Information Security Officer - EMEA

Location

Remote

Job Type

Company Overview

LumiraDx is a medical technology company developing, manufacturing and marketing smart connected diagnostics and diagnostic-led care solutions. Founded in 2014 by entrepreneurs with a successful track record in building and scaling medical diagnostics and health IT businesses, the company has major operations in the UK and the USA, and is supported by a global sales network, LumiraDx currently has over 900 employees worldwide. We have recently launched the innovative LumiraDx Platform, and are looking for proactive, experienced, focused and enthusiastic individuals who can make a significant contribution to the continued growth and success of our dynamic and forward-looking company.

Role & Responsibilities

Opportunity:

The key objective of this role is the implementation and management of the LumiraDx information security programme. The responsibilities include championship of the information security management system (ISMS), reviewing and updating the ISMS framework against the corporate standard, participating in the internal audit programme, monitoring the effectiveness of the ISMS, reporting KPIs and understanding regulatory environment for information security and data protection

 

Key Areas of Responsibility:

  • Responsible for product security strategy for LumiraDx products and services
  • Experience of software and hardware penetration testing techniques
  • Experience of implementing security standards and frameworks including IS27001, NIST, SOC, UL2900, HIPAA
  • Work to implement, evaluate and improve the Information Security Management System
  • Monitor and report on the effectiveness of the ISMS to local management and the CISO
  • Analyse, evaluate and produce KPIs, measures of effectiveness and other metrics relating to the ISMS.
  • Perform training, competency reviews and induction training for the ISMS.
  • Oversee the production and testing of IS aspects of business continuity plans
  • Oversee the production of risk management plans
  • Oversee the production of Data Privacy Impact Assessments
  • Participate in supplier relationship management
  • Information Security Operations
  • Member of Cyber Emergency Response Team (CERT)
  • Monitor cyber security tools for evidence of events and incidents
  • Establish and continually improve cyber emergency ‘play books’ with wider IS team
  • Participate in cyber emergency response rehearsal exercises
  • Maintain expert knowledge of regulatory, legislative and privacy environment
  • Participate in internal and external ISMS audit programmes
  • Identify non-conformances, create, implement and review corrective and preventative action plans
  • Responsible for compliance relating to the reporting and first line remediation of security events
  • Work with product team and provide security expertise and guidance
  • Improve security posture of LumiraDx products and services

Required Experience

Essential skills:

  • Experience of implementing security standards and frameworks including IS27001, NIST, SOC, UL2900, HIPAA.
  • Experience of software and hardware penetration testing techniques.
  • Information Security Operations.
  • Have, or be working towards and Information Security qualification including a cyber security related degree, CISSP, CISM.

 

Desirable skills:

  • Ability to be an advocate for the ISMS with business leaders.
  • Delivery of ISMS training and awareness programmes.
  • Flexibility in working style to meet business needs.
  • Strong team worker.
  • Health industry experience.

 

To apply to the role, please click APPLY

APPLY

Thank you for your interest. If you're successful in your application, you may be subject to all or some of the LumiraDx standard pre-employment checks. This includes employment references; Criminal records data checks which are processed as part of our recruitment process for employment or continued employment to comply with legal and regulatory obligations to which the company is subject. LumiraDx place a high level of importance on its responsibilities for information security and privacy and have put in place an information security management system to ensure that the company and its staff maintain the highest standards with respect to data protection and information security.