Lead Information Security Engineer

About Sumitomo Pharma Co., Ltd.

Sumitomo Pharma Co., Ltd. is a global pharmaceutical company based in Japan, dedicated to addressing patient needs across various therapeutic areas, including oncology, urology, women's health, rare diseases, cell & gene therapies, and CNS. With a portfolio of marketed products and a robust pipeline, we are committed to accelerating research and development to deliver innovative therapies to patients. To learn more about us, please visit our website or follow us on LinkedIn.

Job Overview

We are seeking a highly motivated and experienced individual for the position of Lead Information Security Engineer. In this role, you will take charge of the full lifecycle management of our data loss prevention (DLP) program, e-discovery processes, litigation hold administration, and records retention policies. Your expertise will help ensure the secure and compliant management of electronic information in alignment with legal, regulatory, and business obligations.

Key Responsibilities

Data Loss Prevention (DLP)

• Establish and uphold DLP policies to protect sensitive data from unauthorized access and leaks.
• Monitor our network, endpoints, and cloud environments for data breach incidents while effectively responding to DLP alerts.
• Collaborate closely with IT and Legal teams to implement and refine DLP solutions.
• Conduct thorough risk assessments and vulnerability analyses regarding data protection strategies.
• Lead employee training initiatives on DLP best practices.

E-Discovery

• Oversee the identification, preservation, collection, and processing of electronically stored information (ESI) for legal and regulatory inquiries.
• Work in synergy with Legal, Compliance, and IT teams to execute effective discovery plans with assured defensibility.
• Manage e-discovery platforms and tools, applying relevant search terms and filters.
• Compile and present documentation and reports for legal teams and regulatory bodies.

Litigation Holds

• Oversee litigation hold processes, including issuing, tracking, and lifting holds in partnership with Legal and Compliance.
• Inform affected employees about holds and ensure understanding and compliance with preservation mandates.
• Maintain precise records of active and resolved holds and periodically reassess their relevance.
• Assist legal teams in responding to discovery requests and audits.

Records Retention

• Develop and implement records retention schedules and policies to comply with business and regulatory standards.
• Manage the secure storage, retrieval, and disposal of both physical and electronic records.
• Temporarily halt deletion processes when litigation or government investigations dictate preservation.
• Conduct regular audits to ensure adherence to retention and disposal protocols.

Essential Qualities

• Strong attention to detail and a deep commitment to compliance.
• Ability to effectively manage multiple priorities and meet deadlines.
• Collaborative skills to work with Legal, IT, and Compliance teams.
• Proficient problem-solving and incident response capabilities.
• Capacity to educate and influence stakeholders at all levels of the organization.

Qualifications

• Bachelor's degree in Information Systems, Computer Science, Legal Studies, or a related field.
• Relevant certifications (e.g., CEDS, CISSP, CISM) are preferred.
• Minimum 6 years of experience working with Legal or Compliance teams to uphold regulatory standards, alongside at least 3 years in DLP, e-discovery, records management, or information governance.
• Proficient in DLP and e-discovery tools such as Microsoft DLP, Symantec, Relativity, or Nuix.
• Exceptional analytical, organizational, and communication abilities.
• Strong knowledge of data protection regulations such as GDPR, HIPAA, and CCPA, along with familiarity with legal hold procedures.

Compensation and Benefits

The base salary range for this role is $152,200 to $190,200. The salary is part of our comprehensive rewards package, including merit-based pay increases, short-term incentive opportunities, 401(k) eligibility, and various health insurance options. Our generous time-off policies provide flexibility with paid time off, 11 paid holidays, and a designated shut-down period in late December, along with 80 hours of sick leave upon hire, replenished annually. Total compensation may vary based on unique candidate factors, including experience, skills, and education.

Confidential Data

All information encountered by employees is considered confidential and must be treated as such.

Compliance

Maintain compliance with all applicable regulatory and operational standards, ensuring all activities conducted on behalf of Sumitomo Pharma America (SMPA) are executed with best practices and high ethical standards.

This role requires working in a fast-paced environment with multiple demands, necessitating sound judgment and a high level of initiative and autonomy. Excellent written and verbal communication skills are essential, as well as the ability to work on a computer for extended periods.

Sumitomo Pharma America (SMPA) is an Equal Employment Opportunity (EEO) employer.

Qualified applicants will be considered for employment without regard to race, color, creed, religion, national origin, age, ancestry, marital status, sex, gender identity, sexual orientation, disability, veteran status, or any other characteristic protected by law.

Sumitomo Pharma America strives to ensure that our application process is accessible to everyone. If you require assistance in the application process, please contact us at the designated email address provided for accommodation requests only.

SMPA may use Artificial Intelligence (AI) in the job application process to assist in application evaluations. By submitting your information, you acknowledge the possible use of AI in our hiring process.

At Sumitomo Pharma America, we are guided by our mission to create value through innovative research and development for the betterment of healthcare and the improvement of people's lives globally.