Senior IT Security Governance and Risk Specialist
Job Description
Job title: Senior IT Security Governance and Risk Specialist
Company: Mundipharma
Job description: Location: Cambridge (Hybrid working – On average once a month)Job type: PermanentAt Mundipharma, we are proud of the work we do to bring innovative treatments to patients. We challenge ourselves constantly to deliver more for patients, healthcare professionals, our partners, and our employees.The Senior IT Security Governance and Risk Specialist is responsible for governance and oversight of IT security in line with Mundipharma’s IT Cyber Security strategy.Role and responsibilitiesCore member of Architecture Review Board and project Phase Gate, responsible for assessing IT solutions against security architecture principles and advising project teams on cyber requirements.Core member of the Cyber Steerco which updates the CIO on current cyber initiatives, incidents, risks etc.Support preparation of periodic reports to the Board on cyber security.Core member of the IT Security Council, keeping business representatives informed on current cyber initiatives, incidents, risks etcCreate and update IT Governance owned security policies and procedures.Own the Mundipharma cyber risk tracker, overseeing mitigation activities to completion. Ensure newly identified risks are added to the tracker.Ensure alignment of Mundipharma’s security practice with ISO 27001, NIST and CIS frameworks where feasible.Own Mundipharma cyber user awareness training, working with the Senior Quality & Compliance Coordinator to manage this in the Learning Management System.Manage interactions with external partners providing security assessment, and coordinate follow-up activities.Provide subject matter expertise and guidance on cyber security risks, threats, opportunities, and capabilities.Conduct security assessments of vendors and services provided to Mundipharma.Advise colleagues implementing projects and enhancements on security requirements.Coordinate responses to security related questions from internal and external audits.Maintain and monitor compliance with the security audit calendar and exceptions approval process.Work with the Enterprise IT Shared Services team (EITSS) to ensure that tools such as the Office365 Compliance centre and Azure Security centre are used effectively to ensure compliance to internal security policies, to identify risk and support data discovery requirements.What you’ll bringExperience working in cyber security with stakeholders at various levels of the organisationRisk management expertiseBasic understanding of operational cyber securityAn effective team player, needs to be comfortable with ambiguity and working within a matrixA self-starting finisher completer, able to think strategically but follow through effectivelyAble to lead and influence projects and servicesDesirableRelevant cyber security, auditing and/or risk management certificationDegree level qualification (not necessarily in cyber) or demonstrated ability to operate at this level (preferred)What we offer in returnflexible benefits packageopportunities for learning & developmentcollaborative, inclusive work environmentDiversity and inclusionBuilding an inclusive environment where people can thrive, grow and achieve their full potential is a priority. We believe this isn’t just the right thing, but also the smart thing to do, as we focus on making a positive difference for our customers and their patients.About MundipharmaMundipharma is a global healthcare company with a presence across Africa, Asia Pacific, Canada, Europe, Latin America, and the Middle East. Mundipharma is dedicated to bringing innovative treatments to patients in the areas of Pain Management, Infectious Disease and Consumer Healthcare as well as other severe debilitating disease areas. Our guiding principles, centered around Integrity and Patients-Centricity, are at the heart of everything we do.Join our talent poolIf you’re not sure this role is right for you but you’re keen to hear about future opportunities at Mundipharma, and be the first to hear about new roles.Additional Job Description:Primary Location: GB CambridgeJob Posting Date: 2024-03-07Job Type: Permanent
Expected salary:
Location: Cambridge