Information Security Manager – Strategy & Excellence

at ZS Associates, Inc.
Published September 19, 2022
Location Philadelphia, PA
Category Default  
Job Type Full-time  

Description

ZS is a professional services firm that works side by side with companies to help develop and deliver products that drive customer value and company results. From R&D to portfolio strategy, customer insights, marketing and sales strategy, operations and technology, we leverage our deep industry expertise and leading-edge analytics to create solutions that work in the real world. Our most valuable asset is our people-a fact that's reflected in our values-driven organization in which new perspectives are integral and new ideas are celebrated. ZSers are passionately committed to helping companies and their customers thrive in industries ranging from healthcare and life sciences, to high-tech, financial services, travel and transportation, and beyond. ZS Associates is the world's largest consulting firm focused exclusively on helping companies improve overall performance and grow revenue and market share, through end-to-end solutions - from customer insights and strategy to analytics, operations and technology. From 29 offices around the world, ZS experts draw on deep industry and domain expertise to help companies make smarter decisions quickly and cost effectively. We are particularly known for our strong presence in the Life Science sector yet work across a range of industries. ZS delivers solutions to a broad spectrum of challenges. We also help our clients transform their sales and marketing organizations to implement these solutions. Our solutions and recommendations are based on rigorous research and analysis, underpinned by deep expertise and thought leadership. Our work is powered by deep knowledge in the various data options available. ZS's Information Security Centre of Excellence is an integrated part of the ZS' CISO's office that is responsible for driving across organizational effectiveness and excellence for information security programs across the firm globally which further enables ZS team to deliver secure results to our clients. We are currently seeking applicants for the position of Manager - Information Security Centre of Excellence to join our US office and act as a Business Information Security Officer (BISO) for assigned client accounts / domains reporting to the Director of Information Security CoE. The position will support various management directed initiatives which include following job requirements: Responsibilities: Work closely with Business, Client (as applicable), Information Security, IT and Project teams for thorough understanding of business and client security requirements and coordinate secure business enabling solutions. Build and maintain effective relationship with Business, Client, IT and Information Security stakeholders. Be the voice of Information Security for business teams & clients and the voice of the business & clients within Information Security. Own and communicate the account level roadmap for Information security aligned with ZS' risk appetite and overall Information Security roadmap, identifying and resolving applicable implementation level risks and issues. Facilitate planning, introduction, delivery of account level Information Security support and initiatives, like: Coordinate internal and client required compliance activities, security audits, point services like 3rd party vulnerability assessments, client's security questionnaires, etc. Drive security capability / maturity improvement, security awareness and education Secure architecture design and implementation of processes Contribute to cyber resilience strategy and response (as applicable) Ensure that ZS and Client's security policy compliance is appropriate managed within assigned domain / account Share knowledge and expertise of in-country (or regional) cybersecurity policy and regulatory environment with key stakeholders and clients Support the broader Information Security team in maintaining cybersecurity hygiene and seek opportunities to enhance and improve security of Information involved in assigned domain and/or account. Provide senior account and organizational leadership with accurate assessments of our security posture and progress on industry standard frameworks on an ongoing basis. Educate stakeholders on cybersecurity-related matters in an effort to increase awareness and improve culture Basic Qualifications (Required Skills & Experience): 10+ years in a similar role in a large international organization Proven experience working in risk management, governance, and regulatory requirements related to cybersecurity with a specific focus on business outcomes and service delivery. Confident, energetic self-starter with strong written and oral communication skills, and a focus on translating technically complex issues into simple, easy to understand concepts Ability to bring key stakeholders together to rapidly and collaboratively achieve consensus on priorities and path forward to work tasks and projects Has good judgment, a sense of urgency and has demonstrated commitment to high standards of ethics, regulatory compliance, customer service and business integrity. A good understanding of Security frameworks including NIST, SANs, COBIT, CIS, ISO 27001, etc. Familiarity with US, Global healthcare and pharma specific data, cybersecurity regulatory requirements. Proven work experience with multinational enterprises. Bachelor's degree in a related discipline and professional certification (CISSP, CPA, CIA, CISA, CISM, CRISC or similar) Preferred Qualifications (Desired Skills/Experience): Work experience with Healthcare and Pharma organization involving IT and Security functions. Knowledge and experienced working with security frameworks, assessments Familiarity with security controls and services on endpoint devices, in-house and commercial applications, Window and Linux servers, and infrastructure network devices Effective analytical skills with an ability to identify and resolve issues Tolerant of ambiguity and the flexibility to work well in a dynamic environment High attention to detail, self-starter, results driven CISSP, Security+ or other cybersecurity certifications Project management, team lead experience Experience evaluating cyber security controls and providing guidance for platform or distributed computing platforms (Cloud, PaaS) ZS is a global consulting firm. Fluency in English is required; additional fluency in at least one European or Asian language is desirable. Candidates must possess or be able to obtain work authorization for their intended country of employment. An on-line application, including a full set of transcripts (official or unofficial), is required to be considered. ZS offers a competitive compensation package with salary and bonus incentives, complete medical/dental/life insurance programs and retirement savings benefits. ZS is an equal opportunity employer and is committed to providing equal employment and advancement opportunities without regard to any class protected by applicable law. ZS is committed to providing and maintaining a safe workplace. Must have received or be willing to receive the COVID-19 vaccination by date of hire to be considered. Proof of vaccination will be required. Religious/Medical Exemptions can be requested on a limited basis upon hire. NO AGENCY CALLS, PLEASE.

ZS is a global consulting firm. Fluency in English is required; additional fluency in at least one European or Asian language is desirable. Candidates must possess or be able to obtain work authorization for their intended country of employment. An on-line application, including a full set of transcripts (official or unofficial), is required to be considered. ZS offers a competitive compensation package with salary and bonus incentives, complete medical/dental/life insurance programs and retirement savings benefits. ZS is an equal opportunity employer and is committed to providing equal employment and advancement opportunities without regard to any class protected by applicable law. ZS is committed to providing and maintaining a safe workplace. Must have received or be willing to receive the COVID-19 vaccination by date of hire to be considered. Proof of vaccination will be required. Religious/Medical Exemptions can be requested on a limited basis upon hire. NO AGENCY CALLS, PLEASE.

ZS Associates is the world's largest consulting firm focused exclusively on helping companies improve overall performance and grow revenue and market share, through end-to-end solutions - from customer insights and strategy to analytics, operations and technology. From 29 offices around the world, ZS experts draw on deep industry and domain expertise to help companies make smarter decisions quickly and cost effectively. We are particularly known for our strong presence in the Life Science sector yet work across a range of industries. ZS delivers solutions to a broad spectrum of challenges. We also help our clients transform their sales and marketing organizations to implement these solutions. Our solutions and recommendations are based on rigorous research and analysis, underpinned by deep expertise and thought leadership. Our work is powered by deep knowledge in the various data options available. ZS's Information Security Centre of Excellence is an integrated part of the ZS' CISO's office that is responsible for driving across organizational effectiveness and excellence for information security programs across the firm globally which further enables ZS team to deliver secure results to our clients. We are currently seeking applicants for the position of Manager - Information Security Centre of Excellence to join our US office and act as a Business Information Security Officer (BISO) for assigned client accounts / domains reporting to the Director of Information Security CoE. The position will support various management directed initiatives which include following job requirements: Responsibilities: Work closely with Business, Client (as applicable), Information Security, IT and Project teams for thorough understanding of business and client security requirements and coordinate secure business enabling solutions. Build and maintain effective relationship with Business, Client, IT and Information Security stakeholders. Be the voice of Information Security for business teams & clients and the voice of the business & clients within Information Security. Own and communicate the account level roadmap for Information security aligned with ZS' risk appetite and overall Information Security roadmap, identifying and resolving applicable implementation level risks and issues. Facilitate planning, introduction, delivery of account level Information Security support and initiatives, like: Coordinate internal and client required compliance activities, security audits, point services like 3rd party vulnerability assessments, client's security questionnaires, etc. Drive security capability / maturity improvement, security awareness and education Secure architecture design and implementation of processes Contribute to cyber resilience strategy and response (as applicable) Ensure that ZS and Client's security policy compliance is appropriate managed within assigned domain / account Share knowledge and expertise of in-country (or regional) cybersecurity policy and regulatory environment with key stakeholders and clients Support the broader Information Security team in maintaining cybersecurity hygiene and seek opportunities to enhance and improve security of Information involved in assigned domain and/or account. Provide senior account and organizational leadership with accurate assessments of our security posture and progress on industry standard frameworks on an ongoing basis. Educate stakeholders on cybersecurity-related matters in an effort to increase awareness and improve culture Basic Qualifications (Required Skills & Experience): 10+ years in a similar role in a large international organization Proven experience working in risk management, governance, and regulatory requirements related to cybersecurity with a specific focus on business outcomes and service delivery. Confident, energetic self-starter with strong written and oral communication skills, and a focus on translating technically complex issues into simple, easy to understand concepts Ability to bring key stakeholders together to rapidly and collaboratively achieve consensus on priorities and path forward to work tasks and projects Has good judgment, a sense of urgency and has demonstrated commitment to high standards of ethics, regulatory compliance, customer service and business integrity. A good understanding of Security frameworks including NIST, SANs, COBIT, CIS, ISO 27001, etc. Familiarity with US, Global healthcare and pharma specific data, cybersecurity regulatory requirements. Proven work experience with multinational enterprises. Bachelor's degree in a related discipline and professional certification (CISSP, CPA, CIA, CISA, CISM, CRISC or similar) Preferred Qualifications (Desired Skills/Experience): Work experience with Healthcare and Pharma organization involving IT and Security functions. Knowledge and experienced working with security frameworks, assessments Familiarity with security controls and services on endpoint devices, in-house and commercial applications, Window and Linux servers, and infrastructure network devices Effective analytical skills with an ability to identify and resolve issues Tolerant of ambiguity and the flexibility to work well in a dynamic environment High attention to detail, self-starter, results driven CISSP, Security+ or other cybersecurity certifications Project management, team lead experience Experience evaluating cyber security controls and providing guidance for platform or distributed computing platforms (Cloud, PaaS)

Drop files here browse files ...