Skills

Incident Response Risk Management Monitoring Training Architecture Security Architecture Organization

Job Specifications

Chief Information Security Officer (CISO) | Driving Secure Digital Healthcare Transformation

The assignment involves supporting the organization in developing, implementing, and maintaining an organization-wide information security policy and management framework. The services are risk-driven and aim to ensure the availability, integrity, and confidentiality of information and critical processes.

General Tasks and Responsibilities

Developing, maintaining, and improving an Information Security Management System (ISMS).
Translating relevant laws, regulations, and standards (including NIS2 and ISO/IEC 27001) into concrete security measures.
Managing and updating the information security policy, guidelines, and standards.
Supporting the integration of information security within enterprise risk management and internal control systems.
Advising management on risks, maturity levels, and priorities related to information security.

Risk Management and Compliance

Establishing and maintaining a central information security risk register.
Conducting or coordinating periodic risk assessments.
Monitoring mitigation measures and reporting on residual risks.
Supporting internal and external audits and compliance processes.

Security Architecture and Operations

Advising on security architecture for networks, systems, cloud environments, and applications.
Assessing security designs and changes impacting information security.
Overseeing logging, monitoring, vulnerability management, and patch management.
Supporting the development of detection and response mechanisms.

Incident Management and Continuity

Maintaining an incident response framework and related procedures.
Advising on the handling of security incidents and coordinating post-incident evaluations.
Supporting the development and testing of business continuity and disaster recovery plans.

Supplier and Supply Chain Security

Supporting the assessment of security risks related to external suppliers and service providers, including cloud and SaaS solutions.
Advising on appropriate security clauses and controls.

Awareness and Training

Developing a strategic information security awareness program, including awareness campaigns, training sessions, and simulated exercises.

Reporting and Consultation

Providing periodic reports to management on the status of information security, key risks, incidents, audit findings, and the progress of improvement initiatives.

Scope of Services

The services will be delivered based on an average commitment of 20 hours per week. The planning and specific implementation of activities will be aligned with the organization’s priorities and risks.

About the Company

We’re Harvey Nash, and we build amazing technology and digital teams. From senior appointments through to recruitment and project solutions, we are experts in the tech sector. Established in 1988, we have helped over half the world’s leading companies recruit, retain, source and manage the highly skilled tech talent they need to succeed in an increasingly competitive, global and technology driven world. With over 3.300 staff in more than 49 offices across Europe, Asia-Pacific and the U.S and Canada, we have built a rep... Know more