Senior Director, Systems and Security

PhRMA • Washington, DC, US • $141.10k - $197.60k / year • 4d ago

As Senior Director of Systems and Security at the Pharmaceutical Research Manufacturers of America (PhRMA), you will oversee the architecture and ongoing management of our cloud-based and on-premises IT infrastructure, focusing on optimization and data protection within a Microsoft-based environment. Reporting to the Chief Information Officer (CIO) and leading a team of 3 engineers, you’ll drive strategies that improve our use of Microsoft 365 and defend PhRMA’s critical healthcare policy work against cyber threats.

PhRMA represents the leading biopharmaceutical companies in the United States, functioning as an association that advocates on behalf of its members to advance policies that drive patient-centered progress in innovation, affordability, and access to health care across the country. You’ll have the resources you need to secure and enhance the IT systems that underpin our high-profile work.

Working closely with the CIO, you’ll immediately begin refining our infrastructure, analyzing current tools and identifying opportunities to integrate and migrate tools, strengthen security, reduce redundancy, manage shadow IT risk, and standardize system use to meet the needs of stakeholders across the organization. You’ll lead your team in developing incident response strategies, defining roles and workflows to keep PhRMA’s systems safe against current and future threats. You’ll also collaborate with the End-User Support (EUS) team to provide advanced support, manage Microsoft 365 systems, and develop policies that foster greater security awareness among staff with user-friendly protocols that protect without hindering productivity.

How You’ll Make an Impact

You’ll not only manage the backbone of Microsoft 365 services but also safeguard PhRMA’s critical IT infrastructure and help shape a security-first culture that empowers staff to make informed, safe choices without compromising efficiency. By building scalable processes and keeping teams informed on emerging technologies and threats, you’ll ensure PhRMA can embrace advancements in systems technology while guarding against risk.

Work Environment, Salary, and Benefits

You’ll enjoy a hybrid work environment with 3 days in-office weekly at our Washington, DC, headquarters. As an organization, we work remotely on Mondays and Fridays and together in the office on Tuesdays through Thursdays. We all work remotely in August.
The budgeted salary range for this position is $141,100 – $197,600 with bonus potential.
PhRMA offers exceptional benefits, including medical, dental, and vision insurance; flexible spending accounts; life, AD&D, LTD, STD, and LTC insurance; parental leave; a well-being program; an on-site fitness facility; back-up care; an employee assistance program; and pre-tax commuting benefits. We also offer a 401k plan with employer contributions starting on the first day of hire and immediate vesting. Additional perks include generous paid time off, ten paid holidays (plus Inauguration Day), half-day Fridays preceding holidays, half-day Fridays in the summer months, and a paid winter break.
We are committed to the growth and development of our team members and offer many learning opportunities, including an integrated onboarding program, best-in-class leadership programming, tuition reimbursement, industry on-site and off-site training, and other management/professional development programs.

Responsibilities

Cloud Infrastructure and Microsoft Services Management

Lead cloud infrastructure implementation, management, and security, focusing on Microsoft technologies.
Oversee Microsoft 365, Entra (Azure AD), Exchange, Intune, Defender, and Purview operations and development. Present ideas to improve Microsoft 365 usage by evaluating new tools and features.
Drive initiatives using Microsoft Enterprise Mobility and Security (EMS) features, including:
Cloud identity governance through Identity and Access Management (IAM), Privileged Identity Management (PIM), and Role-Based Access Control (RBAC).
Integration of identity providers and applications via protocols like SAML 2.0 and OAuth, alongside Multi-Factor Authentication (MFA).
Information governance, including eDiscovery, Information Rights Management (IRM), Data Loss Prevention (DLP), and Data Retention Policies (DRP).
Mobile Device Management (MDM) via Intune.
Advanced Threat Protection (APT) for endpoint security.

Security Monitoring, Incident Response, and Enhancements

Working with the CIO, expand PhRMA’s security controls and consolidate existing tools.
Manage information security training and testing (using KnowBe4).
Monitor and respond to security alerts, addressing external security review findings promptly.
Review and resolve the infrastructure security backlog.
Maintain and improve back-up procedures and DNS records.

System Optimization and Technical Support

Conduct system reviews and make adjustments for optimal performance.
Manage advanced troubleshooting and contract performance for current systems.
Track projects and tasks on a Kanban board for effective project management.
Implement new projects, occasionally working with external consultants.
Define and communicate clear support boundaries with the EUS team, empowering them to resolve more incidents independently and establishing them as a backup for specific tasks (e.g., A/V).
Occasionally perform after-hours or weekend maintenance, upgrades, or emergency response.

Team Leadership

Provide strategic direction and leadership to your team, fostering a culture of continuous improvement and technical excellence. Mentor and develop team members to enhance their technical skills and expand their roles within the organization.
Address staffing needs and performance management, ensuring the team structure aligns with operational and strategic goals.

Qualifications

Bachelor’s degree or equivalent knowledge and experience.
8+ years of progressive IT experience, demonstrating the ability to solve complex problems, manage multiple projects and deadlines, and adapt to evolving technologies.
Expertise in Entra (Azure AD) as an identity provider (IDP) and its integration with other systems.
Hands-on experience with Microsoft 365, including advanced configuration and troubleshooting of Exchange and Defender.
In-depth knowledge of Microsoft Azure architecture and services, including diagnostics and problem resolution.
Experience with Microsoft EMS, covering identity governance, endpoint security, MFA, and threat management.
Familiarity with native security tools like Secure Score, Azure Security Center, and the Microsoft Security and Compliance Center for reporting and environment hardening.
Customer service orientation with excellent communication skills with the ability to explain technical concepts to non-technical audiences.
Experience with Proofpoint and CrowdStrike.
Familiarity with Cloud Access Security Broker (CASB) products, preferably Microsoft Cloud App Security.
Microsoft certifications such as MCSA, MCSE, Azure Administrator, Azure Security Engineer, or Solutions Architect.
Proficiency with PowerShell scripting.

About PhRMA

The Pharmaceutical Research and Manufacturers of America (PhRMA) represents the country’s leading innovative biopharmaceutical research companies, which are laser focused on developing innovative medicines that transform lives and create a healthier world. Together, we are fighting for solutions to ensure patients can access and afford medicines that prevent, treat and cure disease. Over the last decade, PhRMA member companies have invested more than $900 billion in the search for new treatments and cures, and they support nearly five million jobs in the United States.

Staffing Advisors is committed to reducing bias in every aspect of the hiring process. We have long recommended a competency-driven approach to hiring. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, veteran status, or any other basis protected by law. We encourage you to apply even if your experience is not a 100% match with the position description; we will consider people from a variety of backgrounds and career experiences.