon the services provided by the supplier, the studies supported by the supplier, and the categorization and risk of the data being processed and/or hosted by the supplier.
• Liaise with the (Digital) Supplier Assessment service owner regarding assessment conduct.
• Facilitate a review of the draft supplier assessment report with all appropriate parties (e.g., GPD Vendor Leads, Digital Risk Management, Supplier); Route the final supplier assessment report for approval.
• Store the approved assessment reports in the appropriate document repository.
• Track supplier assessment remediation through completion and closure, liaising with the supplier and the respective GPD Vendor Leads.
• Create the forecast of supplier assessments and reassessments, based upon supplier and system risk.
Qualifications Must-Have • BS required; Information Security, Information Technology, Computer Science, Engineering or related majors preferred
• Ability to proactively solve complex problems both individually and as part of a team
• Basic understanding of cyber risk evaluation / risk management principles
• Understanding of Information Security principles and application
• Experience with conducting audits and/or assessments
• Support Cyber Security Risk team’s efforts in cyber risk quantification to evaluate effectiveness or recommend improvements in application across Pfizer’s suite of Cyber Risk Management tools
• Ability to champion security risk ownership and assessment operational excellence across Pfizer through the clear communication of shared outcome goals and insight into performance metrics that shape behavior
• Demonstrated commitment to training, self-study and maintaining proficiency in the technical cyber security domain
• Organizational, planning, and administrative abilities and the ability to coordinate multiple complex projects simultaneously
• Experience leading and participating in matrixed teams comprised of both internal and external stakeholders
• Ability to prioritize and execute assessment activities with minimal direction or oversight
• Proven track record of successfully managing and executing on short term and long-term projects
• Ability to set and manage expectations with key stakeholders and team members
Nice-to-Have • 2-5 years of experience in pharmaceutical or other regulated industry
• Experience with the Microsoft Office suite, basic skills managing SharePoint sites and basic understanding of Visualization and Reporting tools
NON-STANDARD WORK SCHEDULE, TRAVEL OR ENVIRONMENT REQUIREMENTS
Domestic and International travel of 10% (as required).
Sunshine Act
Pfizer reports payments and other transfers of value to health care providers as required by federal and state transparency laws and implementing regulations.  These laws and regulations require Pfizer to provide government agencies with information such as a health care provider’s name, address and the type of payments or other value received, generally for public disclosure.  Subject to further legal review and statutory or regulatory clarification, which Pfizer intends to pursue, reimbursement of recruiting expenses for licensed physicians may constitute a reportable transfer of value under the federal transparency law commonly known as the Sunshine Act.  Therefore, if you are a licensed physician who incurs recruiting expenses as a result of interviewing with Pfizer that we pay or reimburse, your name, address and the amount of payments made currently will be reported to the government.  If you have questions regarding this matter, please do not hesitate to contact your Talent Acquisition representative.
EEO & Employment Eligibility
Pfizer is committed to equal opportunity in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, disability or veteran status.  Pfizer also complies with all applicable national, state and local laws governing nondiscrimination in employment as well as work authorization and employment eligibility verification requirements of the Immigration and Nationality Act and IRCA.  Pfizer is an E-Verify employer.
Information & Business Tech #LI-PFE
Job Type: Full time