Information Security Specialist

<p style="text-align:left"><b>Work Schedule</b></p>Standard (Mon-Fri)<p style="text-align:inherit"></p><p style="text-align:left"><b>Environmental Conditions</b></p>Office<p style="text-align:inherit"></p><p style="text-align:left"><b><u>Job Description</u></b></p><p style="text-align:inherit"></p><p>As part of the Thermo Fisher Scientific team, you’ll discover meaningful work that makes a positive impact on a global scale. Join our colleagues in bringing our Mission to life every single day to enable our customers to make the world healthier, cleaner and safer. We provide our global teams with the resources needed to achieve individual career goals while helping to take science a step beyond by developing solutions for some of the world’s toughest challenges, like protecting the environment, making sure our food is safe or helping find cures for cancer.</p><p></p><p><b>Position Overview</b></p><p>We are seeking a highly motivated and experienced Information Security Specialist to lead and strengthen our organization’s data protection and information security governance framework.</p><p></p><p>This role is responsible for building and operationalizing integrated privacy and security strategies, ensuring regulatory compliance (e.g., ISMS-P, local and global data protection regulations), and enabling secure growth in cloud and AI-driven environments.</p><p></p><p>This is not a purely operational role. The successful candidate will serve as a strategic risk control leader, embedding Privacy-by-Design and Security-by-Design principles across the organization.</p><p></p><p><b>Roles and Responsibilities</b></p><p>1. Information Security Governance</p><ul><li>Develop and implement enterprise-wide information security strategy and roadmap</li><li>Conduct risk assessments and design internal control frameworks</li><li>Lead ISMS / ISMS-P certification management, audit readiness, and continuous improvement</li><li>Establish and maintain security policies, standards, and procedures</li><li>Oversee cloud security governance and compliance posture</li></ul><p></p><p>2. Privacy &amp; Data Protection</p><ul><li>Own the organization’s privacy governance framework and lifecycle management</li><li>Review new products, AI initiatives, and data use cases for regulatory compliance</li><li>Design and implement controls to prevent data breaches, misuse, and unauthorized access</li><li>Lead privacy impact assessments and risk evaluations</li><li>Ensure compliance with domestic and international data protection regulations (e.g., GDPR, cross-border data transfer requirements)</li></ul><p></p><p>3. Incident Prevention &amp; Response</p><ul><li>Establish structured security incident prevention and response processes</li><li>Lead post-incident analysis and remediation planning</li><li>Reduce organizational exposure to regulatory and reputational risks</li></ul><p></p><p>4. Security Awareness &amp; Cross-Functional Leadership</p><ul><li>Lead security and privacy awareness programs</li><li>Facilitate internal security working groups and governance forums</li><li>Partner with Legal, IT, Product, HR, and Executive teams</li></ul><p></p><p>5. AI &amp; Emerging Technology Risk Management</p><ul><li>Implement security governance frameworks for AI systems (including generative AI and ChatGPT Agent environments)</li><li>Design controls to mitigate data privacy and cybersecurity risks in advanced analytics and AI initiatives</li></ul><p></p><p><b>Qualification</b></p><ul><li>Minimum 5&#43; years of experience in information security and/or data protection</li><li>Proven experience in risk assessment and internal control design</li><li>Experience managing ISMS-P or equivalent certification frameworks</li><li>Strong understanding of data protection laws and regulatory compliance requirements</li><li>Experience in incident prevention and response management</li><li>Business-level proficiency in English (written and spoken) and fluent-level proficiency in Korean</li></ul><p></p><p><b>Preferred Qualification</b></p><ul><li>Experience in global or multinational organizations</li><li>Hands-on experience in ISMS-P audit or consulting</li><li>Cloud security governance experience</li><li>Professional certifications (CPPG, CISA, CISSP, ISO 27001 Lead Auditor, Information Security Engineer, etc.)</li><li>Experience managing privacy risks in AI-driven environments</li><li>Familiarity with ChatGPT Agent or AI automation tools</li></ul><p></p><p><b>보훈대상자 및 장애인 채용 안내</b></p><ul><li><p>써모 피셔 사이언티픽 코리아는 다양성과 포용성을 바탕으로 모든 인재에게 공정한 기회를 제공하기 위해 노력하고 있습니다.</p></li><li><p>국가를 위해 헌신하신 보훈대상자 및 장애인 지원자분들을 적극 환영하며, 관련 법령에 따라 우대합니다.</p></li><li><p>온라인 지원 시, (3) 장애 여부(Disabled) 또는 (4) 보훈 대상(Veteran) 항목에 해당하시는 경우 ‘Yes’로 표시해 주시기 바랍니다.</p></li><li><p>또한, 지원 시 제출이 필요한 서류는 누락되지 않도록 반드시 안내 링크를 통해 확인해 주시기 바랍니다.</p></li><li><p><a href="http://jobs.thermofisher.com/global/en/korean-special-recruitment" target="_blank"><span class="emphasis-3"><b>보훈대상 및 장애인 우대 채용 안내</b></span></a></p></li></ul><p></p><p></p><p></p><p></p>