Information Security Officer

Description

Medison offers hope to patients suffering from rare and severe diseases by forming partnerships with emerging biotech companies to accelerate access to highly innovative therapies in international markets.

As the creator and leader of the global partnership category in the pharma industry, we strive to be Always Ahead and work relentlessly to bring therapy to patients in need, no matter where they live.

The Information Security Officer (ISO) at Medison Pharma will be responsible for developing, updating, and maintaining the organizational information security management framework, including policies, procedures, and work plans. The ISO will provide consulting services on relevant solutions and products and lead the improvement and development of the information security field.

Additionally, the ISO will manage projects related to the examination and implementation of new information security products and characterize information security solutions for related projects. The ISO will also advise on compliance with privacy and cyber protection laws and regulations, conduct information security and privacy protection surveys, and oversee ISO 27001 compliance, focusing on all aspects of cybersecurity within Application Security (AppSec), Infrastructure Security (DevSec), Governance, Risk, and Compliance (GRC), Security Information and Event Management (SIEM)/Security Operations Center (SOC), incident response, and IT security.

Responsibilities

• Develop, update, and maintain a cybersecurity strategy.
• Manage a risk-based cybersecurity program to secure corporate IP, technology, information, computer systems, networks, and data.
• Provide guidance on proposed cybersecurity best practices to different business functions.
• Develop comprehensive cybersecurity guidance, processes, and procedures based on industry standards.
• Stay informed on trends and issues in the security industry, including current and emerging technologies and regulatory and compliance issues.
• Advise, counsel, and educate executive and management teams on the importance of cybersecurity.
• The position reports to Medison's CISO

Requirements

• 5+ years of experience as an ISO, with a focus on reviewing and recommending security business solutions (GRC).
• Experience in a large global company.
• Certifications in one or more of the following areas: CISO, CISM, GISO, IAM, CISSP.
• Demonstrated knowledge of recognized security industry standards and leading practices (e.g., SOX, ISO 27001/2/3, ISO 27018, GDPR, PCI, OWASP, NIST, DISA, CIS, etc.).
• Broad knowledge of cybersecurity technologies, solutions, and tools (e.g., encryption technologies, SIEM, DLP, etc.).
• Strong knowledge of cloud technologies, platforms, and services.
• Broad knowledge of operational and security processes/controls (e.g., vulnerability management, patch management, configuration management, access management, etc.).
• Previous experience as a system administrator and/or security administrator is an advantage.

Additional qualifications:

• Ability to learn, understand, and apply new technologies.
• Strong analytical and problem-solving abilities.
• Excellent written and verbal communication skills.
• Fluent in English, both written and verbal.
• Exceptionally self-motivated, directed, and detail-oriented with a strong sense of ownership.
• Ability to work independently in a highly complex and dynamic environment.