It's an exciting time to be part of IFF! We are looking for our next Director, Information Risk Managment to become part of our Information Security team. This position will support the risk identification, analysis and risk management across the business, assessing the current adequacy of the security strategy, threats, and the impact of risks not re-mediated.
To be successful in this role you must have around 5 years of experience in Information Risk nagement Cyber Security, IT security design, Technology architecture. A Bachelor's degree in Computer Science, Engineering, Information Technology or related field 5+ years of relevant experience in pharmaceuticals, manufacturing, or other regulated industries is also required.
In this role, you will spend your time...
- Act as the subject matter expert on Cyber and Information Security issues
- Conduct security assessments, identify risks and track and report on remediation
- Provide information security insight and expertise in assessing new business opportunities
- Report to senior management on security status and initiatives
- Identify opportunities for process improvements to deliver increasing efficiency within the Risk & Control framework
- Interact with auditors on information security management oversight
- Coordinate with outside vendors on the protection of client information, data transmission protocols and on Cyber/Info Security assessments
- Work closely with developers and infrastructure teams to implement the security policies required to protect the integrity, confidentiality and availability of the information on an end-to-end basis.
- Complete risk assessments of new/existing infrastructure, systems, Industrial Control Systems and other components.
- Conduct risk assessments of 3rd party vendors to evaluate security controls for protecting company specific data.
Information Risk Assessment
- Implement the risk assessment framework which identifies critical information security and privacy impacting business process and/or systems.
- Provide support & risk guidance in the areas of enterprise infrastructure, cloud-based software/infrastructure security, wireless and secure software development.
- Work closely with the application development teams, technology teams and the other members of the Information Security team to identify and remediate security issues
- Identity & oversee remediation of open security issues and validate closure
- Implement the data classification & security program, identify opportunities for business process enhancement and tools to enforce data protection.
- Create security policies as appropriate
- Maintain the global information security and IT risk register, track remediation activities and create status reports
- Strong analytical skills/problem solving/conceptual thinking and ability to work with Technical & Non-Technical business owners
- Broad knowledge of information security principles (e.g. access control, data protection, security architecture, infrastructure/application security design principles, policies) and privacy (i.e. GDPR)
- Working knowledge of information security and control frameworks (ISO27001, NIST, CobIT)
- Effective communication skills and able to build relationships with technical and non-technical
- Infrastructure security experience; including the ability to perform technical vendor risk assessments and knowledge of datacenter & cloud-based infrastructure and application security design.
- Holds one or more security certificates (CISSP, CRISC, CISA, CSA, CEH, CISM)
- Must be able to identify, analyze and address problems to resolve issues whenever possible in way that minimizes negative impact and risk to the organization
- 5+ years of relevant experience in Information Risk Management Cyber Security, IT security design, Technology architecture
- Bachelor's degree in Computer Science, Engineering, Information Technology or related field 5+ years of relevant experience in pharmaceuticals, manufacturing, or other regulated industries
- Experience evaluating security controls, conducting risks assessments and providing guidance for platform
Union Beach, New Jersey, United States