Information Security Architect and Operations Management

Opfikon, Zurich, ch
Company: Vifor Pharma
Category: Computer and Mathematical Occupations
Published on 2021-07-25 16:07:37

About You

Information Security Architect and Operations ManagementVifor Pharma a world leading Nephrology, Iron Deficiency and Cardio-Renal pharmaceutical company are experiencing rapid growth due to pipeline realization and optimization. An exceptional opportunity has arisen within the Information Security group at Vifor Pharma, working with a highly specialized and talented team you will be instrumental in defining information architecture within the business . You will come with a demonstrable track record in information security within a highly regulated environment and have a passion and drive to protect business interests ensuring that business continuity is maintained. This global role in an international Pharmaceutical company will report to the Head of Information Secuirty based in Glattbrugg, Zurich. Primarliy office based with flexibility based on business needs. Responsibilities 
  • Provide technical security consultancy and requirements to projects and internal stakeholders
  • Advise and support the business and IT in implementing IT security requirements and promote desired behavior with regards to security awareness through trainings etc.
  • Ensure the continuous improvement, rationalization and management of existing IT security standards and services
  • Shared responsibility in developing the Group security frameworks, standards and policies for information security
  • Respond to and coordinate security incidents, including forensics, corrective measures or communication activities while proactively considering the prevention of similar incidents from occurring in the future 
  • Regularly report on security incidents as part of the wider security program
  • Contribute to embed security into business/IT/production environments
  • Analyse security problems, identify core issues and recommend appropriate solutions
  • Support the enforcement of the security policies to assure compliance
  • Execute internal and external security assessments and follow-up on findings and mitigation actions
  • Work with our SOC to improve the log acquisition and processing pipeline on corporate and production infrastructure (cloud, network and host based).
  • Build/improve tools for normalizing and automatic analysis of a wide variety of security relevant events and log data.
  • Act as higher-level escalation for complex security systems related issues
  • Advise our business, IT and project managers on security architecture requirements. Review designs and provide pragmatic and implementable security requirements for new projects
  • Key Tasks
  • Define security requirements and review of IT projects and architectures
  • Support in developing and maintaining security requirements for production system
  • Reviews and supports the enhancement of security policies, standards and procedures
  • Assess security risks and identify appropriate mitigation actions
  • Perform internal technical security verifications, assessments, and threat hunting
  • Provide incident response / support to IT teams during security incidents. Investigate suspected security incidents, recommend and coordinate corrective actions
  • Provide on-call services when needed for incidents
  • Collaborate and negotiate effectively with external partners and perform vendor risk assessments
  • Support the continuous security monitoring and protection of IT systems
  • Participate in the development, operations, and improvement of security technologies, related tools and processes
  • Contributes to security reports, dashboards and alerts to create an overall situational awareness of the threats to the Group
  • Assist in the review of applications and/or technology environments acquisition and/or procurement of new applications or technologies
  • Ownership of IT security operation projects to further develop Group security systems (e.g.: security monitoring, data leakage prevention, network security, …)

  • Minimum Requirements
  • Degree from a leading university in Security/IT/Engineering
  • Recognized professional security certification (e.g.: CISM, CISA, CISSP, GIAC) or comparable experience
  • Minimum 5 years of track record within technical IT security
  • Demonstrated experience in IT security architectures design and assessments
  • Knowledge and experience with Information Security Frameworks (e.g.: ISO27001, NIST) and best practices in security engineering: network security, security operations, systems security, policies, and incident response
  • Windows and network security forensics, as required to support and coordinate incident response activities as well as perform an initial triage of incident severity
  • Deep knowledge of IT security in areas such as system security, incident response, forensics, security monitoring management, and application security
  • Proven security architecture experience, preferably leading implementations of security tools in large, complex, environment as well as designing security requirements for business projects
  • Solid knowledge of various operating system architectures
  • Strong communication skills and understanding of business requirements and technology to support business objectives
  • Strong in communicating complex and sensitive topics on both, business and technical staff levels
  • Fluency (verbal and written) in English is a must, additional languages are a plus
  • Ability to work on different projects and activities simultaneously
  • Excellent analytical and problem-solving skills, hands-on working style, reliable, autonomous, proactive, solution oriented mind-set, team player fostering good working atmosphere and showing a strong interest in information security
  • Negotiation and project management skills
  • Preferred Requirements
  • Recognized architecture qualifications (e.g.: SABSA, TOGAF, CISSP-ISSAP, CERT-CCSIH, etc.) is a plus
  • Recognized incident response of forensics qualifications (e.g.: SANS-500, SANS-508, SANS572, etc) is a plus
  • Track record within the pharma industry (preferable) showing understanding of the business, threats and regulatory landscape
  • Knowledge of regulated environments (GxP) is a plus
  • Experience working within a large, complex technical environment (preferable)
  • Experience working in a controlled regulatory or manufacturing environment (preferable)
  • Experience in configuring, installing or designing security supporting technologies preferred
  • Programming and scripting with languages like Python / PowerShell
  • Jobs you might also be interested in