ISMS Program Manager

ISMS Program Manager

Overview

We are seeking a highly skilled and experienced ISMS Manager to lead and maintain our Information Security Management System (ISMS) within the Hospital Patient Monitoring (HPM) Business. The Information Security Manager will be responsible for effectively managing and maturing the HPM ISMS, executing overall risk management processes, providing oversight to meet business objectives and to ensure protection of the product platform and environments. This individual works collaboratively with platform development and operations, quality and regulatory, group security, product security and privacy to maintain suitable levels of compliance to applicable laws and regulations through adherence to ISMS policies.

This role is critical to ensuring the confidentiality, integrity, and availability of sensitive patient and organizational data, while maintaining compliance with healthcare regulations such as HIPAA, GDPR, BSI C5, ISO/IEC 27001, and other relevant standards.

Key Responsibilities

• Develop, implement, and manage the organization's ISMS framework in alignment with ISO/IEC 2700, BSI C5 and healthcare-specific standards.
• Lead the Information Security Council within Hospital Patient Monitoring, driving towards milestones and objectives; leading risk assessments, gap analyses, and internal audits to ensure ongoing compliance and continuous improvement.
• Support the harmonization of existing security frameworks in HPM with the ISMS
• Develop and maintain all relevant documentation, policies, procedures, standards and work instruction for security operations and secure development lifecycles establishing and embedding controls into daily ways of working.
• Facilitate the management and reporting of risks identified through various risk assessments to include risk treatment plans execution to reduce risk to an acceptable level.
• Identify, implement and manage additional security controls as part of the ISMS
• Ensure that security roles and responsibilities are understood at all levels within the organization; evangelize a security and privacy mindset
• Evaluate the impact of new and changing legal and regulatory requirements that may affect the business; identify gaps within the ISMS and communicate to affected policy and process owners to create a mitigation plan.
• Collaborate with Group Security officers to implement security controls at various layers of the platform as part of continuous integration and deployment pipeline
• Maintain an audit reporting framework that produces artifacts which support security and compliance needs
• Identify non-compliant and ineffective security processes and controls including those of critical third parties and prioritize actions associated with risk management and continuous improvement activities
• Assess suppliers and service providers identifying third party risks using a standard information gathering questionnaire
• Provide management and support of security testing to ensure that controls are adequate to meet legal, regulatory, policy, standards and security requirements
• Maintain current knowledge of the Information security field and the changing threat landscape while implementing improvements in both technical security and compliance domains mitigating risks identified as part of the risk management process
  Report on ISMS performance, incidents, and audit findings to senior leadership.

Qualifications

• Bachelor's degree in Information Security, Computer Science, or related field (Master's preferred).
• Professional certifications such as CISM, CISSP, ISO 27001 Lead Implementer/Auditor, or HITRUST Certified.
• Familiarity with BSI C5
• Experience with: Platform Security, Cloud Computing Security, Data Security, Network Security, Security Assessment, Security Governance, Computer Security Incident Response and Security Compliance Audit
• Strong relationship building and influence skills balance with vision and ability to innovate
• Minimum 8 years of experience in information security (and/or related functions i.e IT audit, IT Risk Management), with at least 2 years in ISMS management.
• Strong understanding of healthcare regulations and data protection laws.
• Experience with risk management tools, GRC platforms, and audit processes.
• Excellent communication, leadership, and project management skills; Ability to manage multiple projects and priorities
• Hands-on experience in a global high technology security role, preferably a combination of risk management information security, business continuity, and security operations.
• Expertise in technical and business environment, familiarity with national security standards, experience with business continuity, disaster recovery, auditing, risk management, vulnerability assessment and cyber security incident management.
  Fluent in English is mandatory

How we work together

We believe that we are better together than apart.

For our office-based teams, this means working in-person at least 3 days per week at our Varginha office

**We are also considering internal candidates from the India office**

About Philips

We are a health technology company. We built our entire company around the belief that every human matters, and we won't stop until everybody everywhere has access to the quality healthcare that we all deserve. Do the work of your life to help the lives of others.

• Learn more about our business .
• Discover our rich and exciting history .
• Learn more about our purpose .

If you're interested in this role and have many, but not all, of the experiences needed, we encourage you to apply. You may still be the right candidate for this or other opportunities at Philips. Learn more about our culture of impact with care here .