About the company
D-ploy is an IT and Engineering Solutions company with operations throughout the EMEA region including Switzerland, Germany, Czech Republic, Austria, UK, as well as the USA. We pride ourselves on delivering innovative and superior services and solutions to numerous industry-leading clients. By building relationships and trusted partnerships within the IT community, we optimize our customerās IT productivity and contribute to the organizationās success and value. We are interested in talking to engaging, flexible, and solution-oriented individuals who are looking to become a part of a dynamically growing and international organization. We are focused on creating value where IT counts, join us!
Job Summary
Tasks and Responsibilities
šProvide governance/risk advice and ensure IT project risks are managed in line with ISRM strategy, the policy framework, laws and regulations and outstanding industry standards. šEnsure monitoring of information risk and proactive mitigation of issues. š Maintain strong knowledge of internal controls and internal risk and control frameworks/standards or the Information Management Policy Framework š Ensure information assets (including Crown Jewels) are adequately and appropriately secured by working with security SMEs in deploying appropriate security measures; and identified vulnerabilities are analyzed, prioritized, and treated for in-scope applications in operations š Manage communication and collaboration with the Service Delivery Teams, advise them on information security, IT compliance and / or information risk management matters. š Strengthen role, accountability, and responsibility of ISRM is known and understood. Vice versa, establish clear accountability of the āfirst layer of defenceā with IT and business, such that security and IT compliance accountability is not abdicated to ISRM (which should have a ā2nd layer of defenceā role) šContinuously support risk-based treatment of threats, gaps, vulnerabilities, and risks in the Service Delivery area. Support dashboards, reports and KPI reporting and improvements. Guide teams and support them in understanding the risk exposure and technical safeguards. šIdentify points of improvement or gaps in the service delivery of the central ISRM teams and work together with them to resolve them. Review ongoing improvements and the feasibility of enhancements to global processes for ISRM. šhanges on information security considering Cyber Security and Data Privacy Acts, Laws, and Regulations
Requirements
š5+ years of professional experience in a similar role, 10+ years of working experience in IT in general š Good knowledge with GxP regulated business processes in the pharmaceutical industry, preferably QC&QA, Supply Chain and/or Manufacturing & Engineering. š Knowledge of SOX Audit and SOX controls execution. Experience in managing SOX compliance audits working with both internal/external auditors and application managers šExperience with supporting projects about Information Security and Risk Management topics for high complexity multi-site, regional, global project portfolio / scope. Experience in an international matrix organization šStrong knowledge in IMF Framework and ISRM Tools. Understand and be able to efficiently support Waterfall SDLC and Agile ways of working. Understand and effectively support project delivery. šExperience with IT security and implementing policies in manufacturing setup š Welcome is also any information security, risk or audit certification, such as CISSP, CISM, CIA, CISA, CRISC or ISO 27001 auditor / practitioner
