Information Security Manager

Competitive Salary & Company Benefits | Ideally located close to Hampshire or Leicestershire. Monday to Friday, 9.00am - 5.00pm (potential for flexibility on start/end times based on 7.5hrs/day).

Are you looking to work for a rapidly growing UK Pharmaceutical company, who are passionate about improving patients’ lives across the world? Aspire Pharma is an asset-light pharmaceutical manufacturer. It licenses and develops niche pharmaceutical products that offer innovative formulations, value for money for payors, and reliable supply arrangements in markets which are often underserved. The business has a highly diversified portfolio of more than 250 products across a number of categories, including branded specialty products and unbranded niche generics in therapeutic areas such as urology, ophthalmology, CNS and dermatology.

The Role

We are currently looking to recruit an Information Security Manager for our Technology team. This role is responsible for the integrity of the internal control environment relating to Data & Technology operations, and the successful execution of the IT General Controls that underpin our regulatory obligations. It covers the cyber and information security and privacy-related policies, standards, procedures, technologies and associated processes that are designed to provide reasonable assurance that business objectives will be achieved and undesired events will be prevented, detected and corrected.

What will you be doing?

• Develop and maintain policies and procedures for risk and information security management, aligned with industry best-practice frameworks.
• Ensure implementation, operation and evidencing of all IT controls in place to manage risk, including standard IT General Controls (ITGC).
• Conduct risk assessments and develop risk management plans.
• Integrate risk planning into the system acquisition and change processes.
• Develop and maintain disaster recovery plans and business continuity plans for Data & Technology operations.
• Develop and maintain security awareness training programs.
• Manage security incidents and events, ensuring alignment to the QMS where applicable, and that all departmental processes remain effective (e.g., configuration management).
• Ensure security is built into change and development of new systems.
• Work with the DPO / GDPR owner to ensure that the technical controls associated with privacy are effective.

The Person Required

• Demonstrable experience implementing and/or maintaining an Information Security Management Systems.
• Experience with a risk and control framework such as COBIT or Secure Controls Framework (SCF).
• Experience with an information security framework such as ISO 27000 Lead Implementor, NIST CSF v1.1 and/or NIST 800-53.
• Experience with information and cyber security in supply chains (outsourced management) and cloud environments.
• Experience working in an information security team, this role would suit somebody looking to take overall responsibility for the topic.

Desirable

• Experience with GAMP v5 pharmaceutical guidelines or comparable regulatory obligations.
• Experience with GDPR.
• Relevant certifications, including ISO 27000 Lead Implementor (or comparable experience), ITIL, CISSP / CISM / CompTIA Security+.
• Training in pharmaceutical regulatory frameworks (GAMP v5).

Why join us?

As well as a fantastic, inclusive company culture, where employees are truly valued and a competitive salary, we also offer an ever-improving benefits scheme to support your physical and mental well-being which include:

• Generous Pension Scheme.
• Life Assurance cover and Employee Assistance Program.
• 25 days’ holiday plus Bank Holidays.
• Learning and Development opportunities.
• Excellent opportunities for progression.
• Fantastic Company events and celebrations throughout the year.