Job Description

Siemens Healthineers develops MedTech products that support better patient outcomes with greater efficiencies, giving providers confidence that they need to meet the clinical, operational, and financial challenges of a changing healthcare landscape. With 70,000+ employees Siemens Healthineers is one of the world's largest suppliers of technology to the healthcare industry. As a global leader in medical imaging, laboratory diagnostics, and healthcare information technology, we have a keen understanding of the entire patient care continuum-from prevention and early detection to diagnosis and treatment.
Brief Description:
The Cybersecurity Management System (CYSMS) is a structured framework of processes, technology, and people designed to protect and manage organizational information assets, covering Information Security and Data Privacy, and is compliant with ISO/IEC 27001:2022. Corporate Cybersecurity oversees the establishment and continual improvement of CYSMS, using a multi-site certification approach to standardize practices across all locations.
As a Senior Information Security Professional, you will onboard new sites globally into CYSMS Multisite certification and maintain their certification through ongoing improvements, audits, and preparation for external reviews.
To successfully implement this multi-site approach, we need YOU!
What are my key Responsibilities?
You will be working with global team for onboarding new locations across the globe into CYSMS Multisite certification, by performing gap analysis, guiding sites through remediation and process fixes, conducting/coordinating internal audits and management reviews and preparing for external audit.
Main responsibilities are:

• Lead onboarding of new global locations into CYSMS Multisite certification, including gap analysis, remediation, internal audits, and management reviews.
• Maintain ISO 27001 certification across all sites, planning milestones, conducting audits, and ensuring continual improvement.
• Guide information security professionals and coordinators in implementing ISO 27001 controls.
• Coordinate with global Cybersecurity and SHS functions to meet requirements and regulatory standards.
• Conduct regular risk assessments and ensure compliance with ISO 27001 and CYSMS requirements.
• Develop and maintain local security policies and documentation as needed.
• Oversee operational security measures, support incident response, and ensure timely resolution and documentation.
• Follow up on audit recommendations, maintain audit trails, and extend implementation to additional standards (e.g., ISO/IEC 27701, GDPR) as required.
• Monitor and review CYSMS effectiveness, document outcomes, and drive continual improvement.
• Share insights and best practices to support cross-site harmonization and readiness for multi-site ISO/IEC 27001 certification.

What do I need to qualify for this job?

• Bachelor's degree in engineering, Information Security, Computer Science, or a related field with 10+ years of working experience in Information Security space. Must possess Lead Auditor certification in ISO 27001 standard for at least 5 years. Must have been directly responsible for planning & executing external audits for certifications.
• Proven experience of working as a lead in a global cross-functional organizational setup for 2-3 years.
• Strong understanding of ISO 27001 requirements, information security principles, risk management, IT infrastructure set up and regulatory requirements.
• Previous experience in transitioning a large organization (2000+ employees) from 2013 standard to 2022 standard of ISO 27001 or similar experience is highly preferred.
• Proven experience in implementing ISO 27701 PIMS standards or GDPR (Data Privacy) in a large organization is highly preferred.
• Proven ability to coordinate many stakeholders from various departments to achieve a common result for the organization.
• Excellent communication, presentation and interpersonal skills along with ability to make decisions for complex scenarios and proven ability to handle escalations. Proven ability to report and present to leadership team.
• Familiarity with Software development best practices for ensuring security.
• Previous experience with Governance responsibilities at global level will be preferred. You may be required to travel to global locations on need basis, which is expected to be approximately around 30% a year.
• Shall work in a holistically driven security environment, combination of Information Protection, Cybersecurity, Corporate Security, HR-Security and more

What else do I need to know?

• Familiarity with ISO/IEC 42001 (Standard for AIMS).

• Familiarity with ISO/IEC 22301 (Standard for BCMS)

Siemens Healthineers is dedicated to equality, and we welcome applications that reflect the diversity of the communities we work in. All employment decisions at Siemens Healthineers are based on qualifications, merit and business need. Bring your curiosity and imagination and help us shape tomorrow.
We are looking forward to receiving your online application. Please ensure you complete all areas of the application form to the best of your ability as we will use the data to review your suitability for the role.

Skills Required