Job Description

We are seeking a seasoned technical privacy specialist to join our Information Security and Cyber Resilience team. We engage proactively with our business colleagues to truly understand them and to deliver results for our company and for patients. If you thrive in a fast-paced, hands-on, and team-oriented environment where you can have a big impact on the organization, we’d love to talk to you!

The individual in this position will primarily support the Data Technology and Engineering (DTE) Privacy Lead within the Cyber Risk Management and Governance team in representing the Privacy Office, translating policy and privacy standards into requirements within our technical environments. This role will act as a technical subject matter expert on all elements related to data privacy protection and risk mitigation, within the world of DTE, and will also participate in configuring integrations between privacy technologies and other information systems, as well as configuring and testing cookie consent on Vertex’s many online properties.

As part of this role, this individual will work with colleagues across DTE on building data protection and security principles into the implementation of new projects and initiatives as well as the development of compliant systems and processes. Sitting within the Information Security group, this role will help drive Vertex’s information security strategy and Target State Vision, with the necessary principles and capabilities to make Privacy by Design and Security by Design common practices. It’s a small and growing team where you’ll get experience working on a broad range of projects.

This position is a global role reporting to the Cyber Risk Management and Governance Director with a dotted line to the DTE Privacy Lead and will be based in Vertex’s global headquarters in Boston, Massachusetts. Fully remote and flex options are available to the right candidate.

The designation on this role is Hybrid - meaning three days a week onsite in our Boston office.

Key Responsibilities

• Partnering with DTE and business owners to provide advisory and consulting services around information security and data privacy to drive risk mitigation;
• Assessing current software and systems, as well as partner and vendor services, for compliance with security and data protection principles and recommending changes and new technologies to help mitigate vulnerabilities and prevent potential future risks;
• Defining and implementing risk-based solutions to ensure Privacy by Design and Security by Design are adequately embedded in technical projects and systems across the company;
• Assisting the DTE Third Party Assessment team in the assessment and revision of vendor management processes to ensure that third parties are appropriately vetted prior to engagement;
• Configuring, testing, and maintaining cookie consent technology on Vertex’s 100+ websites and apps;
• Configuring integrations between privacy technologies and other technical systems; assisting other Information Security teams as necessary in appropriate integrations for Security and Data Protection;
• Assisting the DTE Privacy Lead and Cyber Risk Management and Governance Director with training and awareness campaigns, particularly with a focus on system security and data protection initiatives;
• Supporting the work of the Cyber Risk and Governance team in maintaining effective processes and controls across our computing environment;
• Assisting the Privacy Office by responding to requests from data subjects to exercise their rights, as needed;
• Providing forensics and technical assistance for any suspected personal data incidents, working with the DTE Privacy Lead and Privacy Office;
• Participating in Information Security and Cyber Resilience team and Privacy Office team meetings;
• Advising on data anonymization, pseudonymization and encryption techniques to develop systems that preserve and improve privacy protections; and
• Working with the DTE Privacy Lead, the Privacy Office, and the Internal Audit function to conduct regular privacy assessments of operational processes, identifying, and mitigating risks across the company.

Qualifications

• BS or MS degree in computer science, computer engineering, information systems, privacy engineering, information security or related field of study; or equivalent professional experience.
• 5 years' experience in information security (preferably focusing on privacy/data protection) or a graduate degree or concentration in privacy engineering
• 3 years' experience configuring integrations leveraging RESTful APIs, OAuth 2.0, and related tooling
• IAPP privacy certifications (CIPT, AIGP, CIPP, or CIPM)
• CISSP or similar security certification
• Technical experience with OneTrust
• Understanding of the principles of information protection and system security practices
• Understanding of best practices in data handling and Privacy by Design
• Familiarity with relevant data protection and information security regulatory requirements
• Experience conducting third party risk assessments
• Experience configuring RESTful API integrations
• Knowledge of data anonymization and cryptographic techniques
• Experience in incident response
• Demonstrated working knowledge of software engineering fundamentals
• Data literacy and forensics
• Attention to detail and accuracy
• Ability to prioritize and complete daily workload and projects with minimal supervision
• Demonstrated teamwork and collaboration skills
• Highly motivated to contribute and grow within a complex area of emerging importance

Pay Range:

Disclosure Statement:

Flex Designation:

Flex Eligibility Status:

In this Remote-Eligible role, you can choose to be designated as:
1. Remote: work remotely five days per week and come into the office on occasion – you’re always welcome on-site; or select
2. Hybrid: work remotely up to two days per week; or select
3. On-Site: work five days per week on-site with ad hoc flexibility.

Note: The Flex status for this position is subject to Vertex’s Policy on Flex @ Vertex Program and may be changed at any time.

Company Information

Vertex is a global biotechnology company that invests in scientific innovation.

Vertex is committed to equal employment opportunity and non-discrimination for all employees and qualified applicants without regard to a person's race, color, sex, gender identity or expression, age, religion, national origin, ancestry, ethnicity, disability, veteran status, genetic information, sexual orientation, marital status, or any characteristic protected under applicable law. Vertex is an E-Verify Employer in the United States. Vertex will make reasonable accommodations for qualified individuals with known disabilities, in accordance with applicable law.

Any applicant requiring an accommodation in connection with the hiring process and/or to perform the essential functions of the position for which the applicant has applied should make a request to the recruiter or hiring manager, or contact Talent Acquisition at ApplicationAssistance@vrtx.com