Head of Infrastructure Security

Italy, Milan
- Spain, Porrino
- Switzerland, BaselToday, Lonza is a global leader in life sciences operating across three continents. While we work in science, there’s no magic formula to how we do it. Our greatest scientific solution is talented people working together, devising ideas that help businesses to help people. In exchange, we let our people own their careers. Their ideas, big and small, genuinely improve the world. And that’s the kind of work we want to be part of.

The Head IT Security Infrastructure is accountable for the implementation of IT Security Controls, as well as the definition and implementation (together with IT Security) of appropriate security measures in terms of processes and technology. The role works in close collaboration with IT Infrastructure colleagues and IT Security & Compliance.

Key responsibilities:

- Participate in relevant Change Advisory Boards and act as an initial Single Point of Contact for infrastructure security relevant projects, including appropriate communication to senior business and IT management, as well as managing a direct and matrix organization of Subject Matter Experts.
- Define and fully implement effective vulnerability remediation measures on both procedural and technology layer (e.g. system hardening, patching, lifecycle management).
- Drive security culture within IT Infrastructure.
- Oversee IT Security related Infrastructure services and drive potential improvements.
- Co-ensure that regulatory security and data protection requirements are fulfilled on the infrastructure level, e.g. GxP and GDPR.

Key requirements:
**Education**:

- Masters degree in computer science or information security or equivalent work
- or education-related experience.

**Experience**:

- Minimum of 7 years in Information technology, ideally track record hands on experience in either IT operations or software development.
- The role requires at minimum 4 years of relevant infrastructure security expertise, thereof a minimum of relevant 2 years in senior infrastructure or security. Track record of leading security projects and being the security lead for IT projects.
- An Operation Technology background is desired.

**Licenses or Certifications**:

- Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), ITIL v4 fundamentals or other similar credentials, is desired.

**Knowledge**:

- Knowledge and understanding of relevant legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA), EU General Data Protection Regulation (GDPR) and Payment Card Industry/Data Security Standard.
- Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT and ones from NIST.

**Skills**:

- The position requires a pragmatic leader with sound knowledge of business management, high quality thinking and working and excellent knowledge in various IT technologies and services, including secure design principles.
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate infrastructure and security related concepts to technical and nontechnical audiences.
- Exhibit excellent analytical and solution oriented engineering mindset skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
- Project management skills: financial/budget management, scheduling and resource management.
- Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.

**Qualities & Attitude**:

- Poise and ability to act calmly and competently in high-pressure, high-stress situations.
- Must be a critical thinker, with strong problem-solving skills.
- High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity.
- High degree of initiative, dependability and ability to work with little supervision.

Every day, Lonza’s products and services have a positive impact on millions of people. For us, this is not only a great privilege, but also a great responsibility. How we achieve our business results is just as important as the achievements themselves. At Lonza, we respect and protect our people and our environment. Any success we achieve is no success at all if not achieved ethically.

People come to Lonza for the challenge and creativity of solving complex problems and developing new ideas in life sciences. In return, we offer the satisfaction that comes with improving lives all around the world. The satisfaction that comes with making a meaningful difference.

**Reference: R55120**: