Senior Manager, Information Security Risk, Global Information Security

Company Description

As a global specialized company dedicated to ophthalmology, Santen carries out research, development, marketing, and sales of pharmaceuticals, over-the-counter products, and medical devices that benefit patients in over 60 countries. Santen’s long-term vision is to become a social innovator in ophthalmology and address social and economic issues related to eye health by strategically exploring advancing technologies and collaborating with key leaders around the world. Underpinned by its people-centric values, Santen aims to ultimately deliver happiness with vision – a life with the best vision experience for every individual around the world. With scientific knowledge and organizational capabilities nurtured over 130 years, Santen provides products and services to contribute to the well-being of patients, their loved ones and consequently to society.

Santen is in an exciting phase of growth with a market leading portfolio of products in glaucoma and dry eye treatment – areas in which our portfolio serves every stage and type of disease. We are also growing our range in eye infections, allergies, and devices for vision correction and glaucoma surgery.

This is an exciting time for us and we want exceptional people to be a part of it. More than just a part of it – we want your talent to drive our growth and grow with us. Because it’s our people that make our vision a reality; it’s their passion, creativity and expertise that makes a difference to patients’ lives, every day.

If you’re motivated by new opportunities, if you’re ready for new challenges, and if you believe in doing business responsibly and staying true to your values, you may be the perfect candidate for a role at Santen.

https://www.santen.eu/careers

Job Description

Under the direct supervision and guidance of the Head of Global Information Security, the job holder is part of the Global Information Security Function, responsible for executing information security risk management strategy, global standards, guiding a globally distributed teams of technical and non-technical members, managing security risk projects and initiatives, promoting risk culture in order to minimize business risks related to information security as well as maximize the benefit of information systems for Santen’s global businesses.

Number of direct subordinates

No direct subordinates as of the recruitment however there will be number of Digital & IT members and external consultants whose activities need to be coordinated by this role within the framework of security risk projects or processes.

Qualifications

Key Responsibilities & Accountabilities

Information Security Risk Assessments

a) Third Party Assessments

• Perform information security risk assessments of all new global solutions and third parties before the onboarding, identify potential gaps and make sound recommendations for mitigating the risks on a global scale.
• Provides support in managing key strategic third-party vendor and business partner relationships of the function throughout their life cycle thereby ensuring Santen maintains an effective Third-Party Risk Management Program in compliance with its risk appetite.

b) Top-down and Bottom-up

• Execute Risk Management processes, including decision making around risk appetite, risk mitigation, risk narratives and associates metrics (KRIs) and reporting.
• Assist maturing of the various risk framework elements such as processes and procedures
• Perform quarterly risk assessments with the required Process Owners, identify high priority cybersecurity risks, and lead annual risk assessments with critical business functions (Product Supply, R&D etc.), identify high priority information security risks (both for IT and OT), that require special attention from business perspectives and lead the execution and delivery of roadmaps to address the needs.
• Ensure there are continuous PDCA (Plan, Do, Check and Action) cycles to improve maturity level in relations with KRIs/KPIs in place.
• Apply internationally recognized frameworks such as ISO31000, ISO27001, NIST principles to the activities to leverage best established practices and have a standard approach.

Business Continuity Management

• Improve Disaster Recovery Management Roadmap, Framework and Plan
• Provide the technical support for the selected Business Continuity Plans based on BIAs
• Proactively advice Digital & IT Division about disaster recovery topics, and other critical business owners about business continuity and IT related risks
• Provide guidance and support to various (control) functions in designing and implementing appropriate controls to strengthen the business continuity control environment, support the business in achieving objectives
• Analyze operational incidents and perform risk analyses related to business continuity
• To be able to cope with ever evolving cyber threats, implement recommendations for improvement related to gameplay and keep evaluating our organization’s cyber incident response plan with periodical exercises

Project Initiation and Execution

• Lead projects to implement frameworks by developing business cases or conducting opportunity studies when needed.
• Understand projects and services specificities in a global environment.

Stakeholder Relationship and Vendor Management

• Maintain good working relationships with internal stakeholders globally, especially with Digital & IT management.
• Support his/her Digital & IT peers in charge of infrastructure, service operations and business applications to provide the right information security advices or solutions allowing them to provide the contributions to business domains.
• Manage the suppliers by defining clear guidelines and objectives, relying on KPIs in coordination with the governance in place. Challenge organization and governance in place to verify the company is obtaining best value and that vendors are meeting our information security needs and requirements.

Education

Essential

• Bachelor's degree in Business, Computer Sciences, Engineering, or related field
• Relevant Cyber security certifications (CRISC, CISM, CISA, CISSP, etc.)

Experience

Essential

• Minimum of 7 years experiences in Information Systems, including minimum of 4 years experiences in the fields of Security Risk Management, Business Continuity and Compliance.
• Experience with program implementations such as ISO, NIST CSF, COBIT, GDPR, and other related compliance frameworks
• Successful experiences of project management
• International experience of working with teams spread across different countries and global stakeholders
• Excellent track records of delivering results

Additional Information

Functional Competencies

Essential

• Broad knowledge and perspectives on information systems, including business systems and services
• Expert understanding of cybersecurity concepts, principles and practices
• Demonstrable experience with the practical application of IT Risk Frameworks
• Practical project management skills applied to information systems and services
• Documentation and presentation skills that are convincing for management
• Fully comfortable working in English, both written and spoken

Santen Leadership Competencies

Essential

Generic style

• Independent & autonomous, while still a strong teammate
• Strong sense of integrity
• Enthusiastic and self-starting

Achieving Valuable Business Results

• Stays focus on business value
• Sets clear, challenging goals, then measures the result
• Deals with performance issues of the projects/implementations in a timely manner
• Look for new solutions, new technologies, using innovative approach

Thinking and Decision Making

• Takes a systematic and methodical approach to work
• Looks beyond the first or obvious answer
• Makes most effective questions before problems resolution plans are made
• Makes clear and timely decisions, forward-thinking

Influencing

• Good communicator, quick problem solver and confident in decision making
• Effectively chooses between different influencing approaches that are appropriate to the situation
• Uses a mixture of data, logical arguments and organizational knowledge to achieve the desired results
• Negotiates skillfully in tough situations gaining consensus without damaging relationships

Santen SA, the Netherlands Branch has an exclusive arrangement for recruitment services. External recruiting agencies are kindly requested not to contact us regarding the positions listed here.

If you require any kind of accommodation during our recruitment process, please let the recruiter from our team know.