Senior Manager Information Security and Privacy

The Senior Manager Information Security and Privacy is part of the IT and Digital Leadership Team and has end to end accountability for the information security program at Hoya Surgical Optics to ensure that information assets and associated technology, applications, systems, infrastructure, and processes are adequately protected in the technology ecosystem in which we operate. Additionally, s/he is responsible for coordinating data privacy topics with internal and external subject matter experts. 
S/he will be responsible for identifying, evaluating and reporting on regulatory, IT, and cybersecurity risk to information assets, while supporting and advancing business objectives.

Key Responsibilities

• Develop an information security vision and strategy aligned to organizational objectives and implement a strategic and comprehensive information security program
• Collaborate with business units to facilitate information security risk assessment and risk management processes
• Establish and lead the execution of a best practice-driven information security management framework and steering model to assure the proactive assessment and mitigation of any information security risk in ecosystem comprising supply chain partners, vendors, consumers and other 3rd parties
• Establish and execute governance processes to ensure the consistent application of policies and standards across all technology projects, systems, and services, including privacy, risk management, compliance and business continuity management
• Create a framework for roles and responsibilities for information ownership, classification, accountability, and protection of information assets
• Assist with the consolidation and continuous governance of IT assets within the organization and apply security governance measures to these assets to reduce business risk
• Collaborate with the enterprise architecture team to ensure that information security requirements are implicitly included within the reference architecture by design
• Ensure that all information owned, collected or controlled by or on behalf of the company is processed and stored in accordance with applicable laws and other global regulatory requirements, such as data privacy
• Manage and restrict information security incidents and events to protect corporate IT assets, intellectual property, regulated data and the company's reputation
• Develop and oversee effective disaster recovery policies and standards to align with the enterprise business continuity management (BCM) program goals, with focus on our cloud strategy
• Serve as Data Privacy Coordinator and assume accountability for ensuring the application of data privacy regulations as mandated by Legal, Compliance and Data Protection teams
• Act as an advisor to business functions to ensure a strong, efficient, and sustainable global data privacy environment in the organization
• Act as an internal consultant for regulatory reviews regarding data privacy issues and information request responses
• Ensure that the IT systems and procedures comply with all relevant data privacy and protection laws, regulations, and policies

Skills and Competencies

• Deep understanding of international medical device standards and regulations (e.g. HIPAA) relevant to information security and privacy
• Demonstrated exposure to global privacy regulations across USA, European Union and China, with deep insight to GDPR implementation for IT systems
• Proven experience with relevant standards and frameworks – NIST or BSI and ISO standards
• Experience in cloud security, identity and access management in the cloud, and modern security concepts such as zero trust and security by design
• Willingness to roll up the sleeves and dig into operational aspects in course of managing information security
• Proven expertise in influencing decisions in situations where no formal reporting structures exist, but achieving the desirable outcome is vital
• Exceptional soft and interpersonal skills, including teamwork, facilitation, and negotiation in a multi-cultural environment
• Excellent written, verbal, communication and presentation skills with the ability to articulate information security and risk-related ideas and concepts to technical and nontechnical audiences
• Ability to balance the long-term (“big picture”) and short-term implications of individual decisions and organization goals
• Ability to multi-task in a flexible and effective manner
• Knowledge of business models, operating models, financial models, cost-benefit analysis, budgeting and risk management preferred

Training/Certification

• Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials

Experience

• Several years of experience in a combination of risk management, information security and privacy coordinator roles, including recent experience in a security and privacy leadership role, ideally within healthcare/medtech industry
   

Languages

• Business fluent German and English language skills essential