Director Information Security

Job ID: 57103- Location: Lachen, CH- Job Level: Management- Job Category: IT- Employment Type: Permanent position- Career Level:
Do you want to combine the opportunities that a global company provides with the benefits of a family-owned business? Headquartered in Lachen near Zurich, Switzerland, the Octapharma Group is a leading company in the worldwide market for therapeutic human proteins. Working at Octapharma means to have an opportunity to contribute to our common goal - developing lifesaving therapies to improve patients’ lives.

**What will you be doing as Director Information Security (CISO)?**:

- As the Information Security Director at Octapharma, you will hold a pivotal role where your primary focus is on aligning information security initiatives with overall business strategy.
- You will continue the development and implementation of a robust information security risk management framework and services to secure both our IT and OT (manufacturing) systems across the Octapharma group, fostering a security aware culture.
- This position requires a dynamic leader who can engage with all parts of the business and integrate cybersecurity into the fabric of our business operation

Strategic leadership: Collaborate closely with executive leadership to align information security strategy with broader business objectives. Provide visionary leadership in anticipating and responding to the rapidly evolving threat landscape. Champion security initiatives that enhance business processes without compromising efficiency.

Executive Reporting: Chair the Information Security Steering Committee, providing strategic insights to executive leadership. Prepare and present comprehensive security reports to the board of directors, highlighting the impact on business resilience.

Security Governance: Continue to develop, implement, and enforce information security policies, standards, and procedures, and drive compliance to industry standards and regulations. Collaborate with procurement and legal teams to integrate security requirements into third party vendor contracts. Evaluate and manage third-party provider security risks to support a secure business ecosystem.

Risk Management: Lead the identification, assessment, and prioritization of information security risks. Develop and implement risk management strategies that balance security requirements with business objectives. Continuously report on key risk indicators and security metrics to business management and drive risk management efforts.

Security Awareness and Training: Drive a culture of security awareness throughout the organization. Collaborate with HR to develop and implement tailored security training programs for employees at all levels.

Security Incident Management: Continuously improve and deliver the security operations center service, maintaining oversight and providing strategic guidance to technical teams and business leadership during incidents. Owning and maintaining the cyber crisis management process and tabletop exercises.

Cyber Threat and Vulnerability Management: Continuously improve and govern the vulnerability management service, maintaining and driving risk reduction for cyber threats identified in our IT and OT systems and providing strategic direction and guidance to other IT colleagues in charge of remediation efforts.

***Who are you?**:

- University Degree in Information Security, IT or equivalent
- Excellent leadership skills, preferably of a global team.
- Desirable: Relevant security certifications such as from ISC2 -CISSP, ISACA CISM.
- 10+ years of professional work experience in information security.
- 3+ years of experience in a security leadership role such as head of information security/CISO, preferably in organizations which have manufacturing business operations.
- A collaborative individual, used to working cross functionally, able to influence and guide others.
- Proven experience, and happy to be, both strategic and hands-on in approach.
- Demonstrable experience of successfully driving change and transformation within a business.
- Excellent communication skills, both verbal and written in English, German is a plus, you are able to convey and ensure an understanding of complex messages.
- Desirable: You have knowledge of GXP, CSV and pharmaceutical industry related regulations.
- If needed you could travel, around 30% of your working time in Europe and USA occasionally.

***The Information Technology Department**:
You will be reporting to the Vice President/CIO of Corporate IT.
The Corporate IT Team has overall accountability for IT services supporting all business functions across the Octapharma group. Because we are a privately owned company, we have a stable IT organization structure, long-term vision and strategy. This will enable you to deliver a security program which is truly focused on generating business value and protecting Octapharma.
You will work closely with other parts of the Octapharma IT organizati