Position Summary

The Senior Investigations and Information Security Manager duties will involve managing internal investigations for the company. This individual will be crucial to develop and manage the internal investigations team to address data loss, cybersecurity malfeasance, and policy violation matters, among other duties. This manager will also oversee internal network/endpoint penetration testing in accordance with CASPT standards. This manager is expected to build, deploy, oversee, and report to the Information Security department any findings of ongoing penetration tests and recommended remediation activities. The manager is expected to know and understand compliance and regulatory standards such as SOX, SOC 2, HIPAA, GDPR, and NIST. As part of the Information Security team, this role requires working with diverse teams to develop solutions that address business requirements while adhering to best practices and innovative strategies. The role demands a mix of technical acumen, excellent organizational and analytical abilities, in-depth understanding of evidence handling and investigations, and a leadership mentality focused on addressing issues and enhancing procedures to achieve optimal business results.

Job Responsibilities

• Conduct internal investigations in compliance with corporate policies and all local/federal laws.

• Conduct internal continuous attack surface penetration tests (CASPT) to validate network security and provide continuous feedback and remediation recommendations to InfoSec and IT.

• Be on call as a first responder for significant incident response in accordance with corporate incident severity levels and the incident response plan.

• Work with various business units to ensure controls are adequate, appropriate, and effective.

• Perform job functions with respect to ongoing regulations and compliance frameworks such as SOX, SOC 2, HIPAA, GDPR, and NIST.

• Conduct regular security assessments, vulnerability assessments, and penetration testing.

• Skilled in analyzing system requirements for internal audit and regulatory compliance.

• Collaborate with cross-functional teams to integrate security best practices into the development lifecycle.

• Interface with global IT and business partners to provide guidance and support.

• Perform periodic gap assessments to validate compliance on an ongoing basis.

• Stay up to date and informed on developing regulatory concerns and changing IT and information security trends.

• Proficient in developing and reviewing Information Technology security program strategy, policy, and processes.

• Monitor and report on security and compliance metrics to key stakeholders.

• Provide guidance and coaching to team members on technical contributions, product architecture, and other areas.

• Maintain empathy for the team by keeping awareness of investigations/engineering processes and practices. Examples might include evaluating individual workflow during one on ones or conducting case reviews.

• Understands and practices agile information security incident remediation.

• Actively seek and hire Information Security talent.

• Manage a team of Investigators and Information Security Engineers.

• Conduct managerial interviews for candidates and train the team to do technical interviews.

• Contribute to the sense of psychological safety on your team.

• Hold regular 1:1s with all members of their team.

• Give regular and clear feedback about the individual's performance.

• Foster technical decision making on the team but make final decisions when necessary.

Required Qualifications

• Bachelors degree and minimum of 5+ years of experience in Investigations.

• Minimum of 5+ years of experience in information security/cybersecurity.

• Practical experience with physical and network security.

• Significant experience handling physical and digital evidence.

• Forensic examiner certifications.

• Experience in conducting/managing cyber incident table top exercises and reporting findings to executive management.

• Hands-on experience with building, deploying, and optimizing virtual network interfaces for enhanced group efficiency.

• Experience leading a diverse workforce across an in-person and remote environment.

• Excellent analytical and problem-solving skills with the ability to troubleshoot and solve for complex issues.

• Self-starter collaborative mindset with the ability to work effectively and efficiently in a fast-paced dynamic environment and adaptability to balance changing and competing priorities.

• Ability to effectively communicate technical concepts to non-technical audiences.

• Exceptional communication skills and strong team collaboration abilities.

• Conditions of Employment: Individuals must successfully complete pre-employment process, which includes criminal background check, drug screening, and reference verification.​

​​ ​ Preferred Qualifications

• Master’s degree in Cybersecurity / Information Security Engineering or equivalent.

• Law enforcement experience (local and federal)

• Experience working in or with the Healthcare industry.

• Demonstrated curiosity to learn and apply new tools through automation.

• Highly self-motivated with strong attention to detail.

• Ability to manage multiple tasks, prioritize, and meet deadlines.

• Knowledge of NIST Security Framework.

Training

• All job specific, safety, and compliance training are assigned based on the job functions associated with this employee.

Physical Demands

• Must possess ability to sit, stand, and/or work at a computer for long periods of time.

• Ability to work extended hours during implementations and on-call rotations.

Other

• Job may require after-hours response to emergency issues.

• Periodically scheduled on-call may require after-hours response for technical emergencies not explicitly related to assigned job responsibilities.

• Other duties as assigned.

This job description reflects management’s assignment of essential functions. Nothing in this job description restricts management’s right to assign or reassign duties and responsibilities to this job at any time.

Caris Life Sciences is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, gender, gender identity, sexual orientation, age, status as a protected veteran, among other things, or status as a qualified individual with disability.

Caris Life Sciences is a leading innovator in molecular science and artificial intelligence focused on fulfilling the promise of precision medicine through quality and innovation.

Caris is committed to quality and excellence at our state-of-the-art laboratories. Learn more about our tissue lab and the advanced technologies that are helping improve the lives of cancer patients.