Cybersecurity Senior Manager Global Information Security

Jobs mission

Under the direct supervision and guidance of the Global Head of Information Security the job holder is part of the Global Information Security (Digital & IT Division) responsible for leading the implementation & execution of Global Cyber Defense Strategy implementation of technical solutions to defend Santen from cyberattacks running risk assessments of all new global solutions managing the risk and vulnerability management process (both Information Systems and Industrial Control Systems) developing and maintaining the organizations security architecture while considering investors expectation for company security measures such as security regulations standards and best practice working with SOC (Security Operations Center) partner in order to ensure that information assets are adequately protected and compliant as well as maximize the benefit of information systems for Santens global businesses.

Number of direct subordinates

There might be direct reports soon and several Digital & IT members and external consultants whose activities need to be coordinated by this role within the framework of cybersecurity projects or processes.

Key Responsibilities & Accountabilities

Cybersecurity Defense & Management

• According to the companys longterm vision formulate and integrate cybersecurity strategies into a companywide strategic plan by collaborating with crossfunctional teams to design and implement secure infrastructure and application solutions
• Understand expectations of the company regarding continuous growth establish concrete goals and create midterm strategies to achieve goals
• Drive the Global Cyber Defense Strategy maintain ready forces and capabilities to conduct cybersecurity operations
• Anticipate future internal and external trends and implications and create appropriate cybersecurity measures
• Build understanding of cyber threats in each level. Develop detection & protection measures continuously lead the technical solution implementations to be prepared to defend Santen from disruptive or destructive cyberattacks

Security Incident Management

• Ensure the security incident management process are executed properly by all parties by tracking the resolution process and making sure the known issues are addressed according to risk management methodology
• Lead the monthly operational meetings between SOC team and Santen improve the overall process and ensure the KPIs are achieved
• Verify and continuously improve the Recovery Process performed during or after a security incident to ensure that it meets business requirements and is effective and practical
• Manage the Major Security Incident Management process under Global Head of Information Security and guide/train different stakeholders including SOC team DIT leaders and technical managers
• Support the Disaster Recovery and Business Continuity framework initiatives and execution

Technical Risk Management

• Improve Santens cybersecurity maturity level by increasing overall awareness and providing security advice/insights on technical requirements to DIT and nonDIT leaders (both Information Systems and Industrial Control Systems global leaders)
• Lead global programs & project implementations planning the delivery of risk mitigation solutions and answering technical questions reviewing current security measures recommending enhancements and identifying areas of security weakness
• Perform technical risk assessments (IT & OT) of all new global solutions and third parties identify potential gaps and make sound recommendations for mitigating the risks on a global scale
• Implement the Internal Cybersecurity Framework to support the stateofart technologies and Santen regulatory and organizational requirements (ISO 27001 NIST Data Privacy Laws)

Vulnerability Management

• Implement and improve the Global Vulnerability Management Program focused on reducing the risk presented by vulnerabilities in Santen environment by continuously performing three core steps: Discovery Reporting and Remediation
• Guide the technical teams (Global IT Infra Regional IT Infra and Application teams critical third parties) to make sure vulnerabilities are mitigated on a timely manner perform the escalations on time
• Manage the global vulnerability scan and penetration test exercises
• Manage the relationship and contracts with the external suppliers to obtain the best value for Santen

Threat Intelligence

• Determine the need for covering the risks on companys threat landscape and continuously search for the most strategic product & services to deliver the needed capabilities
• Keep track of changes in Santens business threat landscape product innovations and rebalance according to the risk appetite
• Build and maintain robust partnerships with market leaders (e.g. Gartner ISF) to deter shared threats in our industry
• Build close partnerships and implement efficient internal processes with business and technical teams to detect and mitigate threats before they can be exploited

Project Initiation and Execution

• Lead projects to implement new cybersecurity solutions or frameworks by developing business cases or conducting opportunity studies when needed
• Understand projects and services specificities in a multi locations environment with many remote management situations
• Ensure there are continuous PDCA (Plan Do Check and Action) cycles to improve services and solution in place in relations with KPIs/SLAs in place or to be developed

Stakeholder Relationship and Vendor Management

• Maintain good working relationships with internal stakeholders globally especially with Digital & IT management
• Support his/her Digital & IT peers in charge of infrastructure service operations and business applications to provide the right information security advice or solutions allowing them to provide the contributions to business domains
• Manage the suppliers by defining clear guidelines and objectives relying on KPIs in coordination with the governance in place. Challenge organization and governance in place to verify the company is obtaining best value and that vendors are meeting our information security needs and requirements

Resources Management

• Develop and own the budget proposal for the cybersecurity domain in accordance with the company guidance on budget directions
• Ensure financial governance and efficient use of resources to meet business objectives.
• Execute the budget in respect of its objectives in terms of services to operate solutions to deliver

• Perform ongoing security maturity level assessment to evaluate the effectiveness of security controls and explain the effectiveness to project teams business stakeholders and senior management

Qualifications :

Education

Indicate the type and level of education (including languages) required and whether they are essential or desirable. Describe the education required for the job.

Essential

• Bachelors degree in Business Computer Sciences Engineering or related field
• Relevant Cyber security certifications (CISSP CISM CISA CEH etc.)

Experience

Indicate the length and type of experience required to perform this job satisfactorily and whether they are essential or desirable.

Essential

• Minimum of 10 years experiences in Information Systems including minimum of 7 years experiences in the fields of Information Security Cybersecurity Risk Management including demonstrated competency in:

• Crossfunctional leadership and stakeholder relationship management (external and internal)
• Successfully implementing global cybersecurity programs and systems
• Implementing a riskbased cybersecurity framework

• Expert knowledge/experience with program implementations such as ISO NIST CSF COBIT and other related compliance frameworks
• Proven experience in performing risk business impact control and vulnerability assessments and in defining treatment strategies
• Successful experiences of project management applied to information systems and services
• International experience of working with teams spread across different countries and global stakeholders
• Proven experience in researching evaluating negotiating and managing thirdparty service providers.

Functional Competencies

Highlight the particularly important areas (aptitude expertise and skills) and whether they are essential or desirable.

                                                                                                                 Essential

• Expert understanding of cybersecurity concepts principles and practices
• Expert knowledge of current and emerging cybersecurity risks and innovative risk management methods and solutions
• Knowledge of security best practices in public cloud environments and SASE CASB SWG ZTNA technologies
• Broad knowledge and perspectives on information systems including business systems and services
• A strong understanding of the business impact of security tools technologies and policies
• Practical project management skills applied to information systems and services
• Strong collaboration/communication experiences in diverse/crosscultural organizations.
• Proven leadership skills in an ambiguous or changing environment.
• Strong in logical thinking time management decisionmaking and problem solving as able to manage multiple programs and priorities simultaneously.
• Excellent track records of delivering results.
• Excellent interpersonal organizational planning presentation documentation facilitation and communication skills and be capable to clearly articulate the viewpoint.
• Ability to communicate effectively up and down the management chain in the appropriate language and provides the appropriate level of detail and focus on the right information.
• Demonstrated initiative and ownership: Ability to lead guide and motivate people to deliver results; encourage risk taking initiative and responsibility; demonstrates the ability to effectively persuade others to listen commit and act on a new approach.
• Ability to work in a fastpaced environment leveraging internal and external resources to meet simultaneous deadlines/demands.

Santen Leadership Competencies

Highlight the most important SLCs required for the job (behaviors attitude mindset) and whether they are essential or desirable.

                                                                                                                    Essential

Generic style

• Independent & autonomous while still a strong teammate
• Strong sense of integrity
• Enthusiastic and selfstarting

Achieving Valuable Business Results

• Stays focus on business value
• Sets clear challenging goals then measures the result
• Deals with performance issues of the projects/implementations in a timely manner
• Look for new solutions new technologies using innovative approach

Thinking and Decision Making

• Takes a systematic and methodical approach to work
• Strong analytical research and problemsolving skills with a keen attention to detail
• Makes most effective questions before problems resolution plans are made
• Makes clear and timely decisions forwardthinking

Influencing

• Good interpersonal and communication skills in order to share knowledge with a variety of levels and to communicate effectively with business and technical functions
• Uses a mixture of data logical arguments and organizational knowledge to achieve the desired results
• Ability to prioritize incoming escalations and requests appropriately using clear communications.

:

Santen

SantenSantenSanten2030

SantenEqual Opportunity Employer //

Remote Work :

Yes

Employment Type :

Fulltime