IT Security Governance Specialist

Job Description

Company DescriptionMundipharma is a global (ex-US) network of independent associated companies that research, develop and manufacture innovative pharmaceutical medicines and consumer healthcare products. We are an agile and fast-paced company seeking to increase access tohealth care through programmes and effective partnerships.We are forward-looking and dedicated to bringing innovative treatments to many of the worlds most challenging conditions and diseases including: Pain Management & Supportive Care, Consumer Health, Anti-Infectives, Biosimilars, CNS, Diabetes, Oncology, Ophthalmology,Respiratory and transplantation immunity.We make a difference to patient lives by delivering value to healthcare professionals in 120+ countries across Africa, Asia Pacific, Canada, Europe, Latin America, and the Middle East.Our guiding principles, centred around Integrity and Patient-Centricity, are at the heart of everything we do. We encourage our people to think differently and our inclusive culture of continuous learning and collaboration make Mundipharma a great placeto work.Job DescriptionThe rolesupports the Head of IT Security in driving governance and compliance in the organization for IT Security and will:- be involved in all projects and enhancements ensuring IT Security policies are followed.- carry out audits and risk assessments as necessary in line with the IT Security audit schedule.- contribute to the key strategic priorities and help translate them in a comprehensive strategic plan for IT Security ensuring they are supporting the IT Strategy.- help establish policies, processes and controls for ensuring IT Security.Specific duties & responsibilities:

• Help to manage and coordinate IT Security across Global IT and the wider Mundipharma business
• Accountable for documenting IT Security policies and procedures
• Understanding the IT Service Management Policies and Processes that are used in IT and be able to represent these both internally and externally for IT Security.
• Responsible for Continual Service Improvement for IT Security.
• IT Security Risks need to be coordinated for MITS with the Risk Management Process owner.
• Manage and perform internal IT Security audits to demonstrate compliance and improve IT Security throughout Global IT.
• Provide independent oversight of IT Security issues.
• Responsible for measuring the performance of IT Security and highlighting risks to our IT Services provisioned by Global IT.
• Serve as a liaison between Business and Functional areas and technology to ensure that InfoSec Policy related business requirements for protecting sensitive data are clearly defined, communicated and well understood and considered as part of operationalprioritisation and planning.
• Ensure business and technical requirements are aligned to security policies and are implemented within an allotted time frame to meet compliance.
• Define indicators of performance and quality metrics and ensure compliance with data related policies, standards, roles and responsibilities, and adoption requirements
• Organize and write supporting documents for Policies and Standards.
• Ensuring risks are identified and added to the IT Security risk register, you will also be responsible for working with risk owners.
• Develop techniques to run scans of the technical environment to detect security policy non-compliance.
• Receive reports of Vulnerability scans of the environment and ensure vulnerabilities are remediated within stated timelines by engaging with all parts of the IT organization.
• Engage directly with IT teams to ensure IT Security is top of mind in any projects or enhancements that are being run.
• Making tools such as the Office365 Compliance centre and Azure Security centre to ensure compliance to internal security policies and to identify risk.
• Conduct supplier security assessments.
• Assist / deputise for other members of the Governance team with their duties such as supplier compliance due diligence, document and e-learning management.
• Be the primary point of contact for IT Security audits both internal and external to Mundipharma.
• Liaise with Mundipharmas Managed Security Service Provider to apply IT Security governance principles to their operations.
• Working with internal technical teams to apply IT Security governance to their operations.
• Able to be the point of contact for security related issues if Head of IT Security is absent, able and confident to coordinate with senior stakeholders.

Qualifications

• IT: Advanced knowledge and practical experience in MS Office and other productivity tools.
• Auditing accreditation is desirable.
• Specific Security qualifications are desirable.
• Able to travel globally.

Skills and experience

• Demonstrable auditing experience (Does not need to be IT Security specific).
• Project management experience in the delivery of complex, cross functional projects.
• Comprehensive experience of working within a large and complex organization.
• Negotiating and influencing skills and effective relationship builder at management level, with experience in delivering this in a global environment.
• Proven effective stakeholder management skills in an international environment.
• Desirable: Experience in Audit and Governance in an Azure cloud environment.