Information Security Compliance Specialist

Life Unlimited. At Smith+Nephew, we design and manufacture technology that takes the limits off living.

Join our dynamic team and embark on an exciting journey of innovation and growth as we seek a hard-working and dedicated individual for role of Information Security Compliance Specialist to join our company's Governance Risk & Compliance function and lead/support Cyber Security Certifications Program.

What will you be doing?

• This role offers the opportunity to gain and expand expertise in abroad range of the most recognized cybersecurity compliance frameworks.
• Smith & Nephew’s Cyber Security Certifications Program currently includes:
• - SOC 2 Type 2/3
• - Spanish ENS Certification
• - ISO 27000 Series
• - HITRUST

• The program is led by an existing Certification Program Manager, to which this role will report. Depending on experience and expertise this role will be required to support or lead one or more of the certification activities above.

• The role requires contribution to Smith and Nephew Global Cybersecurity strategy, collaboration with external vendors, managing annual contracts and supporting Control Owners through Control Design and Audit Activities.

• In addition to Program responsibilities, the role will also be required to support a number of cybersecurity operational activities, e.g. design of information security controls, execution of system audits, and review/management of security policy exceptions.

• The work requires close partnership with Control Owners in Information Security, Third Party Vendors, IT and the Business.  The successful candidate needs to be self-motivated, able to manage programs / external audits and influence stakeholders.

What will you need to be successful?

• Education: Bachelor’s degree in a Computer Science or related field, or an equivalent combination of training and experience.
• Licenses/ Certifications:
• Candidates should have proven experience with one or more of the following Certifications: ISO 27001, SOC, HITRUST.
• Operating Mode: Work from office – Hybrid, 2 days in a week.
• Experience:
• Proven relevant experience of 5+ years in IT information security.
• Set up and management of audits, including scheduling, scoping, and support during external assessments.
• Evidence collection and triage to support audits and attestations.
• Design and review of security controls, including control assessments and coordination with control owners.
• Meetings with vendors and external auditors to support certification and audit processes.
• Communication with internal stakeholders, including status updates and reporting.
• Program planning, including defining milestones and timelines, and contributing to the design and delivery of new certification and attestation programs.
• IS Controls Design, Performing Systems Audits, Reviewing Security Policy exceptions.
• Ability to work independently and proactively without daily direction. Working across multiple teams and business lines.

You. Unlimited.

We believe in crafting the greatest good for society. Our strongest investments are in our people and the patients we serve.

Inclusion + Belonging - Committed to Welcoming, Celebrating and Thriving. Learn more about our Employee Inclusion Groups on our website https://www.smith-nephew.com/

Other reasons why you will love it here!

• Your Future: Major Medical coverage + Policy exclusions and insurance non-medical limit. Educational Assistance.
• Work/Life Balance: Flexible Personal/Vacation Time Off, Privilege Leave, Floater Leave.
• Your Wellbeing: Parents / Parents in Law’s Insurance, Employee Assistance Program, Parental Leave.
• Flexibility: Hybrid Work Model (For most professional roles)
• Training: Hands-On, Team-Customized, Mentorship
• Extra Perks: Free Cab Transport facility for all employees, One Time Meal provided to all employees as per shift. Night Shift Allowances.

#YS1