The Deputy CISO/Senior Director role presents an opportunity to ensure the secure operation of global information technology and processes through identifying potential gaps and enforcing compliance with external and internal requirements.
This position will see you working closely with both the CISO and the CIO and their direct reports. You will also find yourself working with other Information Security managers, and liaising regularly with senior management across the business.
- Provide support to regularly scheduled audits on internal IT systems and supporting third-party or customer audits as required in order to maintain certifications, attestations and other Information Security compliance-related status.
- Ensure provision of Information Security support for annual compliance audits, attestations and certification programs as applicable to IT infrastructure and systems, including: Service Organization Controls (SOC1 and SOC2 Type II), Sarbanes-Oxley (SOx), HIPAA, GDPR, GxP, ISO 27001 and other applicable regional frameworks
- Direct the Corrective and Preventive Actions (CAPA) coordination process to ensure both regulatory issues and compliance-related information security issues identified from a number of sources are resolved and closed in a timely manner delivering a sustainable solution
- Engage with and direct activities of third-party specialist service providers where necessary to support Information Security Compliance related activities, including carrying out of special reviews, analyses or assessments
Required Experience And Qualifications
- Minimum of 12 years of professional experience in Information Security Compliance, Risk Management, IT Controls or other related areas, including minimum of 4 years in Information Security related roles
- Bachelor's degree in Business Administration, Computer Sciences or related areas is mandatory
- A CISSP, CISM or equivalent professional certificate is mandatory
- An ITIL, project management, or other related certificates are preferred
- Working knowledge of IT governance frameworks and standards such as CobiT, ITIL, ISO27001
- Working knowledge of regulatory and legal requirements frameworks related to information security for healthcare data, such as HIPAA, GDPR and/or equivalent regional frameworks
- SOX controls implementation, maintenance or operation experience is preferred
- Experience in information technology related positions with working knowledge of IT infrastructure, networks, databases, processing systems, web applications, and mobile technology is preferred