- Location: Cambridge (Hybrid working - On average once a month)
- Job type: Permanent
The Senior ITSecurity Governance and Risk Specialist is responsible for Governance and oversight of IT security in line with Mundipharma's IT Cyber Security strategy.
Role and responsibilities
- Core member of Architecture Review Board and project Phase Gate, responsible for assessing IT solutions against security architecture principles and advising project teams on cyber requirements.
- Core member of the Cyber Steerco which updates the CIO on current cyber initiatives, incidents, risks etc.
- Support preparation of periodic reports to the Board on cyber security.
- Core member of the IT Security Council, keeping business representatives informed on current cyber initiatives, incidents, risks etc
- Create and update IT Governance owned security policies and procedures.
- Own the Mundipharma cyber risk tracker, overseeing mitigation activities to completion. Ensure newly identified risks are added to the tracker.
- Ensure alignment of Mundipharma's security practice with ISO 27001, NIST and CIS frameworks where feasible.
- Own Mundipharma cyber user awareness training, working with the Senior Quality & Compliance Coordinator to manage this in the Learning Management System.
- Manage interactions with external partners providing security assessment, and coordinate follow-up activities.
- Provide subject matter expertise and guidance on cyber security risks, threats, opportunities, and capabilities.
- Conduct security assessments of vendors and services provided to Mundipharma.
- Advise colleagues implementing projects and enhancements on security requirements.
- Coordinate responses to security related questions from internal and external audits.
- Maintain and monitor compliance with the security audit calendar and exceptions approval process.
- Work with the Enterprise IT Shared Services team (EITSS) to ensure that tools such as the Office365 Compliance centre and Azure Security centre are used effectively to ensure compliance to internal security policies, to identify risk and support data discovery requirements.
- Experience working in cyber security with stakeholders at various levels of the organisation
- Risk management expertise
- Basic understanding of operational cyber security
- An effective team player, needs to be comfortable with ambiguity and working within a matrix
- A self-starting finisher completer, able to think strategically but follow through effectively
- Able to lead and influence projects and services
- Relevant cyber security, auditing and/or risk management certification
- Degree level qualification (not necessarily in cyber) or demonstrated ability to operate at this level (preferred)
- flexible benefits package
- opportunities for learning & development
- collaborative, inclusive work environment
Building an inclusive environment where people can thrive, grow and achieve their full potential is a priority. We believe this isn't just the right thing, but also the smart thing to do, as we focus on making a positive difference for our customers and their patients.
About Mundipharma
Mundipharma is a global healthcare company with a presence across Africa, Asia Pacific, Canada, Europe, Latin America, and the Middle East. Mundipharma is dedicated to bringing innovative treatments to patients in the areas of Pain Management, Infectious Disease and Consumer Healthcare as well as other severe debilitating disease areas. Our guiding principles, centered around Integrity and Patients-Centricity, are at the heart of everything we do.
Join our talent pool
If you're not sure this role is right for you but you're keen to hear about future opportunities at Mundipharma, join our talent community and be the first to hear about new roles.
Additional Job Description:
Primary Location:
GB Cambridge
Job Posting Date:
2024-03-07
Job Type:
Permanent