IT Security Risk Manager - Supply Chain(3rd parties)

 The hiring manager is based in the US.

The candidate needs to be flexible in working hours as the role involves communication with people in the US, JP, DK & NL.

Position Summary

Collaboration with third parties is of strategic value for our client. This collaboration includes the exchange of confidential information and personal data, and the outsourcing of IT services. Trust and assurance are critical factors in the relationship between IT&D and its partners and suppliers that require the assessment of their capabilities with respect to security, compliance, quality, and risk management. The Supply Chain Risk Manager is responsible for organizing and driving the activities around supply chain security and audits. This role requires a mix of business and technical acumen to influence and communicate with stakeholders across the enterprise. Creating awareness and educating stakeholders of supply chain security and act as an important link in the establishment of trusted relationships between IT&D and its partners and suppliers to ensure that our client remains in control of critical data in the context of an increasing security threat landscape.

Primary Responsibilities

Supply Chain Security

• Create a Supply Chain Security SOP and standards documentation as required to safeguard the requirements in a security policy documents.
• Continuously assess supply chain security risks based on an inventory of vendor landscape and supply chain security and compliance risks for IT&D.
• Develop supply chain security metrics and requirements.
• Examine and select tools and techniques to continuously monitor and report about supplier security risks.
• Support the management of information security risks throughout the duration of a supplier relationship, corresponding communication, and metrics reporting.
• Update, align and deploy current vendor and supply chain security requirements in alignment with Procurement, Corporate Compliance, Legal, Privacy, QA and IT&D.

Audit

• Develop and maintain strong working relationships with leaders in the IT&D, Legal and Quality Assurance departments and stay ahead of new developments in security and data protection regulations.
• Develop and manage the framework and timeline for performing regular audits and the assessment of assurance reports.
• Based on the current vendor landscape, define audit priorities and activities for short (one year) and long (three years) term period.
• Execute audit calendar and integrate results into an integrated dashboard.
• Evaluate the security assurance statements of critical suppliers.

Job Requirements

Education

• Bachelor's Degree in Computer Science, MIS, or related field of study; or any equivalent combination of relevant work experience and training

Experience

• Minimum 5 years of experience in supply chain information security & risk management.
• Experience in a Pharma/Biotech/Healthcare company is preferred but not a must.
• Certified CISA, CRISC, CISM, CISSP or relevant experience.
• Experience working with security and risk management frameworks and regulations (ISO, NIST, GDPR, SOX, HIPAA etc.).
• Experience working with GRC tools (ServiceNow, Galvanize, Archer, WolfPAC etc.)
• Experience in defining and implementing security management processes and controls.
• Experience in setting up a supply chain security improvement roadmap and driving the implementation of corresponding actions and processes.
• Experience in working in multinational organizations and global virtual teams.
• Good understanding of current and emerging cyber security and privacy regulations and practices, and how other enterprises are employing them.

Knowledge/Skills

• Excellent understanding of vendor management processes and related assurance frameworks (SOC 1 and 2 and type I/II audits and auditor reports).
• Good knowledge of Regulatory Compliance Frameworks applicable for a multinational Pharma/Biotech company (eg, FISMA, GDPR, NIST, GxP).
• Strong business acumen, including domain-specific knowledge of Pharma/Biotech.
• Enable proactive identification/resolution of risks by collaborating across multiple teams.
• Fosters strong relationships with IT colleagues and business leaders to enable risk mitigation through effective communication of supply chain risk status to key stakeholders.
• Leads and contributes to outcomes for: Risk assessments, Security improvements and Audit remediations.
• Supports alignment of security operations to policies, standards, and procedures.
• Contributes, maintains, and reports on Key Performance and Risk Indicators (KRI/KPI).
• Excellent communication skills to connect effectively with different stakeholders and to deal with the different interests in the organization.
• Keen sense of self, ethics, and effort, as well as the willingness to go the extra mile to achieve important goals.
• Good understanding of current and emerging cyber security regulations and practices, and how other enterprises are employing them.
• Experience tracking, measuring, and communicating the quality of risk management processes and controls applicable to the IT department.
• Strong soft and interpersonal skills, including teamwork, facilitation, and negotiation.
• Excellent analytical and technical skills.
• Excellent written, verbal, communication, and presentation skills.
• Excellent planning and organizational skills and attention to detail.

Timeline

Hiring period of 12 months for 40hrs over 5 days/week.

APPLY HERECLICK