Manager, IT Security Assessment and Risk Management

Manager, IT Security Assessment and Risk Management
Location: Mexico City (Hybrid)

At Alcon, we are driven by the meaningful work we do to help people see brilliantly. We innovate boldly, champion progress, and act with speed as the global leader in eye care. Here, you’ll be recognized for your commitment and contributions and see your career like never before. Together, we go above and beyond to make an impact in the lives of our patients and customers. We foster an inclusive culture and are looking for diverse, talented people to join Alcon.

As a MANAGER, SECURITY ASSESSMENT AND RISK MANAGEMENT supporting the Information Technology Department, you will play a significant role in guiding the company’s IT assessment and audit programs (internal controls, SOC 2, ISO, etc.). You will oversee compliance with information security, IT regulations, risk management, business continuity, and disaster recovery protocols. This includes testing, documenting, evaluating, recommending, and collaborating with Business and IT departments to support Information Assurance (IA) topics such as information security, IT compliance, and information risk management.

IN THIS ROLE, A TYPICAL DAY WILL INCLUDE:

• Conduct Evaluations: Assess the design and efficiency of controls. You must be skilled in identifying weaknesses and suggesting continuous improvements or suitable remediation actions.
• Coordinate Audits: Coordinate internal and external IT audits and assessments. Organize, track, and ensure the remediation of IT audit or assessment findings and recommendations.
• Learn the IT Environment: Gain understanding of Alcon’s IT environment and relevant processes to help identify risks or compliance issues and evaluate controls. Apply internal controls (including Financial and Regulatory controls) across diverse IT environments such as cloud computing, infrastructure, business systems, tools, and Vendors.
• Build Relationships: Collaborate effectively with stakeholders including IT application teams, IT third-party vendors, Financial Assurance, QA/e-Compliance, Legal, Procurement, and act as a liaison to Internal Audit.
• Become a Trusted Advisor: Consult with stakeholders for Policy, Control, Data Classification, and Risk Management in a variety of environments.
• Promote a Compliance Mindset: Comply with corporate-wide information security program risk management program policies and procedures to ensure ongoing compliance and enforcement.
• Continuously Improve: Leverage your knowledge and expertise of current industry trends and technology standards to improve the information security and risk posture across the company.
• Team Player: Perform various other duties or special projects as requested based on team objectives.

WHAT YOU’LL BRING TO ALCON:

• Working Style: Exhibits strong personal integrity, handles confidential matters with professionalism, and displays sound judgment and maturity.
• Collaboration: Highly skilled in managing competing priorities and finding consensus amid differing or conflicting opinions. Recognized as a team player.
• Customer Orientation: A strong emphasis on customer orientation is essential. This includes concentrating on both IT and the respective Business organizations.
• Results Focus: Must be able to drive Information Assurance projects and related activities through the appropriate organization.
• Communication: Must have the ability to deliver presentations and conduct training sessions for teams efficiently. Strong written and verbal communication skills are essential, along with interpersonal and collaborative abilities.
• Analytical Skills: Must be capable of effectively evaluating different components of an information system and infrastructure.
• Industry Specific Skills: Experience with:
  • Industry Standard Security Frameworks (NIST, ISO, HITRUST, etc.)
  • IT Risk Management
  • Records Management
  • Vendor Risk Management
  • Vulnerability Management
  • Security Incident Management
  • GxP requirements
  • SOX Controls
  • HIPAA Security Rule
• Interpersonal Skills: Should effortlessly build working relationships, get along with diverse individuals, and be recognized as an authority in Risk Management and IT Compliance.

Preferred Qualifications/Skills/Experience:

• University degree in business/technical/scientific area or comparable education/experience.
• 5+ years of experience in:
  • Business information security and compliance
  • Risk management
  • Audit management
  • Senior business stakeholder management
  • Regulated environment experience
• Business fluent in English (written and spoken).

REQUIRED LICENSES/CERTIFICATIONS:

• Professional information security certification, such as CISSP, CISM or ISO 27001 auditor/practitioner or
• Professional (information system) risk or audit certification such as CIA, CISA or CRISC.

HOW YOU CAN THRIVE AT ALCON:

• Competitive salary and benefits package.
• Opportunities for professional growth and development.
• Be part of a global company dedicated to innovation and growth in eye care.

KINDLY SUBMIT YOUR RESUME IN ENGLISH

ATTENTION: Current Alcon Employee/Contingent Worker

If you are currently an active employee/contingent worker at Alcon, please click the appropriate link below to apply on the Internal Career site.

Find Jobs for Employees

Find Jobs for Contingent Worker

Alcon is an Equal Opportunity Employer and takes pride in maintaining a diverse environment and our policies are not to discriminate in recruitment, hiring, training, promotion or other employment practices for reasons of race, color, religion, gender, national origin, age, sexual orientation, gender identity, marital or veteran status, disability, or any other legally protected status.