For our client, a company in the pharmaceutical manufacturing industry based in Lugano (Switzerland), we are looking for a Senior Information Security Specialist for a permanent role.
Your responsibilities :
* Execute and coordinate activities identified by the Cyber Security roadmap, such as the delivery of essential security services to the company.
* Support in ensuring business continuity and security of systems.
* Guide and coordinate with the external and internal personnel during the execution of activities.
Tied to the Cyber Security roadmap, you will have a particular focus on the following activities and still collaborate with the rest of the group:
* Security operations management and incident response, including monitoring, identifying and analyzing potential threats to respond to potential incidents on time.
* Improving security event generation and tracking, ensuring timely detection capability.
* Monitoring and governance of the relationship with vendors of implemented security solutions.
* Managing the technical aspects of data classification according to the internal model, ensuring that the solution is active and configured correctly on all data types at the perimeter.
* Life cycle management of the company's security devices and software according to SSDLC (Secure System Development Life Cycle) principles.
* Managing internal network management issues.
* Managing and continuously improving the model for identifying minimum Cyber Security requirements for relevant projects.
* Assessment of Cyber Security implications for release activities or changes to existing and new application components.
* Proposal and implementation of new cybersecurity tools to improve the resilience of the IT infrastructure.
* Support in ongoing training of junior security team, providing guidance and mentoring to improve their technical and governance skills.
* Developing and implementing a cyber risk management methodology to verify that all aspects of Cyber Security, group-wide, have been assessed, adhered to, and managed.
* Regular execution of security assessments to assess, mitigate and monitor cyber risks, following regulations and corporate standards.
* Continuously updating regarding the latest security trends, vulnerabilities and mitigation strategies.
Minimum Requirements:
* Master's degree and/or technical degree in IT disciplines.
* At least 7 years of experience in security, systems and networks. Possible experience as a consultant in IT security or related fields will be considered a plus.
* Excellent English speaking, writing and reading skills. The position involves constant contact with Group personnel located in various countries.
* Ability to work effectively both independently and as part of a team, with excellent communication and consulting skills.
* Due to Swiss work permit restrictions, we can only consider applications from Swiss nationals, EU citizens as well as current work-permit holders for Switzerland.
Extensive experience and knowledge, gained in complex hybrid environments, on issues of:
* Hybrid Identity (Active Directory, Azure Active Directory, MFA, Certification Authority).
* Endpoint security (Antivirus, EDR, web protection tools).
* Threat management (spam filters, attack surface management tools, vulnerability assessment, penetration testing, threat intelligence).
* Infrastructure security and management (patch management, hardening, security monitoring activation, routine and non-routine maintenance, policy management, secure publishing).
* Knowledge of cloud environments and architectures preferably Microsoft Azure.
* Cloud security (Microsoft Defender suite, CASB, CSPM, Azure security).
* Security and networking in pharmaceutical manufacturing plants and remote locations.
* Thorough knowledge of Windows and Linux operating systems.
* Knowledge of encryption, authentication and 802.1x solutions.
* Knowledge of networking issues (TCP/IP, DNS, Wi-Fi, remote desktop, VNC).
* Knowledge of network protection tools (e.g., NDR, NGFW, IPS/IDS, SWG).
* Knowledge of the principles of Security by Design and Secure System Development Life Cycle (SSDLC).
* Knowledge of more advanced network protection solutions (e.g., ZTNA, SASE) and more canonical ones (e.g., VPN, bastion host).
* Knowledge of major data classification systems and data loss prevention.
* Knowledge of GRC tools and issues related to cyber risk management.
Preferred Technical Skills:
* Certifications in cyber security (e.g., CISSP, GIAC, etc.).
* Ability to design and implement software solutions suitable for articulated or large IT systems.
Your application:
Please apply online. For further information about the position, please contact your Gi Group recruiter, Mrs. Anh Nguyen (+41 76 586 02 13).
#J-18808-Ljbffr