Job description
Are you looking to make a difference in a patient’s life? At AmerisourceBergen, you will find an innovative and collaborative culture that is patient focused and dedicated to making a difference. As an organization, we are united in our responsibility to create healthier futures. Join us and Apply today!
What you will be doing
(Position is Hybrid/Office Flex)
Position Summary:
The charter of the Information Security Office (ISO) is to partner with AmerisourceBergen’s business units, other corporate support functions, and user community to protect the corporate brand, data and assets.
The ISO is responsible for the design, implementation, operation and maintenance of an information security framework, processes and systems, that protect AmerisourceBergen’s business, services, information and systems against unauthorized use, disclosure, modification, damage and loss.
Under general direction of the ISO, this position is responsible for managing the development, implementation and management of multiple services, capabilities, controls and relevant components of the Information Security management framework at the enterprise level supporting one or more assigned AmerisourceBergen business units and affiliates.
Specific areas of responsibility include but are not limited to:
-
Managing the design, implementation and management of appropriate processes and controls which help to assure that information, created, acquired or maintained by authorized users, is used in accordance with its intended purpose.
-
Proactive identification of information security risks and protecting information and infrastructure from external / internal threats by implementing processes which help to manage and reduce the overall risk impact.
-
Driving initiatives which help to ensure compliance with contractual, statutory and regulatory requirements, regarding information availability, integrity and confidentiality.
-
Operational and financial responsibility for the development, implementation and delivery of appropriate security services and solutions to IT and directly to the business units and affiliates.
-
Providing leadership in establishing policies, guidelines, standards, processes, procedures, best practices and services in the areas of application, infrastructure, systems and services security.
Primary Duties and Responsibilities:
-
Participate in the design and manage the implementation of an Information Security Management System (ISMS) which includes appropriate policies, procedures, operational considerations, IT change control, and IT risk and compliance management programs.
-
These efforts include (but are not limited to): Information Security Governance processes, Policies & Procedures, Audits, Metrics and reporting in direct alignment with contractual, regulatory and compliance requirements.
-
Directly partner with the enterprise Finance, Legal, Audit and Compliance executives to support Internal and External Audits (SOX, COBIT, IT Controls).
-
Support the Business Unit and IT executives through the process of prioritizing security initiatives and spending based on relevant business risk and regulatory compliance issues, financial implications, and alignment with the strategic plan.
-
Support strategic and tactical security, risk mitigation and regulatory compliance guidance for all IT projects, including the evaluation of information security policies, processes, operating procedures and governance controls.
-
Lead the development, implementation and management of relevant metrics to measure the efficiency and effectiveness of the information security management systems (ISMS), risk management and related compliance programs.
-
Drive the development, implementation and management of an enterprise Information Security & Privacy Training & Awareness program to assure the workforce is knowledgeable of policies, best practices, and relevant security and data privacy guidance appropriate to their role in the organization.
-
Drive the tracking and resolution of Audit findings and remediation activities and support external and customer security audits.
-
Develop and implement appropriate metrics and KPIs and provide regular reporting on the information security program maturity, risk posture and management, and regulatory compliance.
-
In alignment with the Company's growth and direction, assists in managing the development of budgets, controls and measurements to monitor progress.
-
Performs related duties as assigned.
What your background should look like
Experience in one of the following areas: Information Security, Cyber Security, Security Governance and Solutions or Identity and Access Management
-
6-8 years progressively responsible experience in the design, implementation and management of Information Security Shared services for a global corporation (Fortune 500).
-
Experience managing functional business and technical teams in a large and complex environment to deliver related capabilities and services.
-
Seasoned manager of professionals and cross functional teams, who can develop and retain top talent in the field.
-
Demonstrated success in managing an Information Security Framework, solution and service for a cross functional corporation.
-
Extensive experience with healthcare regulatory and information security guidelines, audits as well as external audit processes and requirements.
-
Demonstrated successful implementation of security control frameworks and standards such as ISO 27001, ISO 17799, COBIT, ITIL, NIST and PCI.
-
Certification in Information Security relevant areas such as Audit (CISA), Security Management (CISM), Security Professional (CISSP) and/or equivalent business experience in a matrix Organization required.
-
Directly applicable International / Global Experience desired.
-
Excellent understanding of IT Security & Risk Management, strategic planning and the related tactical initiatives needed to achieve the plan.
-
Understanding of financial management and departmental budgeting desired.
-
Demonstrated ability to effectively present, manage conflicts and interact at Senior Executive levels (CEO, CIO, CFO and Controller) and resolve critical and sensitive issues with external partners and customers.
-
Demonstrated ability to meet objectives, deliver quality results in a high performance environment.
-
Excellent skills interacting and mediating sensitive situations at all levels of the organization and with external customers and auditors.
-
Ability to easily defuse critical situations and manage escalations appropriately.
-
Ability to communicate effectively both orally and in writing; ability to communicate with customers, associates and management in a cross functional matrix organization; solid teamwork and interpersonal skills.
-
Strong presentation skills, ability to present and discuss business issues, strategies as well as technical information in a manner that establishes rapport, persuades others, and gains understanding at all levels of the organization.
-
Ability to establish solid relationships with vendors in support of initiatives; ability to negotiate and manage outside vendors against deliverables.
-
Good business and financial planning, analytical, and conceptual skills to evaluate business risks and apply knowledge to identify appropriate solutions.
-
Solid project management skills including the ability to effectively deploy resources and manage multiple projects of various diverse scope in a matrix and cross-functional environment.
-
Solid knowledge of information security principles and practices
-
Excellent interpersonal, communication and collaboration skills to successfully interact and influence employees and key business partners and providers at all levels.
-
Excellent track record communicating, managing complex projects and influencing others, in a diversified and international matrix organization.
-
Adept at proposing, implementing and managing change while prepared to question the Status Quo.
-
High level of personal integrity with the ability to professionally handle highly sensitive and confidential situations with Executives, Customers and 3rd parties.
-
Ability to deal with ambiguity very dynamic and high speed and complex business environment.
-
Demonstrated ability to serve as a respected member of a senior management team and effectively communicate security-related concepts to a broad range of technical and non-technical management and staff, including executive management.
Work Environment:
-
The work environment characteristics described here are representative of those an associate encounters while performing the essential functions of this job.
-
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions:
-
The noise level in the work environment is generally quiet.
Physical and Mental Requirements:
-
The physical demands described here are representative of those that must be met by an associate to successfully perform the essential functions of this job.
-
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions:
-
Sedentary physical activity requiring reaching, sifting, lifting, finger dexterity, grasping, feeling, repetitive motions, talking and hearing.
-
Visual requirement is for close vision, distance vision, peripheral vision and ability to adjust focus.
-
75% or more time is spent looking directly at a computer.
-
Associate is frequently required to stand, walk (or otherwise be mobile).
-
Ability to deal with stressful situations as they arise.
What AmerisourceBergen offers
We offer a competitive total rewards package which includes benefits and compensation. Our commitment to our eligible population of team members includes benefit programs that are comprehensive, affordable, diverse, and designed to meet the needs of our team members’ and their families. Some of these programs include paid time off including paid parental leave, access to retirement savings vehicles, medical, dental, vision, and life insurance options, an employee stock purchase program, and other financial, health, and well-being focused benefits.
Because we take a balanced, global approach to our benefits, benefit offerings may vary by location, position, and/or business unit. Some benefits are company-paid, while others are available through team member contributions. For details visit
https://www.virtualfairhub.com/amerisourcebergen
.
Schedule
Full time
Affiliated Companies
Affiliated Companies: AmerisourceBergen Services Corporation
Equal Employment Opportunity
AmerisourceBergen is committed to providing equal employment opportunity without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, age, disability, veteran status or membership in any other class protected by federal, state or local law.
The company’s continued success depends on the full and effective utilization of qualified individuals. Therefore, harassment is prohibited and all matters related to recruiting, training, compensation, benefits, promotions and transfers comply with equal opportunity principles and are non-discriminatory.
AmerisourceBergen is committed to providing reasonable accommodations to individuals with disabilities during the employment process which are consistent with legal requirements. If you wish to request an accommodation while seeking employment, please call 888.692.2272 or email
hrsc@amerisourcebergen.com
. We will make accommodation determinations on a request-by-request basis. Messages and emails regarding anything other than accommodations requests will not be returned
abouteureka.com is the go-to platform for job seekers looking for the best job postings from around the web. With a focus on quality, the platform guarantees that all job postings are from reliable sources and are up-to-date. It also offers a variety of tools to help users find the perfect job for them, such as searching by location and filtering by industry. Furthermore, abouteureka.com provides helpful resources like resume tips and career advice to give job seekers an edge in their search. With its commitment to quality and user-friendliness, abouteureka.com is the ideal place to find your next job.