Regional IT Security Officer

  • Full-time

Company Description

Eurofins Scientific is an international life sciences company, providing a unique range of analytical testing services to clients across multiple industries, to make life and our environment safer, healthier and more sustainable. From the food you eat, to the water you drink, to the medicines you rely on, Eurofins works with the biggest companies in the world to ensure the products they supply are safe, their ingredients are authentic and labelling is accurate. Eurofins believes it is a global leader in food, environmental, pharmaceutical and cosmetics products testing and in agroscience CRO services. It is also one of the global independent market leaders in certain testing and laboratory services for genomics, discovery pharmacology, forensics, CDMO, advanced material sciences and in the support of clinical studies.

In over just 30 years, Eurofins has grown from one laboratory in Nantes, France to over 47,000 staff across a network of more than 900 independent companies in over 50 countries and operating more than 800 laboratories. Eurofins offers a portfolio of over 200,000 analytical methods to evaluate the safety, identity, composition, authenticity, origin, traceability and purity of biological substances and products, as well as providing innovative clinical diagnostic testing services, as one of the leading global emerging players in specialised clinical diagnostics testing.

In 2019, Eurofins generated total revenues of EUR € 4.56 billion, and has been among the best performing stocks in Europe over the past 20 years.

Job Description

OVERALL OBJECTIVES:

The Regional IT Security Officer will be responsible for implementing and monitoring a strategic and comprehensive regional cybersecurity and IT risk management programme. The Regional It Security Officer will provide the leadership necessary to manage any cybersecurity risks to the organisation and will ensure business alignment, effective governance, system and product availability, integrity and confidentiality. Scope includes:

  • Identification, evaluation and reporting on cybersecurity risks, while supporting and advancing business objectives
  • Running the regional information security program
  • Proactively working with business units to implement controls that meet agreed policies and standards for information security

 

SPECIFIC ASSIGNMENTS – KEY ACCOUNTABILITIES:

Regional Information Security Function

  • Lead the IT security function across the Region (“Agroscience, Pharma, Genomics, Technology, CPT Europe”) to ensure consistent and high-quality IT security management in support of business goals (by engaging with the RBL/Zone Business Leaders to understand business needs), and in line with the Group Security Standards

  • Collaborate with the Group IT Security team to define/review/apply standards within the region, and drive regional action plans

  • Cooperate with the Zone IT managers to ensure that security is embedded in the project delivery process by implementing the appropriate IT security policies, practices and guidelines

  • Ensure consistency, foster collaboration, promote synergies and share good practices/methodologies across Zones

  • Consult with Zone IT Infra/Solutions managers to ensure that security controls are factored into the evaluation, selection, installation and configuration of hardware, applications and software, process and procedures, etc.

  • Ensure that all information owned, collected or controlled by or on behalf of the Region/Group is processed and stored in accordance with applicable laws and other global regulatory requirements, such as data privacy

  • Perform information security risk assessments including the reporting and oversight of treatment efforts to address negative findings

  • Execute internal and external risk assessments, and analyse the results to produce recommendations for acceptable risk and risk mitigation strategies

  • Collaborate with the Group IT Risk and Audit team

  • Manage the Regional IT Security budget in collaboration with the regional Business sponsor and with Group IT Security

  • Ensure IT Services are run in compliance with regulation, and assist with the response to regulatory audits

IT Infra Transformation Program

  • Work closely with the Group IT teams and the Zone IT Managers to execute the Transformation program to regionalise and re-engineer legacy Group IT Services for ELEs in your Region, slated to be finished by end of 2021

  • Ensure Group IT (Infra and Security) standards are implemented and adhered to

  • Work with Group C&S Team and contribute to the definition of Group Competence & Standards

IT Security Operations (post Transformation)

  • Once the IT responsibilities have transitioned to the Zone & Regional IT Infra teams, facilitate and monitor

    • Day-to-day delivery of IT Security Operations (split responsibility between Zone and Group SOC)IT Security projects and changes (within budget/time/scope/quality), to continuously improve IT Security posture, operations and services, adapt them to changing business needs and standards, and to ensure that changes are deployed with no or minimal disruption to business operations

  • Periodically Audit IT Infra & Security postures (in cooperation with Group IT 3rd line of defence team)
  • Advise on IT integration projects for new and acquired labs (to support the growth of respective RBLs), and provide IT Security due diligence support for potential acquisitions if requested

Qualifications

Education

Initial Background

  • Master’s degree from an accredited institution, preferably in Computer Science or IT systems security or related field.

Additional / Certifications

  • Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) certification preferred

  • ITIL Certification, GxP training, Privacy, EU General Data Protection Regulations (GDPR) and/or other IT Security training

Experience

  • A leader with a track record of competency in the field of IT security with 7 to 10 years of relevant experience, including 5 years in a significant leadership role

  • 5 years of IT Service Management (practices/framework) experience, with proven ability to install/enhance IT processes to drive efficiency, quality, and cost-effective solutions

  • 5 years of relevant experience in IT Service Delivery field, ideally in the regulated GxP/HIPAA environment

  • Experience with public Cloud technologies, including Azure and AWS

  • Experience working with cross-functional IT teams and working with near-shore/offshore service partners (internal or external)

Management / Personal

  • Strong emotional Intelligence with demonstrated sustained leadership in a large organisation involving multiple stakeholders.

  • Demonstrated management skills, e.g., budget development and administration, policy development and implementation, personnel administration, staff training and development

  • Experience developing and maintaining policies, procedures, standards and guidelines

  • Strong financial acumen and ability to develop budgets, controlling and reporting

  • Action-oriented problem solver, able to oversee the big picture and dive into the details when needed (can switch between overview and details)

  • Fluent spoken and written English

Technical

  • Knowledge of Information Technology Infrastructure Library (ITIL) (certification preferred) with respect to security administration and IT governance in a multiplatform environment

  • Experience with on-premise, hybrid and cloud data centre and application hosting strategies

  • Experience in establishing cybersecurity and risk metrics for reporting

  • Able to oversee a variety of cybersecurity and risk management activities related to IT to ensure the achievement of business outcomes where the business process is dependent on technology

  • Ability to work with the Infrastructure team to implement required changes and upgrades

  • Knowledge of both internal and external business environments and ensure that information systems are maintained in a fully functional and secure mode and are compliant with legal, regulatory and contractual obligations

  • A strong understanding of the business impact of security tools, security operations centre, technologies and policies

  • Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks, the U.S. Sarbanes-Oxley Act, the U.S. Health Insurance Portability and Accountability Act (HIPAA), the European Union Privacy Directives, and the Japanese Financial Instruments and Exchange Law ("J-SOX")

  • Experience working in strong governance-driven industries and experience of ISO 27000

Additional Information

APPLICATION

As the role and Eurofins IT Talent Acquisition team are international, please ensure to send your application in English.

POSSIBLE LOCATIONS FOR THE ROLE

  • Barcelona, Spain

  • Ghent, Flanders, Belgium

  • Leiden, Netherlands

  • Milano, Italy

Privacy Policy