Employer Inc. (NYSE: TMO) is the world leader in serving science, with revenues of more than $20 billion and approximately 65,000 employees globally. Our mission is to enable our customers to make the world healthier, cleaner and safer. We help our customers accelerate life sciences research, solve complex analytical challenges, improve patient diagnostics, deliver medicines to market and increase laboratory productivity. Through our premier brands - Thermo Scientific, Applied Biosystems, Invitrogen, Fisher Scientific and Unity Lab Services - we offer an unmatched combination of innovative technologies, purchasing convenience and comprehensive services.
This role is part of the Corporate Information Security (CIS) Policy, Compliance, and Privacy team that is tasked with developing and executing policies, directives, standards, and procedures, designed to increase the overall level of security compliance across the company. The position will be responsible for assisting with the overall program strategy, identifying and developing policies and directives across a variety of knowledge areas, assisting cross organizational areas with development of standards and procedures, and maintaining the compliance of the organization by monitoring the policy lifecycle and performing periodic gap assessments.
- Assist in the development, initiation, maintenance, and revision of policies, standards, procedures, work instructions, and guidelines of security programs and related activities.
- Drive communication and implementation of security policies, procedures, and technologies across the organization.
- Work closely with legal to ensure that proper security controls are in place to protect sensitive data of our company, employees, and customers within the law and regulations around the world.
- Partner effectively with the security awareness program to communicate new policies, procedures, and programs.
- Partner with internal teams to ensure policies meet the needs and goals of CIS.
- Collaborate with other departments outside of IT (e.g., Risk Management, Internal Audit, HR, Legal, etc.) to direct policy and regulatory issues to appropriate channels for investigation and resolution.
- Consult with corporate counsel as needed to resolve legal issues related to regulations and standards.
- Provide training and awareness on company policies across the organization.
- Perform other duties as assigned.
Non-Negotiable Hiring Criteria:
- 5+ years experience in information technology, compliance, legal, data protection/privacy, and/or information security.
- Knowledge of risk analysis and information security
- Knowledge of data privacy and security requirements under EU Data Protection Directive, PCI, GLB, HIPAA, FDA and other relevant legislation when appropriate for business. (Canada Personal Information Act, etc.)
- Bachelor s Degree in Law, Information Security, Cybersecurity, Information Assurance, Risk Management, or equivalent work experience.
- Ability to develop metrics and provide analysis to measure effectiveness of programs
- Excellent writing skills, with experience as a writer, technical editor, or communications specialist a plus
- Strong interpersonal, organizational, and excellent documentation skills are a must
- Excellent customer service skills required
- Strong attention to detail, organizational skills, time management
- Excellent verbal and written communication skills
- The ability to interact professionally with a diverse group: executives, managers, and subject matter experts
- The ability to take direction and independently work through projects as required.
Employer is an EEO/Affirmative Action Employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability or any other legally protected status.
Associated topics: attack, identity, identity access management, information assurance, information security, information technology security, leak, phish, threat, vulnerability