Information Security Director jobs in Hayward, CA

Dynavax is a commercial-stage biopharmaceutical company developing and commercializing novel vaccines to help protect the world against infectious diseases. We operate with the highest level of quality, integrity and safety for the betterment of public health. Our proprietary CpG 1018 adjuvant powers our diversified infectious vaccine portfolio, which includes HEPLISAV-B®, our commercial product approved in the U.S. and the European Union, for prevention of hepatitis B virus in adults. We also supply CpG 1018 to research collaborations and partnerships globally. Currently, CpG 1018 is being used in development of COVID-19, plague, shingles, and Tdap vaccines. 

At Dynavax, our vision and work ethic are guided by the collective ideals underpinning our core values, and these form the basis of our dynamic company culture. We strive to maintain a culture where each employee is valued by the organization and where our organization is valued by each employee. We offer a highly flexible work environment for our headquarter employees where individuals work remotely and gather for in-person meetings when necessary.  Dynavax is headquartered in the San Francisco Bay area, and our manufacturing facility is in Düsseldorf, Germany.  

The primary responsibilities of this position are to: (i) manage and maintain existing security tools and infrastructure within the Dynavax global network and infrastructure; (ii) evaluate, develop, and implement new security policies and procedures; (iii) conduct security assessments and vulnerability scans to identify and mitigate security risks; (iv) work closely with the Dynavax IT teams to resolve identified issues, strengthen security posture for users and systems, and develop playbooks related to system management in a regulated environment (v) respond to security incidents and breaches in a timely and effective manner, (vi) protect company assets, and ensure data integrity.

• Strategy and Design:
• Work closely with the Senior Director, IT Infrastructure & Security to plan and design information security policies in alignment with industry best practices.
• Partner with the business to evaluate needs and align the information security roadmap accordingly.
• Ensuring regulatory compliance is aligned with industry best practices and standards, including ongoing security assessments and responses, identity and authentication services, as well as vulnerability and patch management practices.

• Partner with the global IT Infrastructure team to review, develop, and maintain IT infrastructure and security services to agreed-upon service levels.
• Identify, assess, and remediate security vulnerabilities identified during scans and audits.
• Manage and maintain security infrastructure, tools and technologies, including firewalls, IPS/IDS, SIEM, and EDR platforms.
• Ensure all endpoints are updated per patch management policies and procedures.
• Work with the business on the development and revision of security controls, policies, and procedures to manage IT security, and incident response.

• Minimum of 8 years actively engaged in the field of information security.
• Minimum of 5 years of experience in Fortinet, Cisco, and Dell networking environments.
• Hands-on experience in tuning IPS/IDS, EDR, SIEM intelligence for improved relevancy and noise reduction.
• Certifications in network security, such as CISSP, CISM, CISA, OSCP, or GSEC is highly desirable.
• Strong understanding of network security concepts and technologies, such as firewalls, intrusion detection systems, intrusion prevention systems, and encryption.
• Hands-on experience in the configuration and monitoring of FortGate firewalls.
• Hands-on experience developing security for Microsoft 365 (native or hybrid), Azure, and AWS.
• Experience with security incident response and vulnerability management, including solid understanding of various techniques used to exploit identified vulnerabilities.
• Well-versed in standard security tools such as Wireshark, NMAP, Nessus, OpenVAS, Nikto, Metasploit, etc.
• Working knowledge of OWASP Top 10 best practices.
• Must be comfortable in a mixed operating environment (Windows and Linux), including vulnerability remediation.
• Experience working in a regulated environment (e.g., biotech, healthcare, banking). FDA GxP experience is beneficial.
• Ability to work independently on complex, time-critical tasks.
• Strong communication skills with the ability to simplify complex security related concepts for presenting to broad teams.
• Experience guiding 3rd party SOC teams to jointly maintain organizational security.
• Familiarity with GDPR, CCPA, and other privacy laws.
• Familiarity with NIST 800-53 and/or ISO 27001
• Must be a motivated self-starter, and continually increase knowledge related to information security.
• Ability to sit; stand; walk; reach with arms and hands; lift and move small objects; and use hands to keyboard and perform other office related tasks including repetitive movement of the wrists, hands and/or fingers.
• Occasional travel required, as needed.

• The estimated salary range for this position is $149,000 to $166,000.  Final pay determinations may depend on various factors, including, but not limited to experience level, education, geographical location, knowledge, skills, and abilities. The total compensation package for this position also includes other compensation elements such as stock equity awards and participation in our Company’s discretionary annual bonus program. Dynavax also offers a full range of health and welfare insurance benefits, 401(k) company match, and paid time off benefits, including 17 paid holidays in 2024. 

#LI-REMOTE

Please click the link below to view the Dynavax Privacy Notice:

 https://www.dynavax.com/privacy-notice/

Dynavax is an equal opportunity employer & prohibits unlawful discrimination based on race, color, religion, gender, sexual orientation, gender identity/expression, national origin/ancestry, age, disability, marital & veteran status.