Senior Information Security Manager
Indexed description
Security plays a critical role in everything we do at Ambu - not only to protect our business, but ultimately to ensure patient safety and trust. As part of our ongoing global transformation, we are strengthening our security capabilities and elevating the role of information security across the organization.
In this role, you will not only optimize and further develop our GRC frameworks, policies, and procedures, but also play a key role in shaping and maturing our overall security posture. You will have strong visibility across the organization, including exposure to senior leadership, and a real opportunity to influence how security is embedded into our business.
This is not a maintenance role — it is an opportunity to actively contribute to building a strong and scalable information security foundation for the future.
Key Responsibilities
Your main responsibilities will include the following:
- Develop and Maintain GRC Frameworks: Enhance and update existing GRC frameworks, policies, and procedures to support a maturing security function.
- Drive Key Security Controls: Implement and manage security controls, including policies, procedures, supplier risk assessments, training and awareness programs, and metrics.
- Compliance Oversight: Ensure compliance with cybersecurity standards and regulations such as ISO27001, NIS2, and UK CE+. Conduct audits and assessments to identify and mitigate risks, and proactively strengthen the control environment.
- Cross-Functional Collaboration: Work with various departments to integrate security measures into business processes and decision-making.
- Risk Management: Identify, assess, and manage risks related to information security. Develop risk mitigation strategies that support business objectives.
- Training and Awareness: Develop and deliver training programs to enhance security awareness and ensure adherence to GRC policies and procedures.
- Metrics and Reporting: Establish and monitor key performance indicators (KPIs) to measure the effectiveness of GRC initiatives and develop presentations for senior management.
- 8+ years of experience in cybersecurity, preferably from large complex organizations.
- Bachelor’s degree or higher in Information Security, Computer Science, or a related field.
- Relevant information security certifications such as CISSP, CISM, CRISC.
- Proven experience in GRC management within the MedTech or healthcare industry is an advantage.
- Strong understanding of regulatory requirements, policies, procedures, and industry best practices.
- Excellent communication, stakeholder, and project management skills. Ability to work collaboratively with a structured and curious mindset.
- Experience working in a multiculture environment is an advantage.
- A proactive and improvement-driven mindset, with motivation to build, enhance, and shape security capabilities rather than maintain the status quo.
We offer great opportunities for personal development. Furthermore, we offer a wide range of professional, social and financial employee benefits in addition to exciting job challenges and continuous professional and personal development.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search