Today, Lonza is a global leader in life sciences operating across three continents. While we work in science, there’s no magic formula to how we do it. Our greatest scientific solution is talented people working together, devising ideas that help businesses to help people. In exchange, we let our people own their careers. Their ideas, big and small, genuinely improve the world. And that’s the kind of work we want to be part of.
The Head IT Security Infrastructure is accountable for the implementation of IT Security Controls, as well as the definition and implementation (together with IT Security) of appropriate security measures in terms of processes and technology. The role works in close collaboration with IT Infrastructure colleagues and IT Security & Compliance.
Furthermore, the role is responsible for the implementation of the enterprise-wide information security management program within IT Infrastructure (for all environments, including OT, manufacturing, etc.), in regards to secure design and implementation of systems to ensure that Infrastructure assets are adequately protected. This position reports on quantifiable security KPIs and drives vulnerability management and remediation pertaining to IT Infrastructure. The position holder ensures to improve IT security within the IT Infrastructure environment in a sustainable fashion in accordance with life science regulatory practices, advises respective subject matter experts within Lonza and its’ outsourced services. The role manages a team of infrastructure security subject matter experts. In addition the team will need to support, as required, the Security Operations Center team in case of potential IT security incidents. A key element of the role is to work with IT and its’ leadership holding responsibility of IT systems and their respective teams to ensure that the IT infrastructure landscape is designed and setup in a good practice manner. Ensures consistent application of required security controls or mitigating controls as applicable. The role will be having a dotted reporting line to the IT Security & Compliance department, and will be pivotal for effective collaboration between IT Infra and IT security. The ideal candidate is a thought leader, a consensus builder, and an integrator of people and processes.
- Participate in relevant Change Advisory Boards and act as an initial Single Point of Contact for infrastructure security relevant projects, including appropriate communication to senior business and IT management, as well as managing a direct and matrix organization of Subject Matter Experts.
- Define and fully implement effective vulnerability remediation measures on both procedural and technology layer (e.g. system hardening, patching, lifecycle management).
- Drive security culture within IT Infrastructure.
- Oversee IT Security related Infrastructure services and drive potential improvements.
- Co-ensure that regulatory security and data protection requirements are fulfilled on the infrastructure level, e.g. GxP and GDPR.
- Masters degree in computer science or information security or equivalent work- or education-related experience as well as advanced experience in Information technology, ideally track record hands on experience in either IT operations or software development.
- The role requires advanced years of relevant infrastructure security expertise, thereof some years in senior infrastructure or security. Track record of leading security projects and being the security lead for IT projects.
- An Operation Technology background is desired
- Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), ITIL v4 fundamentals or other similar credentials, is desired.
- Knowledge and understanding of relevant legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA), EU General Data Protection Regulation (GDPR) and Payment Card Industry/Data Security Standard as well as knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT and ones from NIST.
- The position requires a pragmatic leader with sound knowledge of business management, high quality thinking and working and excellent knowledge in various IT technologies and services, including secure design principles.
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate infrastructure and security related concepts to technical and nontechnical audiences.
- Exhibit excellent analytical and solution oriented engineering mindset skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
- Project management skills: financial/budget management, scheduling and resource management.
- Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
Every day, Lonza’s products and services have a positive impact on millions of people. For us, this is not only a great privilege, but also a great responsibility. How we achieve our business results is just as important as the achievements themselves. At Lonza, we respect and protect our people and our environment. Any success we achieve is no success at all if not achieved ethically.
People come to Lonza for the challenge and creativity of solving complex problems and developing new ideas in life sciences. In return, we offer the satisfaction that comes with improving lives all around the world. The satisfaction that comes with making a meaningful difference.