This Job Vacancy has Expired!

Senior Security Manager - Supply Chain Security

Posted on Nov 13, 2021 by The Talent Recruiters B.V.

Not Specified, Netherlands
IT
Immediate Start
Annual Salary
Contract/Project

Introduction

The collaboration with partners and vendors in various business and support domains is of strategic value for Information Technology & Digital (IT&D). The collaboration includes the exchange of critical business information, confidential information, and personal data (such as patient data and employee data) and the outsourcing of business and IT services. Trust and assurance are critical factors in the relationship between IT&D and its partners and vendors and require the assessment of their capabilities with respect to quality, security, compliance and risk management.

The Senior Manager Supply Chain Security is responsible for organizing and driving the activities around supply chain security and audits. This position requires an excellent understanding of the relationship between IT&D and its partners and vendors and the underlying business processes and stakeholders. In the context of an increase in supply chain security risks, guidelines and assessment strategies have to be developed which also include a framework for performing regular security and privacy audits and assessments of assurance reports.

This role requires a mix of business and technical acumen to inspire, influence and communicate to stakeholders. In particular in the definition of a strategy and the scope for security and privacy audits, the collaboration with stakeholders such as the Procurement and Global Compliance & Risk department, and several leaders within IT&D, Legal, and Quality Assurance will play a key role. Creating awareness and educating business and IT stakeholders in the threat landscape of supply chain security is another key element of the role. The Senior Manager Supply Chain Security will act as an important link in the establishment of trusted relationship of IT&D with partners and vendors and has to ensure that IT&D remains in control of critical data in the context of an increasing security threat landscape.

The role will report directly to the Senior Director, Global Head of IT Security & Risk Management.

The key responsibilities for this role will be, but not limited to:

Supply Chain Security

  • Perform regular assessments of the relevant supply chain security risks in alignment with Senior Manager IT Risk Management based on an inventory of vendor landscape and supply chain security and compliance risks for IT&D (by making use of ISF guidelines)
  • Develop supply chain security metrics and requirements
  • Create and generate awareness of a Supply Chain Security SOP in order to safeguard the requirements in a security policy document.
  • Examine and select tools and techniques in order to continuously monitor and report about supplier security risks
  • Cooperate with service/contract owners to manage information security risks throughout the duration of a supplier relationship
  • Update, align and deploy current vendor and supply chain security requirements in alignment with Procurement, Corporate Risk & Compliance, Legal and QA and IT&D stakeholders.

Security Audit

  • Define in alignment with IT and Legal stakeholders a yearly Security Audit agenda that is driven by risk- and regulatory-based decisions.
  • Develop and maintain strong working relationships with leaders in the IT, Legal and Quality Assurance departments and stay ahead of new developments in security and data protection regulations.
  • Define a coherent set of supply chain security principles that includes GxP, Privacy and cyber security compliance and regulatory requirements.
  • Based on the current vendor landscape, define audit priorities and activities for short (one year) and long (three years) term period.
  • Maintain an audit plan, execute audits as defined in the plan and integrate results into the Strategic Security Dashboard.
  • Evaluate the security assurance statements of critical IT and Security vendors

Primary Contacts

  • Reports to the Senior Director, Global Head of IT Security & Risk Management
  • Principal Security Officer - US & DK & NL
  • Senior Manager IT Compliance Management
  • Senior Manager IT Risk Management
  • Members of Legal department, in particular Data Protection Officer
  • IT Business Partners
  • Members of Quality Assurance department
  • Members of Procurement department
  • Members of Corporate Compliance and Risk department
  • Members of ITDLT

Education

Minimum of a Bachelor's degree in computer science, information management, business and IT management, or related work field or equivalent work experience. Master's level degree preferred.

Experience

  • At minimum five years of demonstrable work experience in a role of security manager or officer with tactical responsibilities.
  • Three or more years of work experience in a multinational organization, Pharma/Biotech company preferred.
  • Demonstrated experience in defining and implementation IT security management processes and controls.
  • Demonstrated experience in setting up a supply chain security improvement roadmap and driving the implementation of corresponding actions and processes.
  • Demonstrated experience of influencing key stakeholders across the organization and within complex contexts

Knowledge/Skills

  • Certifications such as CISSP, CISM, CISA or similar are required
  • Excellent knowledge and insight into business and organizational processes; experience in working in a biotech or pharmacological company is a prerequisite.
  • Experience in tracking, measuring and communicating the quality of security processes and controls.
  • Good understanding of current and emerging cyber security regulations and practices, and how other enterprises are employing them.
  • Excellent understanding of vendor management processes and related assurance frameworks (SOC 1, 2, and 3 and type I and type II audits/reports)
  • Good knowledge of Regulatory Compliance Frameworks applicable for a multinational Pharma/Biotech company (eg, GDPR, NIST, GAMP5, FISMA).
  • Good understanding of ISO 20xxx and NIST800-xx standards
  • Excellent skills in being able to communicate effectively with different stakeholders and to deal with the different interests in the organization.
  • Excellent analytical, strategic conceptual thinking, strategic planning and execution skills
  • Strong business acumen, including industry, domain-specific knowledge of Pharma/Biotech companies.
  • Ability to build consensus, making decisions based on many variables, and gain support for major initiatives.
  • Strong sense of culture and ethics, strong internal drive and the will to go the extra mile to achieve important goals.
  • Excellent (English) speaking and writing skills, including the ability to explain regulatory requirements to IT leaders.
  • Strong soft and interpersonal skills, including teamwork, facilitation, and negotiation

Reference: 1397572604

Set up alerts to get notified of new vacancies.