Senior Information Security Engineer

Sumitomo Pharma Co., Ltd. is a global pharmaceutical company with operations in the U.S. (Sumitomo Pharma America, Inc.) focused on oncology, urology, women’s health, rare diseases, cell & gene therapies, and CNS. For more information, visit our website.

Job Overview

Senior Information Security Engineer – Responsible for end‑to‑end management of the organization’s data loss prevention (DLP) program, e‑discovery processes, litigation hold administration, and records retention policies. Ensures protection, preservation, and defensible management of electronic information in compliance with legal, regulatory and business requirements.

Job Duties and Responsibilities

Data Loss Prevention (DLP)

• Develop, implement, and maintain DLP policies and controls to safeguard sensitive information from unauthorized access, misuse or leakage.
• Monitor network, endpoints, and cloud environments for potential data breaches and respond to DLP alerts.
• Collaborate with IT and Legal teams to configure, test, and optimize DLP solutions.
• Conduct risk assessments and vulnerability analyses related to data protection.
• Provide training and awareness programs for employees on DLP best practices.

E‑Discovery

• Manage the identification, preservation, collection, and processing of electronically stored information (ESI) for legal and regulatory matters.
• Coordinate with Legal, Compliance, and IT teams to execute discovery plans and ensure defensibility of collected data.
• Operate and maintain e‑discovery platforms and tools; apply search terms, filters, and deduplication techniques.
• Prepare documentation and reports for legal teams and regulators.

Litigation Holds

• Administer litigation hold processes, including issuing, tracking, and releasing holds in collaboration with Legal and Compliance.
• Notify affected employees and ensure acknowledgment of holds; monitor compliance with preservation requirements.
• Maintain accurate records of active and released holds; periodically review holds for relevance and necessity.
• Support legal teams in responding to discovery requests and audits.

Records Retention

• Develop and enforce records retention schedules and policies in accordance with regulatory and business requirements.
• Oversee the secure storage, retrieval, and disposal of records, both physical and electronic.
• Suspense routine deletion procedures when litigation, investigation, or regulatory events require preservation.
• Conduct periodic audits to ensure compliance with retention and disposal policies.

Key Core Competencies

• Attention to detail and commitment to compliance.
• Ability to manage multiple priorities and deadlines.
• Collaborative approach with Legal, IT, and Compliance teams.
• Problem‑solving and incident response skills.
• Ability to educate and influence at all levels of the organization.

Qualifications

• Bachelor’s degree in Information Systems, Computer Science, Legal Studies, or a related field.
• Relevant certifications (e.g., CEDS, CISSP, CISM) preferred.
• 6+ years of experience partnering with Legal or Compliance teams to ensure adherence to regulatory requirements and organizational policies, and 3+ years of experience in DLP, e‑discovery, records management, or information governance.
• Proficiency with DLP and e‑discovery tools (e.g., Microsoft DLP, Symantec, Relativity, Nuix).
• Excellent analytical, organizational, and communication skills.
• Strong understanding of data protection regulations (e.g., GDPR, HIPAA, CCPA) and legal hold protocols.

The base salary range for this role is $152,200 to $190,200. The total rewards package also includes merit‑based salary increases, a short incentive plan, eligibility for a 401(k) plan, medical, dental, vision, life and disability insurances, and a robust time‑off policy that includes flexible paid time off, 11 paid holidays, additional time off during the last week of December, and 80 hours of paid sick time upon hire and annually thereafter.

Sumitomo Pharma America (SMPA) is an Equal Employment Opportunity (EEO) employer. Qualified applicants will receive consideration for employment without regard to race, color, creed, religion, national origin, age, ancestry, nationality, marital, domestic partnership or civil union status; sex, gender, sexual orientation, disability, veteran or military status, domestic violence victim status, atypical cellular or blood trait; genetic information (including refusal to submit to genetic testing); or any other characteristic protected by law.