Purpose of the position
In order to enable IPSEN growth and transformation, IT Security is in the process of being strengthened and modernized; thus following IT digital and data transformation while achieving CyberSecurity orientation. The information security manager (ISM) position is key in this change.
- Facilitates increasing importance and occurrences of cross-functional collaboration between the Chief Information Security Officer (CISO) and numerous IT, industrial affairs, risk, quality and other business partners (eg: Data Privacy Officer, Data Quality or Quality stakeholders).
- Coordinates the activities to modernize security of the overall Information System (including externals providers, SaaS, PaaS or IaaS), and to develop data based automated metrics for ongoing performance measurement and reporting. These activities include transformation of all security processes and systems accordingly to new threats and technical capabilities. Associated metrics should enable process controls but also real time alerting and Security crisis management.
- Acts as an empowered representative of the CISO during IT projects to ensure that new security measures are understood, incorporated into IT projects and that service expectations are clearly defined through technical controls requirements. This work must take in account real-world risks, existing skills but also business drivers such as speed, agility, flexibility and performance.
Main responsibilities and tasks
- Work with the CISO to develop a security program and projects that provide modernized and business friendly security by addressing identified risks, business security requirements and constraints, developing budget and resource projections.
- Facilitate CISO while defining the threat landscape and constructing a realistic overview of risks.
- Propose changes to existing policies and procedures to ensure security modernization, efficiency, business empowerment and regulatory compliance.
- Assist CISO in security communication, awareness and training for different IPSEN profiles (eg: users, IT staff, industrial affairs)
- Work with the CISO, IT and business stakeholders to define metrics and reporting strategies that effectively communicate successes and progress of the security program and compliance with new security processes
- Participate in security incidents solving.
IT projects support
- Collaborate with IT staff to ensure that new security requirements are understood and that security is factored into project design and evaluation, selection and configuration of applications and software
- Coordinate the implementation of controls to enforce security policies. This includes coordination of data driven analytics or big data projects.
- Develop a strong working relationship with the infrastructure team by being active adviser while evaluating, designing or planning the implementation of modernized security software, and analyzing its impact on the existing environment; provide technical expertise for the administration of security tools
- Manage security projects.
- Manage outsourced vendors that provide information security functions.
- Ensure security KPIs, system logs, provided external evidences and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements.
Experience / Qualifications
- A minimum of seven years of IT experience, with five years in an information security role and at least two years in a project management role.
- A bachelor's degree in information systems or equivalent work experience; an M.B.A. or M.S. in information security is preferred.
- Strong soft and communication skills and the ability to work with business and IT staff with different level of technical skills
- Fluent English mandatory
- Proficiency in performing risk, business impact and vulnerability analysis, and in defining treatment strategies. Strong understanding of the business impact of security technologies and policies. Experience working with legal, audit, and risk staff and some familiarity with applicable legal and regulatory requirements.
- Experience in defining policies, procedures, standards and guidelines is critical
- Strong technical & security background.
- Strong autonomy with the capability to work with minimal supervision.
- Project management skills and experience in defining roadmaps, including budgeting and resource allocation. Expertise in influencing projects is critical.
- Documentation and presentation skills, analytical and critical thinking skills, and the ability take initiative are important requirements of the ISM's position.
- The candidate must be able to prioritize work efforts (balancing operational tasks with longer-term strategic topics) and to include resource balancing across multiple teams.
Familiarity with common information security management frameworks, such as International Standards Organization (ISO) 2700x, ITIL..