Security Officer – Cyber Compliance

Location Redwood City, CA
Date Posted September 8, 2019
Category Default
Job Type Full-time


Company Description  

Guardant Health is a leading precision oncology company focused on helping conquer cancer globally through use of its proprietary blood tests, vast data sets and advanced analytics.  Its Guardant Health Oncology Platform is designed to leverage its capabilities in technology, clinical development, regulatory and reimbursement to drive commercial adoption, improve patient clinical outcomes and lower healthcare costs.  In pursuit of its goal to manage cancer across all stages of the disease, Guardant Health has launched multiple liquid biopsy-based tests, Guardant360 and GuardantOMNI, for advanced stage cancer patients, which fuel its LUNAR development programs for recurrence and early detection. Since its launch in 2014, Guardant360 has been used by more than 6,000 oncologists, over 50 biopharmaceutical companies and all 27 of the National Comprehensive Cancer Network centers.

Job Description  

We take the approach of “Security and Compliance by Design”—we build security and compliance into every element of our organization and day-to-day processes.

You will be a key part of that approach and serve with the Privacy Officer as the organization’s point person for the protection of personal data, such as employee data and Protected Health Information (PHI), as well as human genomic data. You will help conceptualize, design, implement, and audit organization-wide data security policies as part of our governance, risk, and compliance activities. You will have responsibility for periodic risk assessments, policy enforcement, and security awareness and training, in addition to having an important role in incident response and in responding to any inquiries regarding our data security program, processes, and practices.

Essential Duties and Responsibilities:

  • Advise the Compliance Officer, Management and the Board of Directors on information security risks and the current status of the information security program
  • Oversee the monitoring of information technology assets for potential malicious activity and triage alerts accordingly
  • Work with all business functions to understand current security risks and compliance requirements, develop a long term corporate strategy for these areas, present the strategy to executives and gain support
  • Conduct or oversee periodic risk assessments to proactively identify and quantify risks to the confidentiality, integrity, and availability of ePHI and other sensitive or critical data
  • Design and oversee implementation of risk management plans in response to the periodic risk assessments to reduce identified risks to acceptable levels
  • Formulate security policies and practices which comply with HIPAA, including its technical, administrative, and physical safeguards for ePHI, as well as other relevant laws and regulations
  • Promote enterprise-wide security awareness, including by designing and presenting comprehensive data security trainings for workforce members, as well as tailored programs for those with access to particularly sensitive data or systems
  • Regularly audit effectiveness of the organization’s information security controls and implement improvements where necessary
  • Monitor and provide input into the Secure Product Development Lifecycle and help ensure that Information Security requirements/controls can be embedded within the product development process
  • Evaluate the impact of technical and operational changes to the organization on information security and assist with designing and implementing controls to address any risks that arise from such changes
  • Implement and oversee audit controls to monitor employee and third-party access to systems or data held by the organization
  • In collaboration with the Privacy team, periodically evaluate compliance with HIPAA and other applicable information security laws through both technical means, such as overseeing vulnerability scanning and penetration testing, and non-technical means, such as periodic review of policies and procedures for compliance with current law
  • Support the organization’s efforts to obtain and maintain data security certifications and align with leading security frameworks and standards
  • Oversee the organization’s efforts to acquire threat intelligence and address potential future threats
  • With the Chief Compliance Officer and Privacy Officer, coordinate the organization’s response to security incidents, including submitting required disclosures or notifications
  • Support security-related diligence and oversight of the company’s service providers and vendors, including HIPAA-covered Business Associates
  • Maintain current working knowledge of legal and regulatory developments in health data security and update the organization’s policies and practices, as appropriate
  • Develop a process for receiving, investigating, and tactfully responding to reports of employee noncompliance with security policies
  • Support the Chief Compliance Officer with responding to security-related audits or investigations related to the organization’s compliance with HIPAA, GDPR, and other applicable laws and relevant security requirements
  • Where necessary, provide clear technical advice to senior executives, as well as compliance and governance committees
  • Manage and train information security staff to ensure that the information security team is capable of adequately addressing risks to the confidentiality, integrity, and availability of data and systems


  • 6+ years of experience in Information Security and/or Compliance roles demonstrating increasing responsibilities over time; 2+ years  experience in senior leadership role
  • Passion for building Information Security and Compliance into day-to-day processes across a complex organization, and a track record of success in doing so
  • Detailed knowledge of the HIPAA Security Rule and its intricacies—as well as relevant state and international health data security laws—is required, in addition to familiarity with Information Security frameworks and standards
  • Demonstrated ability to tackle technical problems, drive a solution from conception to birth, lead cross-functional collaborations, and communicate technical and non-technical information across multiple functions and levels
  • Background in IT and cybersecurity is [preferred / a plus], such as a Bachelor’s degree in Computer Science, Engineering, or related discipline, or relevant industry certifications, such as CISSP or equivalent
  • Experience in the Healthcare or other Life Sciences industries is strongly preferred

Additional Information  

All your information will be kept confidential according to EEO guidelines.

#preventivemedicine #team #cancer #clinicaltrial #cancertreatment #hematology #cancertherapy #NGS 
#GuardantHealth #PatientFirst #LiquidBiopsy #LUNAR #Eclipse #RealWorldEvidence #CDx #CompanionDiagnostics #biojobs #biotechjobs #biotechcareers #biocareers #pharmajobs #oncologyjobs #biotechbay #LI-CS1

Drop files here browse files ...