Philips Group Information Security (CSO) is responsible for the protection of confidentiality, integrity and availability of Philips information assets, Philips Group Information Security is part of Philips Group Security, reporting to the CFO of Philips. We are on an exciting journey to build and improve a risk-based information security culture for our organization. You could be a part of this journey!
You will be part of the supplier security team (based in NL and India), reporting to the Sr. Director and Head of GRC. As senior member of your team you ensure the right level of control for Information Security risk (Philips and third parties) and develop, maintain and provide world class security standards and policies in this very area. As we are growing at a very fast pace, we are looking for talent to strengthen our team! Within our global network, you will have the opportunity to be working with colleagues from all over the world that are as passionate about what they do, as you are!
Working risk-based and managing the third party security framework and everything that comes with it is your challenge. You manage third party execution of security management by understanding, evaluating and executing the Philips Risk Assessment framework. You receive input from, and set requirements for, other CISO/CSO departments. You’ll have a key role in identifying, quantifying, and reducing risks to the security of information that reside within third parties.
Together with your junior team member you will implement and improve security measures to ensure information security at vendors, suppliers and other third parties. You will guide partners to understand and enforce all Philips’ security concepts.
Develop and implement an industry standards based best practice risk management methodology for third party supplier risk.
Create and embed security policies, standards, and ensure awareness and adoption is driven throughout third parties
Establish and deliver centralized reporting within Philips and to the business markets on the effectiveness of the security function and its performance against strategic objectives
Develop and implement an a comprehensive inventory of third parties and the risks involved
Develop, implement and embed a rules based due diligence testing method
Create and empower organizational alignment to emphasis broad and deep third-party management within Philips
What We Are Looking For
University degree in the field of Technology or Business Administration
Contracting in the context of security clauses
Act as the policy setting department and assess others on compliance.
5 years of relevant experience such as in Governance, (IT) Risk & Security, Compliance and Assurance
Certifications such CTPRP CISSP, CCSK, CIPP, CRISC, CISA,
Managing Vendors in a complex environment & in (Vendor) due diligence investigations
Practical experience in highly regulated environment (FDA, SoX, Export, Privacy, BASEL, FFIEC)
Demonstrates proven extensive functional knowledge of IT security management frameworks, especially ISO 27001 and 27002, and how they are applied in the context of broader IT management frameworks and related systems and processes
Experience with assurance reporting such as SOC1, SOC2, ISAE3402 and others
Actively build networks with key contacts in- and outside Philips for his specialism to keep abreast of new developments/insights
Take actions and decisions based on best-in-class security ambition
Evaluate measures in terms of assessing risk to reach realistic mitigation and risk-balanced choices
Attention to detail and willingness to dive into technical details
Act and decide towards intended and agreed results
Combine abstract ideas at a high conceptual level and use it to generate new types of solutions
Philips is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to of race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.