U.S. Pharmacopeial Convention Jobs

Job Information

The U.S. Pharmacopeial Convention (USP) Senior Manager, IT Security in Rockville, Maryland

Senior Manager, IT Security

Tracking Code


Job Description

Summary of the Position

The Senior Manager, IT Security serves as a senior technical and enterprise cyber security professional responsible for developing information security policy, introducing security best practices, and auditing information security compliance. The incumbent’s main responsibilities are developing and executing enterprise cyber security risk mitigation plan, designing and building the security architecture and operations functions, taking inventory of information types, classifying each by security risk, establishing an enterprise security framework through policy, architecture, and training processes and evaluating. This also includes selecting and implementing appropriate security solutions and leading efforts to assess vulnerability and risk. The position is expected to interface with USP staff to share the IT enterprise security vision and to solicit their involvement in achieving higher levels of enterprise security through information sharing, education, and co-operative work assignments.

Roles and Responsibilities

  • Develops and executes USP’s enterprise cyber security risk mitigation plan

  • Maintains up-to-date assessment of USP’s information assets and their corresponding security requirements.

  • Lead the development and maintenance of the enterprise’s security architecture design

  • Oversee our 24x7 information security operations

  • Be an escalation point during information security incidents and see issues through to resolution while ensuring appropriate involvement across teams

  • Assists in the development and maintenance of the enterprise’s security awareness training program

  • Develop and maintain the enterprise’s security documents (policies, standards, guidelines, and procedures)

  • Maintains up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes, and the development of new attacks and security threats and advise IT management of these findings to continuously improve IT’s security program.

  • Selects and acquires additional security solutions or enhancements to existing security solutions to improve overall enterprise security as per IT’s existing project management and procurement processes.

  • Oversees the deployment, integration, and initial configuration of all new security solutions and any enhancements to existing security solutions in accordance with standard operating procedures generically and the enterprise’s security policies specifically.

  • Ensures the confidentiality, integrity, security, and availability of the data residing on or transmitted to/from/through enterprise workstations, servers, application systems, databases, and other data repositories through either LAN/WAN/Cloud services.

  • Leads the enforcement of enterprise security policies and procedures.

  • Leads and documents all security event investigations and provide on-going communication with senior management describing the root cause and the status of the activity employed to close the investigation.

  • Leads the design and execution of vulnerability assessments, penetration tests, and security audits. Documents the findings of these activities showing which areas have “passed” as well as any non-conformities and/or failures along with their corrective actions.

  • Performs regular security awareness training for IT staff to ensure consistently high levels of compliance with IT security policies.

  • Understands and implements security controls for USP’s Enterprise Resource Planning system and other systems containing financial data to help ensure successful external audits

  • Engages in ongoing communications with USP staff and executive leadership to ensure enterprise wide understanding of security goals, to solicit feedback, and to foster cooperation.

Basic Qualifications

  • Bachelor’s degree in Information Technology or a relevant field required

  • 8-10 years of experience in IT security for a mid-large size organization

  • 5 years supervisory experience

  • Must have at least one of the following active Certifications: CISA, CISM, CISSP or CFE

  • Experience in leading projects involving the implementation of security solutions

  • Experience implementing security controls for information systems

  • Experience handling multiple projects simultaneously in a dynamic, deadline-oriented environment with ability to reach decisions in a timely manner

Preferred Qualifications

  • GCIH, GCIA, GMON certifications preferred

  • Extensive experience in enterprise security documentation creation

  • Extensive experience in designing and delivering employee security awareness training

  • Proficiency at the command line for both Linux and Windows environments

  • Proficiency with scripting in one or more of the following: PowerShell, Python, bash

  • Proficiency with vulnerability scanning tools such as Nessus

  • Proficiency with Intrusion Detection Systems such as Snort or Suricata

  • Experience supporting Security Onion deployments

  • Proficiency with automating Splunk infrastructure configurations and advanced level Splunk Dashboarding, Index-time and Search-time data parsing

  • Proficiency with firewall technologies such as Palo Alto or Cisco ASAs

  • Experience with performing packet captures and analysis using tools such as Wireshark or NetFlow

  • Experience in performing data analysis using tools such as Splunk or Elasticsearch/Kibana

  • Experience with the NIST Cybersecurity Framework (CSF), the CIS Critical Security Controls, the Mitre ATT&CK framework, and similar security resources

  • Excellent communication skills

  • Problem solving skills and the ability to work under pressure

  • Ability to produce quality documents, procedures, reports, and other written documentation

  • Familiarity with web related technologies (Web applications, Web Services and of network/web related protocols

  • Demonstrated analytical skills to critically evaluate the information gathered from multiple sources, reconcile conflicts, decompose high-level information into details, abstract up from detailed information to a more general understanding

Supervisory Responsibilities

1 Senior Security Engineer

1 Security Engineer

USP offers an impressive benefits package , including:

  • Generous paid time off – 13 paid holidays, 10 sick days and 15 vacation days per year to start

  • An annual 401(k) contribution, beginning after 1 year of service, of 10% of pay (base and bonus) every pay period that vests immediately

  • Comprehensive individual and family healthcare plans with affordable premiums and low annual deductibles ($250/individual or $500/family)

The U.S. Pharmacopeial Convention (USP) is a scientific nonprofit organization that sets standards for the identity, strength, quality, and purity of medicines, food ingredients, and dietary supplements manufactured, distributed and consumed worldwide. USP’s drug standards are enforceable in the United States by the Food and Drug Administration, and these standards are used in more than 140 countries.

Being a part of USP means belonging to a diverse culture made up of more than 1,000 talented professionals working together at five international locations. We share our expertise in science, IT, human resources, quality assurance, communications, administrative management, and more...all to support an overall mission dedicated to making a difference by providing standards and programs that help improve the quality of medicines, dietary supplements, and foods worldwide.

USP is proud to be an equal employment opportunity employer (EEOE) and affirmative action employer. Employment selection and related decisions are made without regard to sex, race, age, disability, religion, national origin, color, veteran status, sexual orientation, gender identity or any other protected class. We are committed to working with and providing reasonable accommodation to individuals with disabilities.

USP does not accept unsolicited resumes from 3rd party recruitment agencies and is not responsible for fees from recruiters or other agencies except under specific written agreement with USP.

Job Location

Rockville, Maryland, United States

Position Type


Job Category Information Technology