Careers at ThermoFisher Scientific


What Story Will You Tell?
Apply Now >>    
Job ID :
Location :
US - Maryland - Frederick
Job Description

Director, IT Security Risk Management

When you’re part of the team at Thermo Fisher Scientific, you’ll do important work, like helping customers in finding cures for cancer, protecting the environment or making sure our food is safe. Your work will have real-world impact, and you’ll be supported in achieving your career goals.

The Director, IT Risk Management has global responsibility for the IT Risk Management program including the strategy, planning, and execution. He/she will own the overarching program which defines the Corporation’s Security Policies (and other related documents), Security Education and Awareness, Business Security Management, IT Security Compliance, Vulnerability Management, Security Risk Assessment Framework which provides governance and oversight (based on corporate security policy, industry best practice and regulatory requirements) into corporate projects, initiatives and systems within the environment.

Key Responsibilities:

  • Owns the overarching IT Risk Management Program
  • Responsible for defining, resourcing, and ensuring the continuous improvement of the following sub programs:
    • Corporate Security Policies (and other related documents)
    • Security Education and Awareness
    • Business Security Managers/Liasons
    • IT Security Compliance
    • Vulnerability Management Program
    • Security Risk Assessments
  • Ensures excellent consistency, documentation, and process across all programs.
  • Institutes and maintains an effective communication program for the organization, including understanding of new and existing security documents (i.e. policies, standards, guidelines, procedures, and processes), education/awareness, and risk management / compliance issues related to certification & accreditation
  • Develop a team of business security liasons across the various business divisions and groups of Thermo Fisher to ensure the corporation are appropriately applying the security program to gain program breadth, visibility, and control of our environment.
  • Defines and responsible for standing up a corporate risk register through a well organized assessment methodology, including vulnerability assessment, so that risks identified can be tracked appropriate to remediation/mitigation.
  • Coordinates security risk assessments for new projects, technologies and partnerships (SaaS/Cloud solutions) along with InfoSec / Cyber Security, Legal, Internal Audit and Business teams
  • Collaborates with other departments (e.g., Risk Management, Internal Audit, HR, Legal, etc.) to direct compliance issues to appropriate existing channels for investigation and resolution.
  • Consults with internal attorney’s as needed to resolve potential legal compliance issues
  • Provides expert oversight on IT Security aspects when it comes to pertinent regulatory requirements such as PCI, HIPAA, SOX, etc.
  • Proactively advise the business on how to maintain compliance
  • Perform other duties as assigned

Minimum Requirements/Qualifications:
  • Past Senior Management or Director experience managing teams of senior security professionals
  • Bachelor’s Degree in Information Assurance, Security, Management Information Systems, Risk Management or equivalent work experience acceptable
  • Relevant technical certificates a plus
  • 8+ years of related security risk assessment, vulnerability management, or audit work experience
  • Strong interpersonal and excellent documentation skills are a must
  • Ability to explain and champion technical concepts to a broad audience focusing on business acumen
  • Excellent customer service skills required
  • Strong analytical and product management skills required, including a thorough understanding of how to interpret customer business needs and translate them into application and operational requirements
  • Excellent verbal and written communication skills and the ability to interact professionally with a diverse group, executives, managers, and subject matter experts

Non-Negotiable Hiring Criteria:
  • Strong attention to detail, organizational skills
  • NIST 800-53, ISO 27001/2 experience, CISSP, CISM or CISA certification
  • Comprehensive knowledge of and proven ability in the following:
    • Strong knowledge of risk analysis and information security
    • Knowledge of compliance and security requirements under PCI, GLB, HIPAA and internal legislation when appropriate for business. (EU Data Protection Directive, Canada Personal Information Act, etc)

At Thermo Fisher Scientific, each one of our 50,000 extraordinary minds has a unique story to tell. Join us and contribute to our singular mission—enabling our customers to make the world healthier, cleaner and safer. Apply today http://jobs.thermofisher.com

Thermo Fisher Scientific is an EEO/Affirmative Action Employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability or any other legally protected status.

Thermo Fisher Scientific is an EEO/Affirmative Action Employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability or any other legally protected status.
Apply Now >>    
Join our Talent Community

If you're ready to make a difference in the world, you can do it here.