You are responsible for
but not limited to)
Supporting / localizing information & product security awareness, training and education programs.
Supporting the creation, approval and embedding of information / product security policies, adaptions, standards.
Establishing & delivering centralized reporting within Philips on the effectiveness of the information & product security function and its performance against strategic objectives.
Aligning with the supplier security team on information & product security issues related to Philips suppliers / partners / 3rd party ecosystems.
Being an authority on the Philips Security Management Framework : policies (tactical level), processes and risk management designs.
Drive and support compliance / policy / risk reviews for your assigned market areas / business units.
Engaging with business, markets and functions to identify and implement improvement opportunities across secure foundation, information protection, secure access to business information / assets, threat / incidents response capabilities and vulnerabilities mitigation.
Assisting with Philips internal application security assessments and sample assessments to audit and report on compliance.
Driving the implementation of the Security Management Framework in your region, gather information and assess risk together with the risk management team.
Supporting businesses in maintaining external business certifications and compliance with other (international) guidelines for information security.
Assisting with business internal audits and overseeing and guiding external audits related to its products and services in the markets.
Identifying product / services security requirements throughout the Idea-to-market (I2M) / Product Development Lifecycle Management and work with other teams as necessary to provide mitigation and cost / benefit analysis.
You are part of
Regional Information Security Team for the Americas.
To succeed in this role, you should have the following skills and experience
Bachelors of Science degree or equivalent combination of education and work experience.
Minimum of 8 years in information security or risk management or related functions (e.g. IT audit, IT Risk Management and IT Compliance).
Excellent knowledge of ISO27001 / 2 and NIST Cybersecurity frameworks.
Information security management or audit qualifications such as CISM / CISSP / CISA / CRISC.
Experience in the creation and enforcement of information security (including the sensitivity to establish a risk based view on compliance), including compliance reporting.
Familiar with Information Security Management Systems (ISO / IEC 27001). Experience in Health information security management (ISO 27799, ISO / IEC 80001, DIACAP).
Familiar with Laws and regulations on privacy, data protection, and breach notification (95 / 46 / EC, HIPAA, FDA, ISO / TS 14265, 21CFR820, SB1386, etc.).
Practical experience in highly regulated environment (FDA, SOX, Export, Privacy / GDPR, HIPAA).
Experience working in a large global organization.
Consulting experience desirable.
Excellent understanding of how different business units integrate into the strategic vision, business trends and the direction Security must take to support the business.
Strong interpersonal skills communication, presentation, ability to influence and lead.
Spanish and Portuguese fluency desired; English fluency required.
Willingness to travel as needed.
Note : Please include your resume in English when sending your application.
You will be part of a collaborative team supporting the North America and the Latin America regions.