IT Security & Data Protection Manager
Nyon - Switzerland
FULL TIME PERMANENT
As a market leader, EMS sets new standards in the design, manufacturing and sale of devices used for medical and dental treatments. EMS products benefit from a tradition of flawless Swiss precision and craftsmanship.
Founded more than 30 years ago, EMS offers valuable solutions in the fields of:
► Dental Prevention – inventors of Guided Biofilm Therapy: evidence based protocol for biofilm management on teeth, soft tissues and implants and the original Airflow®, Perioflow® and PIEZON® technologies.
►Urology – market leaders in endoscopic lithotripsy, EMS shapes the history and future of stone management with its LithoClast® and LaserClast® product range.
►Shock Wave Therapy - inventors of RSWT® (Radial ESWT) and developers of the Swiss DolorClast® Method for the effective treatment of muscular-skeletal pathologies and dermatological conditions.
Respect, excellence and client orientation are EMS’ core values.
At EMS we strive for perfection and are committed to improving the quality of life for clinicians and their patients by providing innovative solutions that deliver proven treatment outcomes.
Quality is part of EMS’ DNA, it is engraved in EMS’ Mission.
EMS believes that they can accomplish this Mission only by providing effective, safe, and reliable solutions exceeding consumers'expectations.
Your main missions will be:
►The IT Security and Data Protection Manager provides the vision and strategies necessary to ensure the confidentiality, integrity, and availability of electronic information at EMS. She/He is the person primarily responsible for understanding the main data flows within EMS, raising awareness of internal and external IT security and data protection requirements, providing or organizing data protection and security training for EMS employees and contracted staff and handling any security breach as well as data protection queries, requests or complaints.
►To support these activities, the IT Security and Data Protection Manager coordinates activities with other departments, including the evaluation, procurement, and deployment of security-related products and data protection processes and procédures.
►The IT Security and Data Protection Manager may also coordinate others IT activities with other departments including the evaluation, procurement, and deployment of IT-related products and governance processes and procédures.
►Data protection and Security program:
-Lead EMS data protection program, under the management of the Head of IT,
-Creates information security strategies, both short-term and long-range, in support of EMS goals,
-Give regular updates to senior management on security and data protection issues and risks, and/or progress on security and data protection initiatives,
-Perform a periodic review of the EMS IT Security and Data Protection Policy,
-Oversees all ongoing activities related to the development, implementation, and maintenance of EMS information security and data protection policies and procedures by ensuring these policies and procedures encompass the overall security of electronic information at rest or in motion and assisting departments in local process and procedure development, ensuring they are not in conflict with the policies.
►Data processing register:
-Provide support for the implementation of the data processing register,
-Work with EMS business units to review the data processing register at least annually to ensure that it is accurate and up-to-date.
-Initiate, facilitate & promote activities to enhance IT security and data protection awareness,
-Support incorporation of data protection and IT Security elements for new starter process,
Breaches, queries, access requests and complaints:
-Establish and coordinate processes to handle personal data queries, access requests and complaints from employees, customers or suppliers,
-Establish and coordinate IT security and data breach response plan to be followed in the event of an actual or suspected data breach,
-Ensure relevant internal people are informed and data protection authorities and individuals are notified (where applicable),
-Directs an ongoing, proactive risk assessment program for all new and existing systems and remains familiar with EMS goals and business processes so effective controls can be put in place for those areas presenting the greatest information security risk. (For Data Protection, this will be the Data Protection Impact assessments).
-Be the point of contact within EMS for external Security and data protection audits, pen tests, phishing simulations and other similar exercises,
-Ensure that appropriate measures are taken to mitigate any risk identified as part of an audit.
KEEP IT SIMPLE
► Strong ability to present complex solutions in clear, simple terms.
-BS/MS degree in Computer Science, Engineering or a related subject,
-Proven working experience in managing IT Security and Data Protection domains.
-Solid IT Governance knowledge,
-Experience with IT Architecture,
-Solid experience with IT Security,
-Solid networking knowledge (OSI network layers, TCP/IP),
-Strong written and verbal communication skills including technical writing skills.
►Need to travel: occasionally,
►Reporting to IT Infrastructure Group Leader.