Governance Risk & Compliance Specialist (Life Sciences, Remote)

Job summary

This role focuses on embedding information security within the organization by implementing and managing an Information Security Management System (ISMS) and translating security requirements into actionable processes. The position emphasizes governance, risk management, and stakeholder engagement across various organizational levels.

Qualifications

• Several years of experience in information security, particularly within the life sciences sector.
• Proven track record of implementing and operating an ISMS using recognized frameworks (e.g., ISO, NIST CSF, CIS Controls).
• Strong stakeholder management skills with the ability to communicate effectively at different organizational levels.
• Experience in performing and documenting risk assessments, preferably using OneTrust.
• Familiarity with Third Party Risk Management practices, including vendor security assessments and contractual requirements.
• Foundational understanding of technical concepts related to identity, endpoints, cloud, and networking.
• Interest in leveraging AI tools for productivity and understanding their security implications.

Responsibilities

• Coordinate and enhance the ISMS across the organization, ensuring compliance with NIS2 and FDA's 21 CFR Part 11.
• Act as a trusted advisor, translating security risks into business impacts and providing clear recommendations.
• Develop and maintain information security policies and standards, ensuring they are practical and adopted in daily operations.
• Establish a structured approach to Third Party Risk Management, focusing on vendor assessments and risk scoring.
• Drive compliance with NIS2 by mapping obligations to controls and preparing governance reports for management.
• Support disaster recovery and business continuity planning, including documentation and exercise facilitation.
• Promote security awareness through targeted communication and presentations tailored to various audiences.

Skills

• Strong organizational and communication skills, with a proactive and collaborative approach.
• Ability to facilitate workshops and present to both operational teams and executive audiences.
• Curiosity and a mindset geared towards continuous improvement.

Education

• Relevant degree or equivalent experience in information security or a related field.

Tools

• Experience with OneTrust for risk management and documentation.
• Familiarity with AI tools to enhance productivity.