Director, Information Security Risk Management
São Paulo, Brazil
Applications have closed
IQVIA
Solutions to help life sciences organizations drive healthcare forward and get the right treatments to patients, faster.Job Overview
The successful candidate will play an integral role in developing the information security Risk Management framework for IQVIA and will manage risks identified through a variety of IT and operational audits. You will be responsible for managing the development of team members and will engage with senior business stakeholders to create targeted risk assurance programs based on identified, assessed and emerging risks. You will have strong understanding of Risk and Controls, and you will have extensive line management experience, managing the workload and development of team members. As the Director for Information Security Risk Management, you’ll be responsible for (but not limited to) the following:
- Leading risk-related projects
- Maintaining ongoing testing and development of Information Security Risk Management framework, liaising with senior stakeholders and providing regular updates to stakeholders.
- Producing risk reports when required
- Working closely with other senior leaders within the team regarding training and guidance to support the business.
- Working with Business Units and stakeholders to ensure adequate, cost effective and timely protection/risk transfer for business activities.
- Creating a Supplier Risk Management Framework
Key Responsibilities:
- Own the development and integration of the Information Security Risk Management Framework, Risk Appetite Statements, and Risk Policies and Procedures across the organization.
- Work closely with business and senior management to identify and manage risks aligned with the organization’s strategy and risk appetite.
- Provides strategic and tactical guidance to business decision-makers.
- Contribute to a strong governance structure and risk management across all business entities.
- Assess the impact of emerging risks and regulations, providing input and support for pragmatic solutions.
- Establish a comprehensive risk reporting system and process.
- Assist to remediate risks identified through established processes and procedures.
- Provides recommendations for remediation based on the reviews and risk assessments performed.
- Assist key business stakeholders in identifying and responding effectively to risk.
- Define key risk and performance indicators (KRIs/KPIs) for evaluating risk management performance.
- Integrate business continuity and crisis management into the organization's risk management strategies.
- Support the configuration of the TPRM & Risk Management solution for consistency with local processes.
- Assist in reviewing third parties, including due diligence reviews.
- Perform review of vendor engagements, understanding the functions of effective third-party risk.
Qualifications:
- Bachelor's Degree Computer Science, a related field, or equivalent experience required.
- 10 years of experience within the information security domain managing Risk frameworks.
- Deep understanding and demonstrated experience of end-to-end risk management lifecycle, including key components and their relationships with internal and external stakeholders.
- Experience in non-financial/operational risk - developing and implementing risk frameworks, policies, and procedures.
- Demonstrated experience leading risk management workshops, obtaining and synthesizing inputs from technical and non-technical stakeholders throughout the enterprise.
- Experience in conducting Third Party reviews is advantageous.
- Experience operating as a part of a GRC program in alignment with common information technology management frameworks such as NIST, ITIL, ISO 27001 etc.
- Security-related qualifications such as CISM or CISSP , CRISC are a plus.
IQVIA is a leading global provider of advanced analytics, technology solutions and clinical research services to the life sciences industry. We believe in pushing the boundaries of human science and data science to make the biggest impact possible – to help our customers create a healthier world. Learn more at https://jobs.iqvia.com
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Analytics Audits CISM CISSP Computer Science CRISC Governance ISO 27001 ITIL KPIs NIST Risk assessment Risk management RMF Strategy
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Cloud Security Architect jobs
- Open Product Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Senior Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Chief Information Security Officer jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open IT Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Manager Pentest H/F jobs
- Open Security Operations Analyst jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Security Consultant jobs
- Open Senior Network Security Engineer jobs
- Open Senior Security Architect jobs
- Open Windows-related jobs
- Open Risk assessment-related jobs
- Open CISM-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open ISO 27001-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open Vulnerability management-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open DoD-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open DevOps-related jobs
- Open Splunk-related jobs
- Open IDS-related jobs
- Open APIs-related jobs
- Open IPS-related jobs
- Open Kubernetes-related jobs