Business Information Security Expert Sr. Spec. DDIT ISC US&I

Job Description Summary

The Information Security & Compliance team is looking for a highly skilled and experienced Business Information Security Expert to join our team. The successful candidate will be responsible for ensuring Information Security Compliance across our organization. This role requires a deep understanding of information security principles, risk management, and regulatory requirements, including GDPR and GxP.

 

Job Description

Major accountabilities:

• Develop, implement, and maintain information security policies, procedures, and guidelines to ensure compliance with industry standards and regulatory requirements.

• Conduct regular security assessments, audits, and risk analyses to identify vulnerabilities and ensure the effectiveness of security controls.

• Collaborate with various departments to ensure that information security requirements are integrated into business processes and projects.

• Provide expert guidance on information security best practices and emerging threats to senior management and other stakeholders.

• Lead incident response efforts and coordinate with internal and external teams to address security breaches and mitigate risks.

• Develop and deliver information security training and awareness programs to employees at all levels.

• Stay up-to-date with the latest developments in information security, GDPR, and GxP regulatory requirements to ensure the organization remains compliant and secure.

Key performance indicators:

• Effective management of information risk and compliance status leading to reduced critical audit findings for a subset of a function or technology.
• Level of maturity of controls in projects and operations.
• Applications and projects are secure and compliant at launch .

Minimum Requirements:
Work Experience:

• Bachelor's degree in Computer Science, Information Technology, or a related field.

• 6 - 8 years of experience in information security, with a focus on compliance, risk management, GDPR, and GxP.

• Desirable one certification among CISSP, CISA, CCSP.

• Strong knowledge of information security frameworks, standards, and regulations (e.g., ISO 27001, NIST, GDPR, HIPAA).

• Excellent analytical, problem-solving, and decision-making skills.

• Strong communication and interpersonal skills, with the ability to effectively convey complex security concepts to non-technical stakeholders.

• Proven ability to work independently and as part of a team in a fast-paced, dynamic environment.

Skills:

• Communication Skills.
• Compliance Audits.
• Compliance Management.
• Compliance Risk Assessment.
• Compliance Training.
• Influencing Skills.
• Quality Assurance.

• Experience in conducting security assessments and audits.

• Familiarity with data privacy regulations and requirements.

Languages :

• English.

 

Skills Desired

Communication Skills, Compliance Audits, Compliance Management, Compliance Risk Assessment, Compliance Training, Influencing Skills, Quality Assurance