IT security expert

• Provide governance/risk advice and ensure IT project risks are managed in line with ISRM strategy, the policy framework, laws and regulations and outstanding industry standards.

• Ensure monitoring of information risk and proactive mitigation of issues.

• Maintain strong knowledge of internal controls and internal risk and control frameworks/standards or the Information Management Policy Framework

• Ensure information assets (including Crown Jewels) are adequately and appropriately secured by working with security SMEs in deploying appropriate security measures; and identified vulnerabilities are analyzed, prioritized, and treated for in-scope applications in operations

• Manage communication and collaboration with the Service Delivery Teams, advise them on information security, IT compliance and / or information risk management matters.

• Strengthen role, accountability, and responsibility of ISRM is known and understood. Vice versa, establish clear accountability of the “first layer of defence” with IT and business, such that security and IT compliance accountability is not abdicated to ISRM (which should have a “2nd layer of defence” role)

• Continuously support risk-based treatment of threats, gaps, vulnerabilities, and risks in the Service Delivery area. Support dashboards, reports and KPI reporting and improvements. Guide teams and support them in understanding the risk exposure and technical safeguards.

• Identify points of improvement or gaps in the service delivery of the central ISRM teams and work together with them to resolve them. Review ongoing improvements and the feasibility of enhancements to global processes for ISRM.

• Analyse impact of new technologies and regulatory changes on information security considering Cyber Security and Data Privacy Acts, Laws, and Regulations

• 5+ years of professional experience in a similar role, 10+ years of working experience in IT in general

• Good knowledge with GxP regulated business processes in the pharmaceutical industry, preferably QC&QA, Supply Chain and/or Manufacturing & Engineering.

• Knowledge of SOX Audit and SOX controls execution. Experience in managing SOX compliance audits working with both internal/external auditors and application managers

• Experience with supporting projects about Information Security and Risk Management topics for high complexity multi-site, regional, global project portfolio / scope. Experience in an international matrix organization

• Strong knowledge in IMF Framework and ISRM Tools. Understand and be able to efficiently support Waterfall SDLC and Agile ways of working. Understand and effectively support project delivery.

• Experience with IT security and implementing policies in manufacturing setup

• Welcome is also any information security, risk or audit certification, such as CISSP, CISM, CIA, CISA, CRISC or ISO 27001 auditor / practitioner

• Fluency in English (spoken & written);

• Candidates must declare Criminal record extract not older than three months

• Broad range of activities, tasks, and projects
• Flexible working conditions
• Minimum 5 weeks of vacation
• Paid sick days
• Meal vouchers
• Vouchers (B-day voucher, wedding, and new born surprise)
• Contributions to wellness programs (multisport card)
• Fishing for Friends program – our referral program
• Refreshments in the D-ploy office
• Further development and professional advancement
• Friendly and international working environment
• Company-sponsored events
• Competitive salary and various benefits

D-ploy