Information Security Officer

About The Position

Medison offers hope to patients suffering from rare and severe diseases by forming partnerships with emerging biotech companies to accelerate access to highly innovative therapies in international markets.

As the creator and leader of the global partnership category in the pharma industry, we strive to be Always Ahead and work relentlessly to bring therapy to patients in need, no matter where they live.

Medison’s ISO will responsible for writing and reviewing the organizational information security management framework, such as policies, procedures, and work plans.

Consulting regarding relevant solutions and products, as well as improvement and development of the field.

Project management of examination and implementation of new information security products and characterization of information security solutions for related projects.

Advice on compliance with the law and regulation on privacy and cyber protection issues, as well as conducting information security and privacy protection surveys.

Conducting surveys and accompanying ISO 27001 compliance, focused on all aspects of CyberSecurity within Application (AppSec), Infrastructure (DevSec), GRC, SIEM/SOC and incident response, IT security.

Responsibilities

• Develop, Update, and Maintain a Cybersecurity strategy.
• Manage a risk-based cybersecurity program to continually secure corporate IP, technology, information, computer systems, networks, and data.
• Provide guidance of proposed cybersecurity best practices to the different business functions.
• Develop a comprehensive CyberSecurity Guidance, Processes and Procedures based on industry standards.
• Remain informed on trends and issues in the security industry, including current and emerging technologies and regulatory and compliance issues. Advise, counsel, and educate executive and management teams on their relative importance.
• The position reports to CISO
  
  

• 5+ year of experience as ISO (reviewing and recommending security business solutions - GRC).
• Experience from big Global company
• Certifications in one of the following areas: CISO, CISM, GISO, IAM, CISSP.
• Demonstrated knowledge of recognized security industry standards and leading practices (e.g., SOX, ISO27001/2/3, ISO 27018, GDPR, PCI, OWASP, NIST, DISA, CIS, etc).
• Broad knowledge of cybersecurity technologies, solutions, and tools (e.g., encryption technologies, SIEM, DLP, etc.).
• Strong knowledge of cloud technologies, platforms, and services.
• Broad knowledge of operational and security processes/controls (e.g., vulnerability management, patch management, configuration management, access management, etc.).
• Former experience as a system administrator and /or security administrator - advantage
  
  

• Ability to learn, understand, and apply new technologies.
• Strong analytical and problem-solving abilities.
• Excellent written and verbal communication skills
• Fluent English- Written and Verbal
• Exceptionally self-motivated, directed, and detail-oriented with a strong sense of ownership and ability to work independently in a highly complex and dynamic environment