IT Security Specialist role - responsible for managing IT security covering both Enterprise and production IT environments.

Given the sensitivity of our enterprise and production environments, and the nature of our work in Clinical Trials, the necessity to capture robust data on patients, volunteers and subjects, in a way which does not directly identify any individual to the data captured, and yet connect the data with the individuals, has made IT Security a vitally important component to what we do. The arrival of GDPR has brought further challenges to an already important area.

We capture detail on individuals - the drugs they are trialling for our clients, how long for, what they took, their experience during their trial with both objective and subjective data being captured. The data is captured through handheld devices - mobile phones and tablets. Our clients and the regulatory authorities require this information to be stored for 25 years. And then we are also faced with the same issues other companies encounter - data captured on clients, suppliers and employees. All of these areas, the enterprise and production environments are protected.

This is a key role within the organisation, protecting IT security for CRF Health and all those that touch our systems.

Working out of our Helsinki, Finland offices, you will work closely with others in IT, and other business streams.

• Work with internal departments to understand security related requirements
• Contribute in IT security strategy development to ensure customer and legal requirements are met
• Develop and carry out information security plans and policies
• Troubleshoot, resolve security issues together with infrastructure and hosting teams
• Ensure all changes are documented and tested to meet our Quality Management System requirements
• Provide security awareness training to individuals and user groups within the company
• Conduct periodic network scans and penetration testing to find any vulnerability
• Monitor networks and systems for security breaches
• Investigate security breaches
• RFI/RFQ commenting
• Periodic review of security logs of various systems (Access, Firewall, Antivirus, etc.)
• Periodic review elements that contribute to security
• Contribute in security process development
• participation in audits (Customer and authorities)

• Strong experience within corporate security and networking
• Bachelor’s Degree in Business, IT or relevant experience
• Minimum 2 years’ experience in IT security
• Expertise in anti-virus software, SIEM, intrusion detection, firewalls and content filtering
• Expertise in designing secure networks, systems and application architectures
• Strong documentation, process mapping and communication skills, being able to communicate complex technical matters in an easy to understand way.
• Strong business analysis and functional experience, including requirements gathering, creating/deploying solutions to end users
• Good understanding of ISO 27001 and other requirements such as GDPR
• Understanding of ITIL framework (Incident, Change, Demand and Release Management)
• You’re a pragmatic problem-solver, possessing outstanding attention to detail and a proven ability to break problems down and resolve them efficiently.
• Can work independently without hands on management effectively communicating with an overseas manager.
• Domestic and international travel may be required

Desired skills:

•  Ability to communicate well, facilitate and/or challenge decisions within or across teams leading to a collaborative outcome/plan.
• Knowledge of risk assessment tools, technologies and methods
• System administration, supporting multiple platforms and applications
• Certifications such as ITIL, CCNA, CISSP or CISA are beneficial
• Understanding of HIPAA (Health Insurance Portability and Accountability Act) requirements
• Experience in scripting e.g. PowerShell is beneficial