Information Security Manager

Position Overview:

180 medical/HSG IT is looking for an experienced Information Security Manager who works independently, ensures information is protected (confidentiality, integrity, and availability) and applies practical knowledge of job obtained through education and work experience.

This role will:

• Define Information Security Risks
• Develop infosec policies, standards, and control frameworks to mitigate these risks.
• Deploy and manage information security controls.
• Investigate and enforce information security policies.
• Assist with obtaining and maintaining security certifications.

Key Responsibilities:

• Manage information security management system (ISMS).
• Identify and document information assets containing sensitive data and ensure access reviews of critical systems.
• Identify information security risks.
• Protect classified information.
• Assurance over partners (IT outsourcers and SAAS)
• Maintain retention policy and register.
• Identify, report and governance over information security risks.
• Manage DLP policy and respond to alerts.
• Monitor intended leavers for potentially risky behaviors.
• Monitor and investigate data leakage incidents.
• Implement and manage eDiscovery and Litigation Hold
• Fulfil eDiscovery and litigation hold requests and annual reviews.
• Manage information security awareness plan, deliver, and maintain information security awareness training.
• Automate collection and insertion into consolidated centralize evidence hub(Diligent as example)
• Ensure near misses and policy breaches are followed upon as necessary (with training)
• Conduct Phishing Campaigns.
• Provide security awareness and compliance metrics demonstrating effectiveness of awareness plan.
• Identify infosec risks across projects and business processes.
• Information protection across key systems.
• Provide requirements for projects to mitigate information security risks.
• Perform initial vendor assessment and ongoing assurance over key vendors and service providers.
• Assist in implementing the Information security strategy across 180 medical/HSG.

Qualifications/Education:

• Knowledge of network infrastructure, including routers, switches, firewalls, moderate Database query abilities and associated network protocols and concepts.
• Strong verbal and written communication skills
• Ability to facilitate cross-functional teams.
• Ability to translate business requirements into control objectives.
• Knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls.
• Ability to work independently with limited supervision.
• Ability to demonstrate that you can influence others (key stakeholders including business) through explanation of facts, policies, and practices.
• Bachelor's degree in computer science, Information Systems, Software Engineering, or equivalent experience
• CISA and/or CISM
• Experience in NIST Cyber Framework
• Minimum 10 years of overall experience in IT
• Minimum of four years’ experience in Information Security
• CISSP is reccomended but not required.

Physical Demands

• Regularly required to sit, stand, walk, and occasionally bend and move about the facility.
• Infrequent light physical effort required.
• Occasional lifting up to 30 lbs.
• Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Working Conditions

• Work performed in an office environment,

Special Factors

• This role can be performed remotely.

Beware of scams online or from individuals claiming to represent Convatec

A formal recruitment process is required for all our opportunities prior to any offer of employment. This will include an interview confirmed by an official Convatec email address.

If you receive a suspicious approach over social media, text message, email or phone call about recruitment at Convatec, do not disclose any personal information or pay any fees whatsoever. If you’re unsure, please contact us at careers@Convatec.com.

Equal opportunities

Convatec provides equal employment opportunities for all current employees and applicants for employment. This policy means that no one will be discriminated against because of race, religion, creed, color, national origin, nationality, citizenship, ancestry, sex, age, marital status, physical or mental disability, affectional or sexual orientation, gender identity, military or veteran status, genetic predisposing characteristics or any other basis prohibited by law.

Notice to Agency and Search Firm Representatives

Convatec is not accepting unsolicited resumes from agencies and/or search firms for this job posting. Resumes submitted to any Convatec employee by a third party agency and/or search firm without a valid written and signed search agreement, will become the sole property of Convatec. No fee will be paid if a candidate is hired for this position as a result of an unsolicited agency or search firm referral. Thank you.

Already a Convatec employee?

If you are an active employee at Convatec, please do not apply here. Go to the Career Worklet on your Workday home page and View "Convatec Internal Career Site - Find Jobs". Thank you!