Regional Information Security Officer

Company Description

About Us

Eurofins Scientific is an international life sciences company, providing a unique range of analytical testing services to clients across multiple industries, to make life and our environment safer, healthier and more sustainable. From the food you eat, to the water you drink, to the medicines you rely on, Eurofins works with the biggest companies in the world to ensure the products they supply are safe, their ingredients are authentic and labelling is accurate. Eurofins believes it is a global leader in food, environmental, pharmaceutical and cosmetics products testing and in agroscience CRO services. It is also one of the global independent market leaders in certain testing and laboratory services for genomics, discovery pharmacology, forensics, CDMO, advanced material sciences and in the support of clinical studies.

In over just 30 years, Eurofins has grown from one laboratory in Nantes, France to over 50,000 staff across a network of more than 900 independent companies in over 50 countries and operating more than 800 laboratories. Eurofins offers a portfolio of over 200,000 analytical methods to evaluate the safety, identity, composition, authenticity, origin, traceability and purity of biological substances and products, as well as providing innovative clinical diagnostic testing services, as one of the leading global emerging players in specialised clinical diagnostics testing.

In 2020, Eurofins generated total revenues of EUR € 5.4 billion, and has been among the best performing stocks in Europe over the past 20 years.

Job Description

Salary: Competitive  

Flexible Location: UK – Feltham, Birchwood/Chorley, Wakefield, Culham/Abingdon, Tamworth, Durham

Contract: Permanent

Hours:   37.5 hours per week (Full-time)         

The Role

We are recruiting for a Regional Information Security Officer (covering business lines in Forensics UK, Benelux, France and Clinical Diagnostics UK&IE and Benelux). 

The Regional Information Security Officer will be responsible for implementing and monitoring a strategic, comprehensive regional cyber security and IT risk management program for the defined scope.

The Regional Information Security Officer will provide the leadership necessary to manage the security risk to the organization and will ensure business alignment, effective governance, system and product availability and proper consumption of group security services.

Scope includes:

• Identification, evaluation and remediation of security control weaknesses and reporting on cybersecurity risks, while supporting and advancing business objectives.
• Grow and run the regional information security program.
• Proactively work with business units to implement controls, measures and tools (both group and local) that meet agreed Eurofins policies and standards for information security.

Key Responsibilities and Accountabilities

Lead / Run the Regional Information Security Function:

• Provide security oversight over the regional infrastructure delivery team(s) (IT Infrastructure Zone Support Team), ensuring embedding security in the operations of the team as well as new initiatives.
• Lead the information security function across the Region to ensure consistent and high-quality information security management in support of business goals, and in line with the Group Security Standards.
• Collaborate with Group Information Security team (i.e. apply group standards within the region, drive regional action plans) 
• Manage the Regional Information Security budget in collaboration with the regional Business sponsor and with Group Information Security.
• Be the hiring manager for own team and ensure senior business leadership buy-in for team composition/sizing.
• Ensure that all information owned, collected or controlled by or on behalf of the Region / Group is processed and stored in accordance with applicable laws and other global regulatory requirements, such as data privacy.
• Perform information security risk assessments including the reporting and oversight of treatment efforts to address negative findings.
• Ensure that security is embedded in the project delivery process by providing the appropriate information security policies, practices, guidelines and necessary oversight.
• Consult with IT and Business Lines staff to ensure that security controls are factored into the evaluation, selection, installation and configuration of hardware, applications and software, process and procedures, etc.
• Responsible for the execution of internal and external risk assessment activities. Analyze the results to produce recommendations of acceptable risk and risk mitigation strategies.
• Collaborate with the Group IT Risk and Audit team.
• Ensure regular security awareness for their scopes utilizing central platform (Eurofins Academy) and reusing or adapting central content (also adding local content). 
• Oversee and approve firewall and VPN changes within their scope.
• Ensure security review and approval of local solutions and technologies 
• Plan & execute vulnerability scans within the scope 
• Plan & execute penetration tests on systems within the scope
• Support the customer audits (e.g. provide responses to customer questionnaires which Eurofins is asked to fill/comply) 
• Drive the local business continuity and disaster recovery efforts, based on group standards 
• Drive the review of access rights within the scope. 
• Support the business leaders in scope with physical security concerns 
• Provide the business leaders in scope with information on local security posture and give visibility of issues and risks.

Qualifications

Required Profile:

• A leader with a track record of competency in the field of information security with 7 to 10 years of relevant experience, including 5 years in a significant leadership role.
• Bachelor’s degree from an accredited institution, with degree preferred in Computer Science or Information technology systems security or related field. Advanced degree preferred.
• Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) Certification preferred.
• Experience with on premise, hybrid and cloud data center and application hosting strategies
• Experience in establishing cyber security and risk metrics for reporting
• Strong Emotional Intelligence with demonstrated sustained leadership in a large organization involving multiple stakeholders.
• Demonstrated management skills, e.g., budget development and administration, policy development and implementation, personnel administration, staff training and development.
• Demonstrated ability to work with diverse people; effective oral and written communication skills. Information Security certification based on industry best practices.
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences.
• Good understanding of IT technology to oversee a variety of cybersecurity and risk management activities related to IT to ensure the achievement of business outcomes where the business process is dependent on technology.
• Ability to work with Infrastructure team to implement changes and upgrades required
• Must be knowledgeable about both internal and external business environments, and ensure that information systems are maintained in a fully functional and secure mode and are compliant with legal, regulatory and contractual obligations.
• At ease with managing multiple priorities, ambiguity and rapidly moving business environment.
• A strong understanding of the business impact of security tools, security operations center, technologies and policies.
• Strong leadership abilities, with the capability to develop and guide IT operations personnel, and work with minimal supervision.
• Experience working with legal, audit, operations and compliance staff.
• Experience developing and maintaining policies, procedures, standards and guidelines.
• Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x/NEN 7510, Cyber Essentials/ Cyber Essentials + the IT Infrastructure Library (ITIL) and Control objectives for Information and Related Technology (COBIT) frameworks
• Awareness of the Forensic Regulators Act (UK). 

Additional Information

Corporation Benefits

In return for your hard work and loyal service, we will offer you genuine career and salary progression through our Career Pathways programme, a competitive salary, and a selection of employee benefits via our flexible benefits menu which includes cycle to work, give as you earn, volunteering days,buy and sell holiday. In addition, we also offer the following:

• Life Assurance (3 times annual salary)
• Scottish Widows Company Pension Plan
• 25 days annual leave plus bank holidays (increasing to a maximum of 30 days)
• Employee length of service awards and yearly recognition schemes, celebrating work anniversaries here at EFS.
• Employee tech scheme
• Discount vouchers and flexi reward points on our employee wellness hub
• Everyone who joins EFS will have access to Perkbox allowing you to save money all year round on a wide range of perks such as supermarket savings, days out or your daily coffee
• Learning and study support
• Employee Assistance Programme
• Health Cash Plan membership
• Enhanced company sick, maternity and paternity  pay scheme
• Refer a friend scheme
• Subscription to mental health support and wellbeing
• (Free on-site car parking – site specific)

Due to the highly sensitive nature of the work, applicants should note that security clearance is required for this role. To gain security clearance you must have five years continuous residency in the UK. Security clearance is undertaken by a third party to police personnel vetting standards (NPPV/3 and SC), as such any criminal convictions may prevent you from gaining security clearance. Further information on the security clearance process and requirement can be found at https://www.warwickshire.police.uk/police-forces/warwickshire-police/areas/warwickshire-police/about-us/about-us/police-national-vetting-service/. In addition, all successful applicants will be required to undertake drug and alcohol testing prior to commencing employment. 

Due to the nature of the work we undertake on our EFS Midlands (Tamworth, UK) site, for employees based at EFS Midlands or likely to attend EFS Midlands as part of their role you must inform us if you come into contact with any firearms or ammunition through work or any other reason as there will be precautions you will need to take in order to enter the premises.  This also applies to persons involved in clay pigeon shooting, and those who regularly use any cartridge based tools such as nail/stud guns.  Please provide details on your application.

To apply, please visit https: //www.eurofins.co.uk/careers/current-vacancies/