Galderma, the world's largest independent global dermatology company, was created in 1981 and is now present in over 100 countries with an extensive product portfolio to treat a range of dermatological conditions. The company partners with health care practitioners around the world to meet the skin health needs of people throughout their lifetime. Galderma is a leader in research and development of scientifically-defined and medically-proven solutions for the skin. For more information, please visit www.galderma.com
To strengthen our Global IT Team, we are currently looking for:
Director Information Security & IT Risks
Your mission:
• Raise the information security across the Galderma organization• Sustain and increase the overall information security compliance with internal and external (regulatory) requirements• Facilitate the transition out of the Nestlé IT infrastructure from the Information Security perspective• Manage and maintain proactively the confidentiality, integrity and availability of our information assets and systems• Identify, assess and monitor IT risks; propose mitigation plans and coordinate their executions• Single point of contact for all audits, excluding those related to GxP
Your main tasks:
Raising Information Security maturity• Define Galderma’s Information Security policies and standards• Formalize corresponding procedures and drive their implementation • Regularly evaluate systems vulnerability and propose corrective and preventive technical solutions• Reviews all system-related security plans • Drive security awareness and training of employees• Perform information security risk assessments and serve as an internal auditor for security issues • Oversee the deployment, integration and initial configuration of all new security solutions and of any enhancements to existing security solutions • Monitor compliance with information security policies and procedure; perform periodic reviews where appropriate• Respond to security incidents, investigate breaches and recommend appropriate control improvements• Advise the organization with current information about information security technologies and related regulatory issues• Monitor the internal control systems to ensure that appropriate access levels are maintained
IT Risk Management• Liaise with other functions in Galderma in charge of Risk Management: Risk and Security, Internal Control, Internal Audit• Identify, assess and monitor IT risks for Galderma• Propose mitigation plans when relevant and coordinate their execution
Audit Follow-up• Point of contact for all external and internal auditors in the IS/IT scope (excluding audit related to pharmaceutical regulations, GxP, …)• Coordinate all Global IT activities regarding audit preparation, execution, conclusion and follow-up• This includes coordination for: audit scope agreement, audit organization, propose solutions to audit findings and plan the execution of the remediation actions
Your profile:
• Master degree in Computer Science or equivalent• Minimum 10 years of professional experience in IT with a strong experience in Information Security processes and tools• Experience in the pharma / Medical device industry would be a plus• Strong experience in Enterprise Information Security best practices processes and tools (risk management, architecture, networking, internet, enterprise software, firewalls, identity management, content filters, etc.)• Understanding of an IS organization well known standards (ISO 27001, COBIT, ITIL, GxP, etc.)• Knowledge of business processes regarding security requirements• Experience in designing and delivering employee security awareness training• Experience in developing Business Continuity Plans and Disaster Recovery Plans• Ability to conduct research into IT security issues and products as required• Ability to work in a matrixed, geographically dispersed organization • Proven analytical and problem-solving abilities• Ability to effectively prioritize and execute tasks in a high-pressure environment• Ability to present ideas in business-friendly and user-friendly language• Strong attention to detail – but without losing sight of the big picture• Strong relationship management, ability to negotiate the buy-in and the collaboration from both business and IT key stakeholders• Self-reliant/self-motivated with high degree of accountability and excellent operating skills in a dynamic team environment
