IT Security Manager

At Norgine, our colleagues Dare themselves to be different and try new things, Drive to achieve their goals and beyond, and Develop themselves and their community. We call it the 3D career at Norgine and it offers you a fully-rounded experience with no limits. Bring everything about yourself that you’re proud of, whether that’s your passion for making a difference, focus on others’ well-being, or intellectual curiosity to unleash in a fast-paced environment and supportive community. In return, get a sense of belonging, a long-term career with ongoing development and upskilling, and a company that cares about people’s wellness as much as you do. Because at Norgine, we transform lives with innovative healthcare solutions.

The person holding this position will report to the Director of IT. The IT Security Manager is a key role in delivering management, technical and administrative services to implement security controls and security management strategies. Activities include – but are not limited to:

• Providing advice, guidance on the implementation of security controls
• Defining and reviewing against access rights and privileges authorising and monitoring of access to IT facilities or infrastructure
• Investigating unauthorised access
• Monitoring violations of security policies
• Ensuring compliance with relevant legislations
• Implementing and refining standard security policies, standards and processes, operating procedures
• Leading incident response and investigation of breaches
• Maintaining security records and documentation

The role will work collaboratively with the wider IT team and Security partners. Their expertise comes into play as they collaborate closely with the IT Technology, IT Enterprise, and IT Operations teams to maintain and verify the effectiveness of existing controls, offering essential assurance to the organisation's security posture.

Defining, implementing and operating a framework of security controls and security management strategies includes:

• Selecting, adopting and adapting security control frameworks
• Maintaining the security, confidentiality, integrity, availability, accountability of information systems, ensuring they comply with legislation, regulation and relevant standards
• Designing, justifying and implementing security management strategies
• Reviewing and testing the applicability of the security policies, processes, and controls to ensure their effectiveness within the business and alignment with best practices
• Participation in the internal and external security audits to ensure compliance with the required security and associated data protection standards
• Understanding and advising on the current and emerging Cyber Security legal/compliance measures which Norgine needs to adhere to, relevant to where the business operates
• Identifying opportunities for improvement to be aligned with emerging legislation
• Overseeing, and sharing security Key Performance Indicator (KPI) metric data with the business to ensure transparent communication and alignment with agreed security goals

As an Incident Manager:

• Perform as the Lead Incident manager working with the wider team in the response to suspected attacks, incidents or breaches, ensuring the risk mitigations and recovery of data/assets are complete
• Leading the thought process behind incident management solutions with internal stakeholders and external partners
• Providing direction and input into the security incident response process, including supporting the development of new incident monitoring use cases, reviewing alerts generated by monitoring tools, and leading the coordination of security incidents

Providing advice and guidance on the implementation of security controls and new technology includes:

• Assisting in the management of the security requirements of the supply chain through the technical analysis of systems and applications within Norgine
• Conducting thorough technical security reviews of both new and existing services, documenting findings, and implementing necessary measures to ensure they meet the requirements as set out by the security team at Norgine
• Collaborating with the Security team to engage and lead projects with external partners and internal stakeholders to conduct penetration tests, interpret results, and develop response plans to address identified vulnerabilities
• Acting as a subject matter expert, providing guidance and support to internal project delivery pipeline, BAU initiatives, and changes to ensure compliance with security policies and architectural principles
• Maintaining the Cyber Technology and Cyber Process roadmap, working with the Technology team to research and propose innovative solutions to security challenges that may reduce Norgine’s risk and threat profile
• Engaging in any other necessary activities that contribute to the organization's cyber security and risk mitigation efforts
• Ensuring compliance with Norgine policies and procedures at all times

Education and experience:

• Bachelor’s degree preferred
• Strong experience in IT security focused roles
• Thorough knowledge of ISO 27001, HITRUST CSF (Common Security Framework) and NIST (National Institute of Standards and Technology) CSF
• Good written and oral communication skills

Technical Skills:

• Expert knowledge of and can recommend security controls to mitigate specific risks or issues based on best practice control frameworks such as ISO 27001, CIS (Center for Internet Security) or NIST
• Scoped, managed, and coordinated penetration tests or red team engagements
• Worked with Security partners to develop cyber security incident use cases, response processes and procedures, and overseen the operational delivery of these incident management processes
• Managed and/or provided the lead for security incident investigations
• Understands how cyber threat actors operate, the common types of attacks facing organisations and the key technical countermeasures to mitigate them
• Practical hands-on experience in either offensive or defensive technical security is a distinct advantage
• Can undertake and produce a documented business impact analysis and risk assessment
• Experience of creating and presenting Cyber Security information via regular cadence of reporting suitable for a wide variety of stakeholders, including executive level non-technical leaders

Team Skills:

• Demonstrates passion for information/cyber security
• Proactive at continually improving his/her sphere of influence
• When presented with an objective can research, plan, organise and deliver to deadlines
• Approaches problems in a structured and methodical way
• Attention to detail and strong focus on accuracy of information
• Can work autonomously and collaboratively as required, with excellent time-management
• Excellent interpersonal skills in areas such as teamwork, facilitation, influencing and negotiation
• Excellent communication skills and proven ability to translate business needs into clear and comprehensive architecture requirements
• Ability to communicate complex subjects at different levels (e.g. to traders, IT developers, senior managers)
• Hands-on approach, flexible and positive attitude

Our benefits may vary per location. Please liaise with the Norgine TA representative to obtain more information.

Sound good? Find out more about the career you’ll have with Norgine, then apply here.