Description
NextLink are currently working with a leading pharmaceutical organisation who are seeking an Information Security Analyst for their Barcelona offices on a permanent basis.
The Role
- Develop, implement, and enforce policies and procedures of the organization's security and privacy program in accordance with applicable laws and regulations.
- Provide in depth knowledge of data protection, information security practice and helps to define requirements and give guidance to internal and external stakeholders regarding security topics.
- Lead the implementation, operation, and maintenance of the Information Security Management System
- Conduct an information security risk management process, coordinates, and follows up of security and privacy preventive and corrective actions, requirements implementation for digital solutions and platforms.
- Analyse and design security solutions for applications and infrastructure and provide expertise and consulting to internal customers and partners, assisting them in troubleshooting and resolving information security issues.
- Conduct internal audits to assess existing systems, platforms and solutions are following company security baselines and are complaint
Required Experience
- 5+ years of experience in Information Security Management, Compliance or Risk Management role in IT or Digital context.
- 7+ years of professional experience in international security teams, preferably in regulated environments of the diagnostics and/or pharmaceutical industry or card payment industry.
- Direct experience in a large-scale cloud-based services security challenges involved in cloud applications and services.
- Knowledge of ISO27001 policies and process, experience in ISMS maintenance, documenting procedures, auditing and tracking remediation actions
- Knowledge of common and industry standard cloud-native/cloud-friendly authentication mechanisms key management, certificate management.
- Knowledge of AWS Cloud Architecture and AWS Security foundations.
- Knowledge of multiple security technologies, best practices and standards in privacy and healthcare industry or equivalent,
- Security certifications are desirable: ISO 27001 Lead Auditor, ISO27001 Lead Implementer, CISA, CISSP, CISM, CRISC, CCSP (or equivalent)
- Ability to travel internationally as required up to 20% of the time.