Information Security Compliance Manager

CooperVision, a division of CooperCompanies (NASDAQ:COO), is one of the world’s leading manufacturers of soft contact lenses. The Company produces a full array of daily disposable, two-week and monthly contact lenses, all featuring advanced materials and optics. CooperVision has a strong heritage of solving the toughest vision challenges such as astigmatism, presbyopia and childhood myopia; and offers the most complete collection of spherical, toric and multifocal products available. Through a combination of innovative products and focused practitioner support, the company brings a refreshing perspective to the marketplace, creating real advantages for customers and wearers. For more information, visit www.coopervision.com.

Job Summary:

The Information Security Compliance Manager is a critical leadership role within our Information Security team, responsible for the strategic development, implementation, and management of our information security compliance program. In partnership with our Legal, Data Privacy, and IS Compliance teams, this role ensures that our organization adheres to all applicable data protection laws and regulations, including HIPAA, GDPR, and other industry standards.

• The ability to lead and inspire a security team, set clear goals, and provide guidance and support.
• Awareness and understanding of regional and global Cybersecurity and Data Privacy regulations, such as GDPR, NIS2, CCPA, HIPAA, etc.
• Ability to plan, organize and execute global projects and initiatives.
• Have in-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls.
• Have experience developing policies, procedures, standards and guidelines.
• Able to resolve difficult problems in a timely manner.
• Good business process knowledge and understanding of business drivers and business objectives to translate them into security requirements.
• Strong analytical skills to analyze security compliance requirements and relate them to appropriate security controls.
• Excellent problem-solving and decision-making skills
• Ability to interact with Cooper personnel and build strong relationships at all levels, and across all business units and organizations, and to understand business imperatives.
• Strong leadership abilities, with the capability to develop and guide team members and to work with minimal supervision.
• Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with executive leadership, the IT organization, project and application development teams, management and business personnel.
• Experience conducting risk assessments and identifying appropriate corrective actions.
• Experience interacting with external auditors and assessors.

Travel Requirements: 

• 5% domestic and/or international travel

Knowledge, Skills and Abilities:

• The ability to lead and inspire a security team, set clear goals, and provide guidance and support.
• Awareness and understanding of regional and global Cybersecurity and Data Privacy regulations, such as GDPR, NIS2, CCPA, HIPAA, etc.
• Ability to plan, organize and execute global projects and initiatives.
• Have in-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls.
• Have experience developing policies, procedures, standards and guidelines.
• Able to resolve difficult problems in a timely manner.
• Good business process knowledge and understanding of business drivers and business objectives to translate them into security requirements.
• Strong analytical skills to analyze security compliance requirements and relate them to appropriate security controls.
• Excellent problem-solving and decision-making skills
• Ability to interact with Cooper personnel and build strong relationships at all levels, and across all business units and organizations, and to understand business imperatives.
• Strong leadership abilities, with the capability to develop and guide team members and to work with minimal supervision.
• Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with executive leadership, the IT organization, project and application development teams, management and business personnel.
• Experience conducting risk assessments and identifying appropriate corrective actions.
• Experience interacting with external auditors and assessors.

Work Environment:

• Normal office environment
• Prolonged sitting in front of a computer.

Experience:

• Minimum of five years cumulative, full-time Information Security or IT Audit experience required.      10 years IT experience preferred.
• Be familiar with applicable legal and regulatory requirements, including, but not limited to, the U.S. Sarbanes-Oxley Act (SOX), the U.S. Health Insurance Portability and Accountability Act (HIPAA), European General Data Protection Regulation (GDPR), various other domestic and international privacy regulations, and Payment Card Industry (PCI) security council standards.
• Experience implementing or administering security and compliance frameworks such as HIPAA, ISO27001, HITRUST, etc.

Education:

• Bachelor’s degree in computing science or cybersecurity; or an equivalent combination of education and experience.  Post-graduate education or training a plus.
• Security and compliance certifications such as: CISSP, GIAC, CISM, CISA, or similar preferred.

Affirmative Action/Equal Opportunity Employer. Minority/Female/Disability/Veteran

For U.S. locations that require disclosure of compensation, the starting base pay for this role is between $120,317.00 and $ 171,882.00 per year and may include cost of living adjustments. The actual base pay includes many factors and is subject to change and modification in the future. This position may also be eligible for other types of compensation and benefits.

#LI-RK1