IT Security & Compliance Head (f/m/d)

Location: Colmar

Today, Lonza is a global leader in life sciences operating across five continents. While we work in science, there’s no magic formula to how we do it. Our greatest scientific solution is talented people working together, devising ideas that help businesses to help people. In exchange, we let our people own their careers. Their ideas, big and small, genuinely improve the world. And that’s the kind of work we want to be part of. 

Are you ready to be the driving force behind a robust information security strategy in a global organization? As IT Security & Compliance Head, you will have the unique opportunity to shape our security vision, manage risks and foster a culture of safety and compliance. You’ll be the strategic advisor to senior leadership and the hands-on leader ensuring our information assets remain secure worldwide.

The IT Security & Compliance Head defines and creates  the organization's information security, policies, and serves as the process owner of all assurance and compliance activities related to the availability, integrity and confidentiality of customer, business partner, employee and business information. A key element of the IT Security & Compliance Head 's role is working with executive management to determine acceptable levels of risk for the organization, and to implement controls to maintain security consistent with the organization’s agreed risk tolerance level. The IT Security & Compliance Head must be highly knowledgeable about the business environment and ensure that information systems are maintained in a fully functional, secure mode.

What you will get:

• A key leadership role shaping our global security strategy.

• Collaboration with a dynamic team in an innovative environment.

• An agile career and dynamic working culture

• An inclusive and ethical workplace

• Compensation programs that recognize high performance

• The full list of our global benefits can be also found on https://www.lonza.com/careers/benefits.

What you will do:

• Develop, implement, and monitor a strategic enterprise information security and IT risk management program, to include creating, maintaining, and enforcing information security policies and standards across the organization.

• Create and manage security and risk awareness training programs for employees and approved system users.

• Facilitate IT risk assessments and collaborate with stakeholders to define acceptable risk levels.

• Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.    Oversee vendor and partner security assessments to ensure supply chain security

• Liaise with the enterprise architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures

• Ensure that security programs are in compliance with relevant laws, regulations and policies to minimize or eliminate risk and audit findings

• Liaise among the information security team and corporate compliance, audit, legal and HR management teams as requiredManage multiple third party vendors providing security and compliance services to the organization

• Develop and maintain an information security framework consistent with established industry frameworks

• Define appropriate security metrics and KPIs.  Provide regular reporting on the security program status to senior leadership and the board of directors.

• Establish and test security incident response,  plans.  Manage security incidents and coordinate execution of disaster recovery and business continuity plans.

• Monitor external threats and advise on appropriate mitigation strategies.

• Drive maturity of the security program throughout the organization with by performing regular reviews and promoting adoption of best practices

• Security budget responsibility

What we are looking for:

• Bachelor’s degree in Computer Science; Master’s degree in Computer Science or Business Administration preferred.

• 10 years experience in information security or risk management including at least 4 years in a leadership role.

• Global experience and exposure to different cultures.

• Manufacturing experience.

• Experience working with third-party vendors and leading managed service partners.

• Preferably a background in the pharmaceutical industry.

• Fluent English; French is preferred.

• CISSP, CISM, or CISA strongly preferred.

• Deep knowledge of security frameworks (ISO 27001, NIST), risk management, incident response, compliance, and crisis management.

• Competencies: Agility, Business Acumen, Collaboration, Customer Focus, Driving Results, Leadership.

• There is no visa sponsorship available for this role.

Every day, Lonza’s products and services have a positive impact on millions of people. For us, this is not only a great privilege, but also a great responsibility. How we achieve our business results is just as important as the achievements themselves. At Lonza, we respect and protect our people and our environment. Any success we achieve is no success at all if not achieved ethically.

People come to Lonza for the challenge and creativity of solving complex problems and developing new ideas in life sciences. In return, we offer the satisfaction that comes with improving lives all around the world. The satisfaction that comes with making a meaningful difference.

Lonza is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, gender identity, age, status as a qualified individual with disability, protected veteran status, or any other characteristic protected by law.