Information Security Officer - EMEA
LumiraDx is a medical technology company developing, manufacturing and marketing smart connected diagnostics and diagnostic-led care solutions. Founded in 2014 by entrepreneurs with a successful track record in building and scaling medical diagnostics and health IT businesses, the company has major operations in the UK and the USA, and is supported by a global sales network, LumiraDx currently has over 900 employees worldwide. We have recently launched the innovative LumiraDx Platform, and are looking for proactive, experienced, focused and enthusiastic individuals who can make a significant contribution to the continued growth and success of our dynamic and forward-looking company.
Role & Responsibilities
The key objective of this role is the implementation and management of the LumiraDx information security programme. The responsibilities include championship of the information security management system (ISMS), reviewing and updating the ISMS framework against the corporate standard, participating in the internal audit programme, monitoring the effectiveness of the ISMS, reporting KPIs and understanding regulatory environment for information security and data protection
Key Areas of Responsibility:
- Responsible for product security strategy for LumiraDx products and services
- Experience of software and hardware penetration testing techniques
- Experience of implementing security standards and frameworks including IS27001, NIST, SOC, UL2900, HIPAA
- Work to implement, evaluate and improve the Information Security Management System
- Monitor and report on the effectiveness of the ISMS to local management and the CISO
- Analyse, evaluate and produce KPIs, measures of effectiveness and other metrics relating to the ISMS.
- Perform training, competency reviews and induction training for the ISMS.
- Oversee the production and testing of IS aspects of business continuity plans
- Oversee the production of risk management plans
- Oversee the production of Data Privacy Impact Assessments
- Participate in supplier relationship management
- Information Security Operations
- Member of Cyber Emergency Response Team (CERT)
- Monitor cyber security tools for evidence of events and incidents
- Establish and continually improve cyber emergency ‘play books’ with wider IS team
- Participate in cyber emergency response rehearsal exercises
- Maintain expert knowledge of regulatory, legislative and privacy environment
- Participate in internal and external ISMS audit programmes
- Identify non-conformances, create, implement and review corrective and preventative action plans
- Responsible for compliance relating to the reporting and first line remediation of security events
- Work with product team and provide security expertise and guidance
- Improve security posture of LumiraDx products and services
- Experience of implementing security standards and frameworks including IS27001, NIST, SOC, UL2900, HIPAA.
- Experience of software and hardware penetration testing techniques.
- Information Security Operations.
- Have, or be working towards and Information Security qualification including a cyber security related degree, CISSP, CISM.
- Ability to be an advocate for the ISMS with business leaders.
- Delivery of ISMS training and awareness programmes.
- Flexibility in working style to meet business needs.
- Strong team worker.
- Health industry experience.
To apply to the role, please click APPLY