Formed in 2019, through the merger of Sivantos and Widex, WS Audiology combines over 140 years of experience in pioneering the use of technology to help people with hearing loss hear the sounds that make life wonderful. We are active in over 125 markets and employ 11,000 people worldwide. Our broad portfolio of hearing-related products and services generates annual revenues of around EUR 1.7 billion.
Reporting to the Information Security Officer, this position is responsible for building a GRC program for Enterprise IT and Product Cybersecurity to manage security risk while complying with regulatory requirements. This position will be the subject matter expert in both ISO27001 and UL2900.
You will develop and implement the information security GRC program, with experience in coordinating the resolution of outstanding security and IT audit issues, tracking, and managing the company’s security risk, and maintaining it at an acceptable level. This is a highly visible and cross-functional role, with the responsibility to produce GRC related reports and presenting them to the senior management.
You will specifically be expected to:
- Plan, initiate, lead, coordinate, and run information security risk analysis and periodic review of information security controls and processes for Enterprise IT and Product Cybersecurity based on ISO 27001, UL2900-1:2017, and established policies in WS Audiology. Drive corrective solutions towards any identified risks and monitor their implementation.
- Conduct regular information security risk reviews on IT assets and provision of exception/ exposure reporting and remediation plans to the Team Lead of Information Security and the CIO. Perform product cybersecurity risk assessment to assess the security readiness before any product launch. Identify and communicate vulnerability and risk exposure to internal employees and key stakeholders, and senior management when deemed necessary.
- Develop and maintain the Governance, Risk and Compliance roadmap for supporting the automation of risk and compliance processes (Risk Identification, Issue Management, Incident Management, Supplier Management, Threat and Vulnerability Management, etc.)
- Monitors compliance with the organization's security policies, standards, and procedures among System Development Life Cycle (SDLC) or DevOps environment, and drive necessary corrective actions.
- Monitors compliance with the organization's security policies, standards, and procedures among employees, contractors, and other third parties and drive the necessary corrective actions.
- Develops and maintain the Information security policy, standards, and guidelines, and ensure it is aligned with relevant regulations or established policies in WS Audiology (e.g.: GDPR and HIPAA)
- Review and ensure that new technology solutions and processes comply with the WSA’s security policies as well as relevant regulations. Where necessary, perform and document gap analysis against such requirements.
- Participate in the development and maintenance of information security strategy, roadmap, and standards, in alignment with the overall technology strategy and roadmap. Be part of the incident response team and respond to a security incident
You are an experienced professional with a good understanding of security strategies, technologies, and operations. You are familiar with security technologies and overall security threat landscape, and strategy to overcome common challenges in information security implementation and operation
- 6-8 years of experience in security governance, risk assessment, compliance, and audit; operations/administration experience in various security technology (e.g. SIEM, AV, EDR, PAM) will be a plus.
- Experience in performing and leading IT enterprise risk assessment, with a proven track record in planning, coordinating, and executing these assessments based on recognized standards and requirements
- Experience in consulting or vendor environments would be an advantage.
- Broad understanding of security strategy, technology, and operations
- CISM, CRISC, COBIT, CISSP certification or equivalent preferred
- A Bachelor’s Degree in Computer Science, Engineering, or related disciplines