Otsuka America Pharmaceutical, Inc. (OAPI) is an innovative, fast-growing healthcare company that commercializes Otsuka-discovered and in-licensed products in the U.S. With a strong focus on neuroscience, oncology, cardio-renal and medical device, OAPI is dedicated to improving patient health and the quality of human life. OAPI is part of the Otsuka Group companies. For more information, visit
The Information Security Manager is responsible for ensuring the overall confidentiality, integrity and availability of the company’s U.S. data and systems. The Information Security Manager will report to the Information Security Officer (ISO) and help with maintaining, maturing, overseeing and ongoing management of the company’s U.S. information security program, including: policies, procedures, technical controls, security assessments and workforce training.
* Liaise with IT on the management of system technology to support information privacy and security requirements.
* Participate and partner with IT teams, providing cyber security input to the strategic and tactical planning; budget preparation; initiates and project planning and the appropriate and effective use of IT resources;
* Implement, manage and enforce information security objectives within regulatory mandates: including global, federal and any applicable state laws.
* Maintain compliance to company security policies and procedures, and work with the Privacy team to ensure alignment of privacy and information security policies, procedures and practices.
* Perform regular security risk assessments to ensure effectiveness of policies/procedures and technology security safeguards.
* Support the development, roll-out and review of cybersecurity training and awareness.
* Ensure ongoing integration of information security with business strategies, projects and day-to-day operations.
* Report metrics and project updates to the Information Security Officer.
* Lead incident response team activities, including providing the team with direction to contain, investigate, remediate and reduce risk for future incident and/or breaches.
* Liaise with third party security firms to conduct audits, security assessments and penetration testing.
* Stay current and build relationships with external parties to collect intelligence on emerging threats.
* Evaluate emerging technologies and security tools for the benefit of maturing and advancing the security program.
* Provide security oversight and expertise to the operational teams. Oversight includes monitoring and remediating security vulnerabilities, and threats to, platforms and IT infrastructure.
* Work with Legal and Procurement to provide guidance and technical expertise around contractual language needs and requirements.
* Serve as a participant and subject matter expert on the Privacy and Information Security Council.
Skills and Expertise Required:
* Bachelor’s degree (computer science preferred)
* 3 to 5 yrs. experience in information security, either operational, architectural or compliance role.
* Preferred experience in healthcare-related fields.
* Ability to build relationships with interpersonal and communication skills.
* High degree of integrity and trust, and ability to work independently.
* Excellent presentation and documentation skills.
* Proven ability to weigh business risk and enforce appropriate information security measures.
* Technical understanding for digital initiatives like: data analytics, cloud, artificial intelligence, internet of things.
* Working knowledge of security domains with the ability to translate into business risk.
* A progressive thinker who can solution a security problem.
* Strong knowledge and experience with NIST CSF, ISO27001, GDPR, and HIPAA
* One or more security certifications desired: CISSP, CISM, CISA or other relevant certifications