Global Cyber Lead

Date: 15 May 2024

Location: Oxford, GB

Company: oxfordbiom

We are recruiting a for a global cyber lead – our most senior cyber role – to join the Information Systems Leadership Team.  This role protects the integrity and operations of OXB systems and data from external, internal and inadvertent threats by designing and implementing a holistic risk-based approach to cyber security.  

 

Located from our Oxford offices with the ability to work in a hybrid capacity, the role will collaborate closely with the Chief of Staff and consultant CIO for governance matters, the corporate risk team and of course the IT leadership for technical design and execution. 

 

Responsibilities in this corporate role would include: 

 

  • Lead the cyber strategy. Establish and maintain a holistic, risk-based approach to the cyber risk; considering all the threat-modes and mitigation actions; technical, governance and human-factors. 

  • Own the cyber framework. Establish and maintain a structure and systematic framework to capturing and manage the cyber risks.. 

  • Monitor and report. Put in place systems to ensure compliance with the established framework and relevant regulation. Update Exec and Board directly.  

  • Run the Data Protection Group. Lead the governance forum responsible compliance and controls including GDPR.  

  • Track and advise on threat-landscape. Proactively develop an understanding of the external threat environment and inside risks and ensure that those risks are understood within the organisation.  

  • Lead the virtual cyber team. Work with business stakeholders, IT peers and other risk professionals (including internal audit) to drive actions and integration of cyber thinking throughout the business. There is no immediate plan to build out a big centralised cyber team separate from IT. [The role has dotted line to the CEO/CoS for influence and visibility.]   

  • Participate in operational IT planning. Contribute to the overall technology and infrastructure strategy and roadmap. Represent the needs of the cyber strategy including key areas of perimeter security, detection tools, disaster recovery and backup regime. Cyber is more than IT but IT is a big part of it.    

  • Act as Internal Audit for cyber. Oversee and assure general IT controls and compliance with procedures, in particular around elevated privilege management, insider risks and protection of configuration. Work directly with Corporate Risk team (in Finance) to achieve this.  

  • Drive awareness and education. Raise the general business skill level of the key cyber considerations – for end-users, system owners/designers and management. So that we design-in cyber thinking to everything.  

  • Represent IS and Cyber in corporate planning. Contribute directly to whole-business business continuity planning and disaster recovery activities. Representing the cyber requirements and being part of the response.  

  • Incident investigation. Investigate all adverse events, including near-misses, and ensure mitigating actions are put in place and where relevant that incidents are managed in the Quality Management Systems.  

  • Incident support. Play an advisory role in live incidents. Supporting the COO with the correct application of policies and procedures. Oversee incident management to ensure framework is applied.  

  • Reporting. Routine communication to stakeholders and upwards to Board. Escalate risks. Manage CET and Board communication during an incident. 

 

We are looking for: 

 

  • Proven experience as a cyber or similar leadership role in information security.  

  • Broad technical knowledge of IT operating environment - network, servers, endpoints, enterprise applications and security associated tools. Whilst this role has a “bias-towards management and non-technical aspects” this role demands technical understanding.  

  • Deep technical knowledge of defensive and responsive cyber security systems and tools.   

  • Helpful to have experience in GxP life sciences operations or similar QMS governed safety-critical environment; appreciation and understanding of regulatory compliance and how changes are made.  

  • Highly structured approach to understanding and addressing the cyber risks including strategic and practical experience of risk assessment methods, technologies and tools.  

  • Understanding of the latest security principles, techniques, and protocols.  

  • Familiarity with laws, regulations, and standards in information security 

  • Experience working with ISO 27001/2 or similar; whether formally qualified certificated or not 

 

 

About Us: 

 

We are a quality and innovation-led cell and gene therapy CDMO with a mission to enable our clients to deliver life changing therapies to patients around the world. 

Our innovative solutions and proven expertise allow our clients in the biotech and biopharma industry, to deliver life-saving therapies to reach even more patients. 

The success of cell and gene therapy products transforms outcomes for millions of people suffering from some of the world’s worst diseases and medical conditions. 

 

What’s in it for you: 

 

  • Highly competitive total reward packages 

  • Wellbeing programmes 

  • Development opportunities 

  • A 35-hour working week 

  • Welcoming, friendly, supportive colleagues 

  • A diverse and inclusive working environment 

  • Our values are: Deliver Innovation, Be Inspiring and Have Integrity 

  • State of the art laboratory and manufacturing facilities 

 

We want you to feel inspired every day. We’re future-focused and our business is growing rapidly. We succeed together through passion, commitment and teamwork, and so can you. 

 

Collaborate. Contribute. Change lives 

 

Closing date for internal applications is 29th May 2024.