Chief Information Security Officer (All Genders)
Darmstadt, Germany | EMD Serono
Industry:Pharmaceutical / Biotech
Functions:IT / Information Technology
Job Description:54 people have viewed this job
A career at our company is an ongoing journey of discovery: our 58,000 people are shaping how the world lives, works and plays through next generation advancements in Healthcare, Life Science and Electronics. For more than 350 years and across the world we have passionately pursued our curiosity to find novel and vibrant ways of enhancing the lives of others.
As Chief Information Security Officer, you will report directly to the group’s Chief Security Officer and lead the Merck Information Security Office, an emerging organization of about 60 FTE. You set the future vision for a comprehensive digital and non-digital information security strategy. You are responsible for shaping and managing the global information security landscape and process . You serve as a strategic advisor on security, compliance, and risks in all company data, IT, and OT activities and projects. You define the group-wide policies in line with industry best practices, applicable laws and regulations. Internally and towards third parties, you proactively conduct, follow-up and report to senior management and executive board members on risk and threat analyses ensuring protection of the company and compliance with information security policies. You interact with, coordinate and drive information security related topics and projects with cross-functional interface partners. You engage with business stakeholders to identify acceptable levels of risk and to raise awareness of risk management concerns. With your team you provide central security services to all sectors, support business projects in following the security processes and achieving their security objectives, drive the information security risk management processes, measure and report on information security, detect and manage vulnerabilities and incidents, and provide security awareness and trainings.
- You are the trusted advisor and in-depth investigator on all security related topics and act as trusted interface with the whole security ecosystem of Merck
- You manage the corporate-wide information security management program and serve as the process owner of all central security activities related to the availability, integrity, and confidentiality of information assets and define the company's information security policies
- You set priorities for the global information security program which are mission-critical for Merck
- You regularly report on the status of the information security program to the group CSO, CIO, sector management, and executive board
- You interact with cross-functional stakeholders to ensure the consistent application of policies and standards across all relevant projects, systems, and services
- You develop, implement, and monitor a strategic and comprehensive information security risk management program, in line with the corporate risk management framework
- You design prevention programs for threats and exposures
- You provide leadership to the information security organization and guide it to ensure consistent, high-quality information security management supporting business goals
- You influence relevant stakeholders in a matrix organization to significantly drive information security topics and raise awarenessof risk management concerns
- You contribute to current knowledge and create a future vision for structure, people, processes and technology to ensure data and system security
- You engage and represent the Merck central information security function in external committees and networks, towards government and law enforcement authorities
Who you are:
- Master’s degree in Computer Science, Engineering or equivalent, PhD is a plus
- 10+ years of experience in IT, OT, risk management, information security, and compliance in a global environment
- 5+ years Team leadership experience in a multinational environment
- Information security certifications in CISSP, CISM, relevant ISO certification, Sarbanes-Oxley, Data Privacy laws, or PCI is a must
- Black Belt in Lean and Six Sigma is a plus
- Broad knowledge of industry cybersecurity standards and trends, and global frameworks, such as ISO/IEC 27001, NIST, CoBiT, IEC 62443, etc.
- Experience in incident response, data, application, and infrastructure vulnerability management
- Interest and knowledge in emerging technology, changes, and innovations in information security
- Excellent verbal and written communication skills in English (German is a plus)
What we offer: With us, there are always opportunities to break new ground. We empower you to fulfil your ambitions, and our diverse businesses offer various career moves to seek new horizons. We trust you with responsibility early on and support you to draw your own career map that is responsive to your aspirations and priorities in life. Join us and bring your curiosity to life!
Already a member? Sign In