(Sr.) IT Application Security Manager
Beijing, Beijing, CN
Department: F&O
Location: Beijing
The position
• Develop and enhance up-to-date application security, risk & quality framework, determine governance approach and operating model (including R&R) within DDIT application teams;
• Work with stakeholders to determine the acceptable level of risk for NNRC and effectively aligned within organization. Conduct regular security, risk & quality assessment to identify early discovery of vulnerabilities and identify gaps for improvement. Enforce DDIT application teams to optimize and report result to NNRC security committee or even senior leaders on the improved maturity;
• Integrator of people, process and technology in security, risk and quality areas;
• Enable DDIT application teams to follow application security, risk & quality framework and operating model;
• Based on risk advice are provided, empower system managers and system owners to own and accept the level of risk they deem appropriate within organization acceptable risk level;
• Form Security awareness culture and accountability within DDIT; Liaison with enterprise architect to ensure security requirements are implicit in architect proposal and security are built in by design
• Represent DDIT application teams in NNRC security committee with Legal and GITO teams; Manage service like GBS risk manager, QA and external supplier, facilitate appropriate resource allocation and ensure delivery quality;
• Manage budget for security, risk & quality budget, build business case for investment; Constant reduction of number of breaches and optimize response and recovery process; Constantly increase efficiency, cost-effectiveness of security, risk & quality operation within DDIT.
Qualifications
• Minimum 3 years experience and success in leader role in IT application security, risk management and quality areas;
• Bachelor degree or above in technology consulting related field, or equivalent work- or education-related experience;
• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials are preferred;
• Knowledge and understanding of relevant legal and regulatory requirements, pharma industry desired;
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework;
• Sound knowledge of application security, risk management and quality, and up-to-date knowledge of technologies, methodologies and trends associated;
• Excellent written and verbal communication skills (EN and mandarin), interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels;
• Excellent stakeholder management skills, builder of both vision and bridges, and able to lead and energize the appropriate teams without reporting lines in the organization to achieve tactical and strategic goals;
• Excellent analytical skills, the ability to manage multiple tasks under strict timelines, as well as the ability to work well in a demanding, dynamic environment;
• High degree of initiative, dependability and ability to work with little supervision while being resilient to change;
• Has good judgment, a sense of urgency and has demonstrated commitment to high standards of ethics, regulatory compliance, customer service and business integrity;
• Fast learner, advanced problem solver and willing to speak up;
• Self-motivated and result driven.
We commit to an inclusive recruitment process and equality of opportunity for all our job applicants.
At Novo Nordisk we recognize that it is no longer good enough to aspire to be the best company in the world. We need to aspire to be the best company for the world and we know that this is only possible with talented employees with diverse perspectives, backgrounds and cultures. We are therefore committed to creating an inclusive culture that celebrates the diversity of our employees, the patients we serve and communities we operate in. Together, we’re life changing.