Director of Infomation Security

SOPHiA GENETICS combines deep expertise in life sciences with mathematical capabilities in data computing to create the future of AI-assisted Medicine.

We are looking for Director of information Security (Distinguished Information Security Engineer) to join our team! The Distinguished Information Security Engineer is a technical expert with an extensive knowledge of several security areas. They are responsible for protecting SOPHiA GENETICS from cyber threats and the implementation of the information security strategy in alignment with business objectives.

They are the owner of multiple key security domains/activities and their performance. They oversee all the technical initiatives in these areas as a tech lead and program manager.

Our platform is a one-of-a-kind globally distributed information system that brings together hospitals and labs to provide data ingestion and processing, analysis and modeling, reporting and intelligence, distribution and sharing of a multitude of complex sources of structured and unstructured data, including genomics, imaging, and clinical data, delivered as a multi-tenant SaaS platform on the cloud.

SOPHiA GENETICS (NASDAQ: SOPH)combines Data-Driven Medicine, Genomics and Radiomics, to ensure that the data used to help patients today will also benefit the patients of tomorrow.SOPHiA DDM™ Platformin supporting multimodal data-driven medicine.

WHAT CAN WE OFFER YOU

• The opportunity to support the design of the information systems architecture and its transformation to enhance company security posture, drive operational excellence and meet customers needs.
• To provide traction for the delivery of business critical projects by ensuring security risks are managed, requirements are integrated and preemptively removing potential security blockers.
• To be a key stakeholder for technical questions in the setup and maintenance of key partnerships, bio-pharma initiatives and customers relationship.

In all the activities above, one must leverage their understanding of the regulatory environment, the business, third parties and the company ecosystem to factor external requirements into technical inputs. They ensure all technical security iniatives are consistent, risk based and mapped with the business objectives. They prepare and provide a clear overview of status to internal stakeholders, both technical and non-technical.

Therefore, if you’re a dynamic, self-motivated professional who believes nothing is impossible, love to learn and be curious, we’d love to have you as part of our team!

Requirements

Security Architecture and Technical Advisory

• Design and transform the information systems architecture toward more security and in alignment company objectives (via POC, technology assessment, design review, solution implementation and a strong collaboration with IT and Architecture).
• Provide security expertise and advisory to ensure the delivery of business critical projects (testing, design review, advisory, Secure SDLC enforcement)
• Ensure security requirements are integrated and delivered.
• Perform risk assessment and steer risk treatment plans.
• Coordinate third party efforts (consultants, vendors) into a consistent strategy

Scope:

Microservices transition, authentication, RBAC, network segregation, data architecture, business continuity.

IT Security Program Management

• Oversee the deployment of a set of major technical projects of the cybersecurity roadmap supporting company risk remediations and strategic objectives.
• Serve as a tech lead and project owner in these initiatives.
• Coordinate technical resources to support these projects.
• Oversee partner/vendors relationships and performances.
• Maintain coherence between key projects and report on delivery and mapping to company goals.

Scope:Logging, Security Monitoring and IR managed service, Access Management and PAM, Secure Software Engineering and application security.

IT Security Officer

• Owner of several technical security domains, their performance and the management of the associated solutions.
• Responsible to communicate, enforce and review the performance of complex security controls toward experts and non-technical stakeholders.
• Subject Matter Expert for IT technical security controls compliance and discussing technical matters with partners and customers.
• Build and maintain the company threat model and technical risk management plan.
• Proactively challenges company security postures (via technical audit or pentests).
• Participate in major incident and vulnerability management events

Scope:Logging, Security Monitoring and IR managed service (SIEM), Access Management and PAM, Application Security

REQUIREMENTS

1. Education & Working experience

• Bachelor in Engineering, Information Technology or Security
• Minimum of 5 year in Information Security
• Certifications are a plus (OSCP, SSCP, CISSP)

• Management of the security of several domains (e.g. IAM, Security Monitoring, Network Security)
• Writing of process, policies, technical reports to the destination of experts of executives
• Information Security Risk Assessment expert
• Knowledge of security regulation, auditing, security standards, solutions and manufacturers
• Experience working within an information security compliant company (e.g. ISO 27001 or equivalent)

3. Competencies

• Excellent written and oral communication skill
• Great team-worker
• Passionate about Information Security
• Perfect common of English
• Proactive, rigorous, practical thinker
• Able to communicate and enforce Information Security good practices at a company level
• Knowledgable in many of the following domains:
• IAM / Security monitoring / penetration testing & audit / systems hardening / vulnerability management / security incident management / secure development / endpoint protection / security monitoring

Benefits

• A flexible, friendly and international working environment with a collaborative atmosphere
• An exciting company mission that brings together science and technology to directly impact the lives of patients with life threatening illness.
• A fast-growing company with plenty of opportunity for personal growth and development

• A hard technical challenge to solve with exciting modern technology - cloud computing, Big Data, DevOps, machine learning
• Competitive compensations and good benefits

Location: Rolle, Switzerland (ONSITE 3 days in the office)

Start: ASAP (or as agreed)

Contract type: permanent full-time