Join us and make your mark at Envision Pharma Group as we continue to grow our business
The Director of Information Security is a new position to bridge the gap between cyber security and information security. We are looking for an experienced, energetic leader with demonstrable experience of managing a global ISMS, the ability to prioritise work, navigate complexities, and deliver solutions whilst managing the security landscape and mitigating risks as appropriate.
A global leader in technology-led, medical affairs, and value communications, we are a full-service medical communications agency that partners with pharmaceutical, life science and biotech companies around the world to bring new healthcare treatments to market, ultimately making the world a healthier place.
An exciting time to join us. We are growing fast – in fact we grew by 25% in the past year and as part of our continued growth, we currently have an opportunity for a Director of Information Security to join our amazing business and be part of a journey!
Reporting directly to the CIO, you will hold overall responsibility for leading the information security function and you will ensure employees, customers, vendors, partners, as well at IT services and systems are well protected. You will be empowered to provide solutions across the areas of information security governance, risk management and compliance. This position is fundamental in implementing information security programmes, frameworks, risk management, controls, and documentation. You will be expected to provide guidance, technical advice, ownership, and support to the business, becoming the go-to person for all information security related matters and ensuring a security first mindset across the Group
You will be able to demonstrate a solid appreciation of the shift left ideology and will have played a significant role in the hardening of operations platforms whilst having the requisite background to be able to provision, monitor and manage cloud infrastructure. You will be confident challenging existing thinking in a positive way whilst building credibility and trust.
How you will make an impact at Envision Pharma Group:
• Managing the Global ISMS and the implementation of the Group Information Security Strategy
• Take the lead on cyber security across the Group to ensure that information assets are adequately protected
• Identify opportunities for security enhancements, maintain a backlog and provide cases for investment where required
• Create a plan of work, prioritised list of activities, projects, and programs
• Assist with responses to B2B customer security questionnaires and RFIs
• Full management of security supplier services (MSSP, pen test, on-prem and cloud) to include some hands-on management of SIEM, vulnerability management, EDR, and AV
• Process owner for all ongoing activities related to the availability, integrity and confidentiality of customer, company, and employee data
• Identify, evaluate, and report on information security risks; create infosec dashboards and maintain the IAR
• Work with the business to implement practices that meet defined infosec policies and standards across the Group
• Act as focal point for all inquiries related to IT and Cyber Risk, Governance and Compliance, vendor, customer, and partner assessments as well as internal audits; Liaise with counterparts in customers and vendors and maintain stakeholder relationships
• External and Internal Audit oversight (GDPR, ISO27001, CIS18, CE+, and SOC2) for infosec
• Manage cyber security incidents and events to protect corporate assets and reputation
• Ensure management awareness of any security implications that would impact the business or customers
• Manage and improve employee cybersecurity awareness and education program, respond to enquiries from staff and provide security advice
• Champion infosec and IT team cybersecurity skills development and training program
• Facilitate information security risk assessment process, including reporting and oversight of remediation efforts to address negative findings
Do you have what we're looking for?
Skills & Expertise
• Extensive experience as an Information Security Officer with the ability to demonstrate security incident management and security risk assessment
• Computer Science or similar University degree or equivalent work experience
• Relevant information security certifications (e.g., CISSP, CISM, CISA, CRISC, CCSP, Azure)
• You will be familiar with Cloud Security (SaaS, PaaS, IaaS, etc.) and be able to assess cloud hosted solutions and web services
• Knowledge of best practice security and control frameworks (e.g., ISO 27001, GDPR, NIST, CE+)
• Experience of application security, SAST, DAST tools (i.e., SonarQube/OWASP Zap)
• Broad knowledge of IT architecture and underpinning technologies (firewall, IPS, IAM etc.)
• Hands-on experience with firewalls and security tools such as SIEM, AV, EDR, vulnerability management, IDS
• Knowledge of technological trends and developments around cyber threat mitigation, information security and risk management
• Leadership and skills development experience of both IT and security teams
• Knowledge of technological trends and developments in cyber threat mitigation, information security and risk management
• Responsible for planning own workload and working with autonomy, typically against a backdrop of changing priorities and/or external events
• Excellent attention to detail
• Strong influencing, facilitation, and collaboration skills
• Ability to communicate and translate InfoSec and risk concepts at a business level
What’s in it for you?
• Excellent career growth and mentorship
• Learning and development opportunities, including our Envisionary Leadership program
• Flexible working arrangements that facilitate a strong work-life balance
• Competitive compensation package with annual performance and salary reviews
• Medical, dental, and vision coverage from your first day
• Share ownership program
• An environment that promotes collaboration where employees have a voice, the space to invent, the chance to excel, and to have fun!
Together, we turn vision into reality. Our people are integral to our success and our values reflect the Envision philosophy.
IN THIS TOGETHER
The rainbow, a worldwide symbol of solidarity amidst COVID-19, signals that we’re all #InThisTogether. This reflects our philosophy at Envision Pharma Group, where our people and values are integral to our success. Our values are the fundamental beliefs that are at the core of our culture. They guide our internal behaviours and approach, as well as our relationships with clients, suppliers, and other external stakeholders.
Interested in joining our ENVISIONary business? If you have the experience highlighted above, we would love to hear from you!
Envision Pharma Group is committed to fostering a diverse and inclusive working environment where we value and develop employees of all backgrounds and experiences. Based on our core values, we firmly believe collaboration among team members generates more incisive and deeper insights that better serve our employees, clients, and community.