Information Security Compliance Manager

The Opportunity:

Position Summary
The Regional Information Security Officer - EU works as part of the Avantor Global Information Security team and is responsible for managing and aligning the regional IT, business and supporting functions with Global policies, processes and standards. Key responsibilities include interfacing with business and IT representatives to help drive the global information security strategy and supporting initiatives. The position requires experience managing projects, technical knowledge on security processes and technologies. Additionally, the candidate should have strong relationship building capabilities. These skills will help the candidate to analyze IT Security risks and translate the risks to business and/or IT partners and execute processes to prioritize, plan and manage remediation of gaps.
Primary Duties and Responsibilities
• Ensure regional compliance with global IT Security policy, standards and requirements
• Report out of regional Information Security status to global IT Security
• Risk management and prioritization based on global, regional and country needs
• Help ensure compliance with local laws and regulations pertinent to IT Security
• Manage and assist in collaborating with global and local personnel on incident response, breach prevention and digital forensics
• Delivery of Information Security projects for the region
• Ensure and improve IT Security awareness among local employees
• Management and development of metrics to provide visibility of compliance
• Develop formal metrics and KPIs to help provide insight and progress of management and control of the function to relevant management
• Train and develop teams on processes and capabilities and ensure processes are properly documented from end-to-end, including involvement of other teams and functions
• Resolve problems independently and understand, define and/or refine escalation processes and procedures.

Education and Experience
• Bachelor Degree in Information Technology, Information Security/Assurance, Engineering or related field of study preferred; at least six years of related experience and/or training (in addition to experience requirements below); or equivalent combination of education and experience preferred
• Strong interest in technology and a desire to learn and grow in applicable technologies field is required. Skills and knowledge must be kept current, including ongoing active pursuit of certifications
• Preferred experience managing personnel in a global environment
• Experience developing and implementing Information Security strategies in a global organization
• Preferred strong communication and management skills and experience working in a global matrixed environment
• Strong experience managing a team and interacting with various teams in order to socialize and gain agreement on execution of necessary activities
• Practical expertise with TCP/IP networking required
• Requires taking responsibility for the interaction and overall success of managed services
• Technical knowledge on a number of security technologies required
• Solid understanding of information security and networking required
• Extensive experience interacting with customers required
• Strong critical thinking and problem solving skills required
• A passion for information security and data security required
• Detail oriented with strong organization skills required
• Process workflow focus required with strong interpersonal skills including excellent written/verbal communication skills

Position Summary

The Information Security Compliance Manager works as part of the Avantor Global Information Security team and is responsible for overseeing the management and response process for completing security assessment questionnaires and proposals.  This critical role will involve ensuring the company meets the highest standards of information security, compliance, and risk management while maintaining strong relationships with customers and auditors. The ideal candidate will have experience in security assessments, regulatory compliance, and cross-functional collaboration to manage and respond to a variety of security-related inquiries.

Primary Duties and Responsibilities

• Security Assessment Framework development and management: Develop, implement and maintain the processes of receiving, reviewing, and responding to security assessment questionnaires from customers, third-party auditors, and regulatory bodies, ensuring responses are accurate, timely, and comprehensive. 
• Cross-Functional Collaboration: Work closely with teams across the organization, including IT, legal, compliance, product, and operations, to gather necessary information and data to respond to security-related inquiries. Drive continuous improvement in areas that require improved communication and collaboration between functions.
• Documentation and Reporting: Maintain accurate records of completed questionnaires and responses. Prepare and manage reports related to security assessments and audits for senior management and stakeholders. Managing and communicating gaps and open issues identified and ensuring the proper propagation of these items.
• Continuous Improvement: Review and refine security questionnaire response capabilities and processes to improve efficiency, consistency, and quality of responses. Management and development of metrics to provide visibility of compliance.
• Compliance Oversight: Ensure responses align with regulatory, Legal and industry standard compliance requirements (GDPR, SOC 2, HIPAA, etc.) and align with the organization’s internal security policies and standards. 
• Risk Assessment and Mitigation: Identify potential risks based on customer and auditor assessments and work with relevant departments to mitigate or address these concerns proactively.
• Customer Relationship Management: Act as the primary point of contact regarding security assessment inquiries. Provide clear, concise, and professional communication to ensure customer confidence in our security practices.
• Training and Awareness: Provide guidance and training to internal teams regarding security assessment best practices and the importance of responding to security questionnaires in alignment with company policies and industry standards.

Education and Experience

• Bachelor’s degree in Information Security, Computer Science, Business Administration, or a related field of study preferred.
• At least 5 years of experience in information security or risk management, with a focus on security assessments, audits, and customer/vendor interactions, and/or training (in addition to other experience requirements) or equivalent combination of education and experience preferred.
• Experience managing security questionnaire response process aligned with industry standards (SOC 2, ISO 27001, HIPAA, GDPR, etc.).
• Familiarity with various security frameworks and regulatory requirements.

Skills:

• Strong understanding of security technologies, risk management principles, and compliance frameworks.
• Excellent communication skills, both written and verbal, with the ability to convey complex security concepts to non-technical stakeholders.
• Detail-oriented with strong organizational and time-management skills.
• Develop formal metrics and KPIs to help provide insight and progress of management and control of the function
• Ability to collaborate effectively across different teams and levels of the organization.
• Strong problem-solving skills and ability to manage multiple priorities.

Preferred Qualifications:

• Professional certifications such as CISSP, CISM, or CISA are highly preferred.
• Experience working directly with customers or auditors during the security assessment process.
• Knowledge of industry-standard tools for security assessments and audit management.
• Experience with security policy development and maintenance.
• Strong communication and management skills and experience working in a global matrixed environment.

Disclaimer:
The above statements are intended to describe the general nature and level of work being performed by employees assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of employees assigned to this position. Avantor is proud to be an equal opportunity employer.

Why Avantor?

Dare to go further in your career. Join our global team of 14,000+ associates whose passion for discovery and determination to overcome challenges relentlessly advances life-changing science.
 
The work we do changes people's lives for the better. It brings new patient treatments and therapies to market, giving a cancer survivor the chance to walk his daughter down the aisle. It enables medical devices that help a little boy hear his mom's voice for the first time. Outcomes such as these create unlimited opportunities for you to contribute your talents, learn new skills and grow your career at Avantor.
 
We are committed to helping you on this journey through our diverse, equitable and inclusive culture which includes learning experiences to support your career growth and success. At Avantor, dare to go further and see how the impact of your contributions set science in motion to create a better world. Apply today!

EEO Statement:

We are an Equal Employment/Affirmative Action employer and VEVRAA Federal Contractor. We do not discriminate in hiring on the basis of sex, gender identity, sexual orientation, race, color, religious creed, national origin, physical or mental disability, protected Veteran status, or any other characteristic protected by federal, state/province, or local law.

If you need a reasonable accommodation for any part of the employment process, please contact us by email at recruiting@avantorsciences.com and let us know the nature of your request and your contact information. Requests for accommodation will be considered on a case-by-case basis. Please note that only inquiries concerning a request for reasonable accommodation will be responded to from this email address.

For more information about equal employment opportunity protections, please view the Know Your Rights poster.

3rd Party Non-Solicitation Policy:

By submitting candidates without having been formally assigned on and contracted for a specific job requisition by Avantor, or by failing to comply with the Avantor recruitment process, you forfeit any fee on the submitted candidates, regardless of your usual terms and conditions. Avantor works with a preferred supplier list and will take the initiative to engage with recruitment agencies based on its needs and will not be accepting any form of solicitation.