IT Security Manager

Want a 3D Career? Join Norgine.

At Norgine, our colleagues Dare themselves to be different and try new things, Drive to achieve their goals and beyond, and Develop themselves and their community.

We call it the 3D career at Norgine and it offers you a fully-rounded experience with no limits.

Bring everything about yourself that you’re proud of, whether that’s your passion for making a difference, focus on others’ well-being, or intellectual curiosity to unleash in a fast-paced environment and supportive community.

In return, get a sense of belonging, a long-term career with ongoing development and upskilling, and a company that cares about people’s wellness as much as you do.

Because at Norgine, we transform lives with innovative healthcare solutions.

We have an exciting opportunity for a IT Security Manager to join Norgine.

The person holding this position will report to Director of IT.

The IT Security Manager a key role in delivering management, technical and administrative services to implement security controls and security management strategies. Activities include – but are not limited to:

·       Providing advice, guidance on the implementation of security controls

·       Defining and reviewing against access rights and privileges authorising and monitoring of access to IT facilities or infrastructure

·       Investigating unauthorised access

·       Monitoring violations of security policies

·       Ensuing compliance with relevant legislations

·       Implementing and refining standard security policies, standards and processed. operating procedures

·       Leading Incident response and investigation of breaches.

·       Maintaining security records and documentation

The role will work collaboratively with the wider IT team and Security partners. Their expertise comes into play as they collaborate closely with the IT Technology, IT Enterprise, and IT Operations teams to maintain and verify the effectiveness of existing controls, offering essential assurance to the organization's security posture.

If you want a multi-dimensional 3D career in a leading healthcare organisation, join us.

Requirements

• Defining, implementing and operating a framework of security controls and security management strategies:
• Selecting, adopting and adapting security control frameworks
• Maintaining the security, confidentiality, integrity, availability, accountability of information systems, ensuring they comply with legislation, regulation and relevant standards.
• Designing, justifying and implementing security management strategies
• Review and testing the applicability of the security policies, processes, and controls to ensure their effectiveness within the business and alignment with best practices.
• Participation in the internal and external security audits to ensure that there is the compliance to the required security and associated data protection standards.
• Understand and advise on the current and emerging Cyber Security legal/compliance measures which Norgine need to adhere to, relevant to where the business operates. Identify opportunities for improvement to be aligned with emerging legislation.
• Oversee, and share security Key Performance Indicator (KPI) metric data with the business to ensure transparent communication and alignment with agreed security goals.

·       Incident Manager

o   Perform as the Lead Incident manager working with the wider team in the response to suspected attacks, incidents or breaches, ensuring the risk mitigations and recovery of data/ assets are complete.

o   Leading the thought process behind incident management solutions with internal stakeholders and external partners.

o   Provides direction and input into the security incident response process, including supporting the development of new incident monitoring use cases, reviewing alerts generated by monitoring tools, and leading the coordination of security incidents.

·       Providing advice and guidance on the implementation of security controls and new technology

o   Assist in the management of the security requirements of the supply chain through the technical analysis of systems and applications within Norgine

o   Conduct thorough technical security reviews of both new and existing services, documenting findings, and implementing necessary measures to ensure they meet the requirements as set out by the security team at Norgine.

o   Collaborate with the Security team to engage and lead projects with external partners and internal stakeholders to conduct penetration tests, interpret results, and develop response plans to address identified vulnerabilities.

o   Act as a subject matter expert, providing guidance and support to internal project delivery pipeline, BAU initiatives, and changes to ensure compliance with security policies and architectural principles.

o   Maintain the Cyber Technology  and Cyber Process roadmap, working with the Technology team to research and propose innovative solutions to security challenges that may reduce Norgine’s risk and threat profile.

·       Engage in any other necessary activities that contribute to the organization's cyber security and risk mitigation efforts.

·       Ensure compliance to Norgine policies and procedures at all times.

Education and experience

·       Bachelor’s degree preferred

·       Strong experience in IT security focussed roles

·       Thorough knowledge of ISO 27001, HITRUST CSF (Common Security Framework) and NIST (National Institute of Standards and Technology) CSF

·       Good written and oral communication skills

Technical Skills

·       Has expert knowledge of and can recommend security controls to mitigate specific risks or issues based on best practice control frameworks such as ISO 27001, CIS (Center for Internet Security) or NIST.

·       Has scoped, managed, and coordinated penetration tests or red team engagements.

·       Worked with Security partners to develop cyber security incident use cases, response processes and procedures, and overseen the operational delivery of these incident management processes

·       Managed and/ or provided the lead for security incident investigations.

·       Understands how cyber threat actors operate, the common types of attacks facing organisations and the key technical countermeasures to mitigate them. Practical hands-on experience in either offensive or defensive technical security is a distinct advantage.

·       Can undertake and produce a documented business impact analysis and risk assessment.

·       Has experience of creating and presenting Cyber Security information via regular cadence of reporting suitable for a wide variety of stakeholders, including executive level non-technical leaders.

  Team Skills

·       Demonstrates passion for information / cyber security.

·       Is proactive at continually improving his / her sphere of influence.

• When presented with an objective can research, plan, organise and deliver to deadlines
• Approaches problems in a structured and methodical way

·       Attention to detail and strong focus on accuracy of information

·       Can work autonomously and collaboratively as required, with excellent time-management

·       Excellent interpersonal skills in areas such as teamwork, facilitation, influencing and negotiation

·       Excellent communication skills and proven ability to translate business needs into clear and comprehensive architecture requirements

·       Ability to communicate complex subjects at different levels (e.g. to traders, IT developers, senior managers)

·       Hands-on approach, flexible and positive attitude

Benefits

Our benefits may vary per location. Please liaise with the Norgine TA representative to obtain more information.

Sound good? Find out more about the career you’ll have with Norgine, then apply here.

#LI-PP1