Director of Cyber Security Governance, Risk, and
hace 4 meses
Are you ready to be part of the future of healthcare? Can you think big, be bold, and harness the power of digital and AI to tackle longstanding life sciences challenges? Then Evinova, a new health tech business part of the AstraZeneca Group might be for you
Transform billions of patients’ lives through technology, data, and innovative ways of working. You’re disruptive, decisive, and transformative. Someone excited to use technology to improve patients’ health. We’re building a new health tech business - Evinova, a fully-owned subsidiary of AstraZeneca Group.
Evinova delivers market-leading digital health solutions that are science-based, evidence-led, and human experience-driven. Thoughtful risks and quick decisions come together to accelerate innovation across the life sciences sector. Be part of a diverse team that pushes the boundaries of science by digitally empowering a deeper understanding of the patients we’re helping. Launch pioneering digital solutions that improve the patients’ experience and deliver better health outcomes. Together, we have the opportunity to combine deep scientific expertise with digital and artificial intelligence to serve the wider healthcare community and create new standards across the sector.
**Key responsibilities include**:
- Develop and optimize the Evinova cyber security governance framework to ensure continued alignment with leading practices, regulatory obligations, and corporate insurability (e.g., NIST CSF, ISO 27001, EU / UK GDPR, HIPAA / HITRUST, SOC 2 Trust Services Criteria, etc.).
- Maintain cyber security policies, procedures, and standards to establish clear and actionable guidelines for cyber security controls, data protection, and incident response protocols. Additionally, maintain the cyber security Risk Register and Risk Exception handling process.
- Partner with the Quality and Compliance Team to ensure the effectiveness of engineering security practices, aligned with relevant standards, and fully documented in policies/procedures. Tracks and develops remediation strategies to ensure continued compliance with relevant regulations and audit requirements.
- Lead the identification, assessment, and mitigation of cyber security risks across Evinova and our digital products. Additionally, providing advisory-based perspectives to the CTO leadership team on best practices and appropriate technology solutions to align residual risk to the organizational risk appetite.
- Collaborate with internal collaborators to assess and manage cyber security risks associated with third-party vendors and service providers, ensuring contractual obligations and security controls are effectively implemented. Partner with Legal / Data Privacy to support Privacy Impact Assessments.
- Define and implement the Evinova Cyber Security and Awareness education program. Collaborates across all business functions and contractors to evangelize security best practices and ensure compliance with all Evinova information security policy requirements.
- Develop insightful and data-driven dashboard(s) articulating Evinova’s current cyber risk posture through the measurement of relevant Key Risk Indicators (KRIs), Key Performance Indicators (KPIs), and cyber trends (e.g., incidents, emerging risks, external interest areas).
- Drive continuous improvement initiatives to enhance the effectiveness and efficiency of the cyber security GRC program, leveraging feedback, metrics, and lessons learned. Actively collaborate with Evinova and AstraZeneca Group leadership to align and share best practices for cyber security, business continuity, and other related policies and procedures.
**Minimum Qualifications**:
- Bachelor's degree in Technology, Computer Science, Business Administration, or a related field.
- 8+ years of combined experience in Cyber GRC relevant domains such as Information Security Compliance, IT Risk Management, Third-Party Risk Management, and Information Assurance (preferably in a cloud-native organization).
- Prior experience providing GRC-related capabilities at a SaaS/cloud service provider.
- Experience in implementing, operating, and assessing GRC programs aligned to the NIST CSF and ISO 27001 frameworks.
- Hands-on experience with audit readiness, response, and remediation activities in support of external SOC2, and penetration testing-related engagements. Additionally, experience maintaining cyber-centric Risk Registers and Corrective Action Plans / Plans of Actions and Milestones (POA&Ms).
- Well-versed in Business Continuity and Disaster Recovery planning and performing third-party risk management due diligence reviews of technology service providers and external entities with persistent access to internal systems / sensitive data.
- Experience articulating the ISMS and supporting processes in the context of responding to third-party risk management questionnaires, and other external entities performing cyber security due diligence-focused inquiries (e.g.
-
[Eh554] - Head Of Cyber Governance, Risk And Compliance
hace 4 semanas
Barcelona, España Santander A tiempo completo[EH554] - Head Of Cyber Governance, Risk And Compliance - Barcelona Head of Cyber Governance, Risk and ComplianceCountry: SpainSantander is looking for a Head of Cyber Governance, Risk and Compliance (GRC), based in our Madrid office.WHY YOU SHOULD CONSIDER THIS OPPORTUNITY At Santander (www.Santander.com), we push the boundaries and create innovative,...
-
[Eh554] - Head Of Cyber Governance, Risk And Compliance
hace 4 semanas
Barcelona, España Santander A tiempo completo[EH554] - Head Of Cyber Governance, Risk And Compliance - Barcelona Head of Cyber Governance, Risk and Compliance Country: Spain Santander is looking for a Head of Cyber Governance, Risk and Compliance (GRC), based in our Madrid office.WHY YOU SHOULD CONSIDER THIS OPPORTUNITY At Santander (www.Santander.com), we push the boundaries and create innovative,...
-
[Eh554] - Head Of Cyber Governance, Risk And Compliance
hace 3 semanas
Barcelona, España Santander A tiempo completo(EH554) - Head Of Cyber Governance, Risk And Compliance - BarcelonaHead of Cyber Governance, Risk and ComplianceCountry: SpainSantander is looking for a Head of Cyber Governance, Risk and Compliance (GRC), based in our Madrid office.WHY YOU SHOULD CONSIDER THIS OPPORTUNITYAt Santander (www.Santander.com), we push the boundaries and create innovative,...
-
Eh554 - Head Of Cyber Governance, Risk And Compliance
hace 4 semanas
Barcelona, España Santander A tiempo completo(EH554) - Head Of Cyber Governance, Risk And Compliance - BarcelonaHead of Cyber Governance, Risk and ComplianceCountry: SpainSantander is looking for a Head of Cyber Governance, Risk and Compliance (GRC), based in our Madrid office.WHY YOU SHOULD CONSIDER THIS OPPORTUNITYAt Santander (www.Santander.Com), we push the boundaries and create innovative,...
-
Eh554 - Head Of Cyber Governance, Risk And Compliance
hace 4 semanas
Barcelona, España Santander A tiempo completo[EH554] - Head Of Cyber Governance, Risk And Compliance - Barcelona Head of Cyber Governance, Risk and ComplianceCountry: SpainSantander is looking for a Head of Cyber Governance, Risk and Compliance (GRC), based in our Madrid office.WHY YOU SHOULD CONSIDER THIS OPPORTUNITY At Santander (www.Santander.Com), we push the boundaries and create innovative,...
-
Cyber Security Risk Manager
hace 7 días
Barcelona, Barcelona, España Amaris Group Sa A tiempo completoCyber Security Consultant (Risk & Compliance)Amaris Consulting is seeking a highly skilled Cyber Security Consultant (Risk & Compliance) to join our team in Barcelona. As a key member of our international team, you will play a crucial role in designing, implementing, and maintaining our Cyber Security Risk & Compliance Framework and Continuous Control...
-
Cyber Security Risk Manager
hace 7 días
Barcelona, Barcelona, España Amaris Group Sa A tiempo completoCyber Security Consultant (Risk & Compliance)Amaris Consulting is seeking a highly skilled Cyber Security Consultant (Risk & Compliance) to join our team in Barcelona. As a key member of our international team, you will play a crucial role in designing, implementing, and maintaining our Cyber Security Risk & Compliance Framework and Continuous Control...
-
Cyber Security Risk Manager
hace 7 días
Barcelona, Barcelona, España Amaris A tiempo completoAbout the RoleWe are seeking a highly skilled Cyber Security Consultant to join our team in Barcelona. As a Cyber Security Consultant, you will play a key role in designing, implementing, and maintaining our Cyber Security Risk & Compliance Framework and Continuous Control Monitoring process.Key ResponsibilitiesDesign and implement Cyber Security Risk...
-
Cyber Security Risk Manager
hace 7 días
Barcelona, Barcelona, España Amaris A tiempo completoAbout the RoleWe are seeking a highly skilled Cyber Security Consultant to join our team in Barcelona. As a Cyber Security Consultant, you will play a key role in designing, implementing, and maintaining our Cyber Security Risk & Compliance Framework and Continuous Control Monitoring process.Key ResponsibilitiesDesign and implement Cyber Security Risk...
-
Cyber Security Risk Manager
hace 7 días
Barcelona, Barcelona, España Amaris A tiempo completoCyber Security Consultant RoleTake your career to the next level with Amaris Consulting as a Cyber Security Consultant (Risk & Compliance) in Barcelona (hybrid work). Become part of an international team, thrive in a global group with €800M turnover and 1,000+ clients worldwide, and an agile environment by planning the kickoff and follow up on...
-
Cyber Security Risk Manager
hace 7 días
Barcelona, Barcelona, España Amaris A tiempo completoCyber Security Consultant RoleTake your career to the next level with Amaris Consulting as a Cyber Security Consultant (Risk & Compliance) in Barcelona (hybrid work). Become part of an international team, thrive in a global group with €800M turnover and 1,000+ clients worldwide, and an agile environment by planning the kickoff and follow up on...
-
Cyber Security Risk Management Specialist
hace 3 semanas
Barcelona, Barcelona, España Amaris Group Sa A tiempo completoAbout the RoleWe are seeking a highly skilled Cyber Security Risk Management Specialist to join our team at Amaris Group Sa. As a Cyber Security Consultant (Risk & Compliance), you will play a critical role in designing, implementing, and maintaining our Cyber Security Risk & Compliance Framework and Continuous Control Monitoring process.Key...
-
Cyber Security Risk Management Specialist
hace 3 semanas
Barcelona, Barcelona, España Amaris Group Sa A tiempo completoAbout the RoleWe are seeking a highly skilled Cyber Security Risk Management Specialist to join our team at Amaris Group Sa. As a Cyber Security Consultant (Risk & Compliance), you will play a critical role in designing, implementing, and maintaining our Cyber Security Risk & Compliance Framework and Continuous Control Monitoring process.Key...
-
Cyber Security Risk Management Specialist
hace 2 semanas
Barcelona, Barcelona, España Amaris Consulting A tiempo completoAbout the RoleWe are seeking a highly skilled Cyber Security Risk Management Specialist to join our team at Amaris Consulting. As a Cyber Security Consultant, you will play a critical role in designing, implementing, and maintaining our Cyber Security Risk & Compliance Framework and Continuous Control Monitoring process.Key ResponsibilitiesDesign and...
-
Cyber Security Risk Management Specialist
hace 2 semanas
Barcelona, Barcelona, España Amaris Consulting A tiempo completoAbout the RoleWe are seeking a highly skilled Cyber Security Risk Management Specialist to join our team at Amaris Consulting. As a Cyber Security Consultant, you will play a critical role in designing, implementing, and maintaining our Cyber Security Risk & Compliance Framework and Continuous Control Monitoring process.Key ResponsibilitiesDesign and...
-
Cyber Security Risk Management Specialist
hace 2 semanas
Barcelona, Barcelona, España Amaris Group Sa A tiempo completoAbout the RoleWe are seeking a highly skilled Cyber Security Risk Management Specialist to join our team at Amaris Group Sa. As a Cyber Security Consultant (Risk & Compliance), you will play a critical role in designing, implementing, and maintaining our Cyber Security Risk & Compliance Framework and Continuous Control Monitoring process.Key...
-
Cyber Security Risk Management Specialist
hace 2 semanas
Barcelona, Barcelona, España Amaris Group Sa A tiempo completoAbout the RoleWe are seeking a highly skilled Cyber Security Risk Management Specialist to join our team at Amaris Group Sa. As a Cyber Security Consultant (Risk & Compliance), you will play a critical role in designing, implementing, and maintaining our Cyber Security Risk & Compliance Framework and Continuous Control Monitoring process.Key...
-
Cyber Security Risk Management Specialist
hace 3 semanas
Barcelona, Barcelona, España Amaris Group Sa A tiempo completoAbout the RoleWe are seeking a highly skilled Cyber Security Risk Management Specialist to join our team at Amaris Consulting. As a Cyber Security Consultant (Risk & Compliance), you will play a key role in designing, implementing, and maintaining our Cyber Security Risk & Compliance Framework and Continuous Control Monitoring process.Key...
-
Cyber Security Risk Management Specialist
hace 3 semanas
Barcelona, Barcelona, España Amaris Group Sa A tiempo completoAbout the RoleWe are seeking a highly skilled Cyber Security Risk Management Specialist to join our team at Amaris Consulting. As a Cyber Security Consultant (Risk & Compliance), you will play a key role in designing, implementing, and maintaining our Cyber Security Risk & Compliance Framework and Continuous Control Monitoring process.Key...
-
Cyber Security Risk Management Specialist
hace 2 semanas
Barcelona, Barcelona, España Amaris A tiempo completoAbout the RoleWe are seeking a highly skilled Cyber Security Risk Management Specialist to join our team at Amaris Consulting. As a Cyber Security Consultant - Risk & Compliance, you will play a key role in designing, implementing, and maintaining our Cyber Security Risk & Compliance Framework and Continuous Control Monitoring process.Key...
