Cyber & Information Security Manager

ICON ICON is the world's leading clinical research organisation, providing outsourced clincal development and commercialisation services to the pharmaceutical, biotechnology and medical device industries.

View company page

ICON plc is a world-leading healthcare intelligence and clinical research organisation.
From molecule to medicine, we advance clinical research providing outsourced services to pharmaceutical, biotechnology, medical device and government and public health organisations.

With our patients at the centre of all that we do, we help to accelerate the development of drugs and devices that save lives and improve quality of life.

Our people are our greatest strength, are at the core of our culture, and the driving force behind our success.
ICON people have a mission to succeed and a passion that ensures what we do, we do well.

The Role:

ICON is seeking to hire a Cybersecurity Manager to join the Security Leadership Team, reporting to the VP of Cybersecurity.

The Cybersecurity Manager will be responsible for overseeing the internal and third-party cyber risk management program at ICON.
This is a crucial role in ICON's security program and is expected to deliver key initiatives, provide guidance and expertise to team members and business stakeholders and contribute to shaping the Information Security program and budget.

The successful candidate will be responsible for the following activities:

• Maintain an internal and third-party cyber risk management framework, policies, and business practices to ensure that a consistent and standardized methodology is implemented.
• Evaluate and define cyber risk appetite and risk tolerance throughout the organisation.
• Liaise with cybersecurity stakeholders (i.e., Red Team, Threat & Vulnerability Management , Cyber Threat Intelligence, Security Architecture, Security Engineering, Cyber Assurance) and IT stakeholders (i.e., IT Risk Management, SecOps, Technical Owners, Service Portfolio Managers) to ensure systemic cyber risks are identified, assessed, responded to and monitored.
• Ensure effective cyber risk assessments are performed and risk assessment results are communicated to Risk Owners and other stakeholders to elicit risk responses in a timely manner.
• Actively participate in IT Risk Oversight Committee meetings, steer risk remediation activities, and escalate risks where appropriate.
• Identify solutions to automate/enhance the effectiveness of cyber risk management lifecycle activities via IRM/GRC tools.
• Maintain a cybersecurity controls library using reputable control frameworks and tailoring/supplementing controls, as necessary.
• Ensure supplier security assessments are performed effectively and efficiently using a risk-based approach that drives the nature, timing, and extent of due diligence activities.
• Oversee the execution of continuous monitoring activities for key suppliers, which includes the use of security reputation service providers.
• Actively participate in the Supplier Risk Oversight Committee to communicate security concerns and initiatives that affect suppliers at ICON.
• Implement approaches to identify and address shadow IT/vendor activities across the organisation.
• Escalate supplier and nth-party cyber risks to ICON's internal and external stakeholders.
• Advise on scoping new supplier services based on the inherent cyber risk to ICON and consult with Procurement and other Assessment Teams (e.g., Data Privacy, Quality Assurance, Legal & Compliance).
• Lead and facilitate cybersecurity incidents associated with suppliers or nth parties to ensure notable security incidents are appropriately addressed, and collaborate with ICON's Cyber Resilience team and other departments (e.g., Data Privacy, Legal & Compliance) as necessary to comply with ICON's contractual and regulatory obligations.
• Advise on contracts with suppliers, as necessary, to address cyber third-party risks pertaining to ICON.
• Lead a team of cybersecurity professionals and oversee operational execution of the risk management and supply chain security service functions.
• Lead other initiatives and miscellaneous activities within the organisation (e.g., technical security assessments/audits, program maturity assessments, mergers and acquisitions due diligence, security architecture initiatives), as needed.
• Occasional travel may be required.

To be successful in the role, you will ideally have:

The successful candidate will gain experience of operating in a technically complex, fast-changing and dynamic environment.
Working as part of a global security team, the Cybersecurity Senior Manager must be a proven self-starter, leader, and have excellent organisational and communications skills.
The ideal candidate will have a genuine passion for Information Security and must have the ability to maintain composure under pressure and work calmly during an emergency.
They should also have a solid understanding in the following areas:

ISO/IEC 27001 Standards

NIST Cybersecurity framework

ISO 27005 / ISO 31000

NIST SP 800-39

MITRE ATT&CK Framework

Information Security Standards

NIST Secure Software Development Framework

Strong understanding of Layered Security (defense-in-depth)

Proven Problem-solving Skills

Network, Cloud and Mobile Security experience is a plus

Security Architecture knowledge is a plus

At least 5 -10 years in a security related role

Bachelor's degree in computer science, programming, or other related program

Significant experience with risk management methodologies, industry standards, managing an Information Security Management System (ISMS) and delivering key aspects of a security program in a regulated environment
Information security risk & governance experience
Solid vendor management experience across a variety of services
Experience with managing people and working directly with business and IT management positions (non-technical and technical)
Demonstrate a strong awareness of the current threat landscape

Nice to Haves

Presented on security topics at security conferences

Familiar with the laws, regulations, industry standards and guidance pertaining to Data Protection and Information Security

Familiarity with pharma, biotech and/or CRO operations or health sector (e.g., H-ISAC experience a plus)

IRM/GRC tool experience

Benefits of Working in ICON:

Our success depends on the knowledge, capabilities and quality of our people.
That's why we are committed to developing our employees in a continuous learning culture - one where we challenge you with engaging work and where every experience adds to your professional development.
At ICON, our focus is to provide you with a comprehensive and competitive total reward package that comprises, not only an excellent level of base pay, but also a wide range of variable pay and recognition programs.
In addition, our best in class employee benefits, supportive policies and wellbeing initiatives are tailored to support you and your family at all stages of your career - both now, and into the future.
ICON, including subsidiaries, is an equal opportunity and inclusive employer and is committed to providing a workplace free .