Associate Information Security Consultant

The Associate Information Security Consultant works with various internal and external groups to ensure that AbbVie information security policies, practices, and procedures are accurately implemented within AbbVie Operations. The role analyzes business and IT programs and goals from inception to end of life to make sure that appropriate controls are applied throughout the entire lifecycle to minimize risk.

Responsibilities:

Establish and maintain positive relationships with IT and Business System Owners to understand goals, programs and plans. Evaluate and articulate program security requirements; identify potential security risk factors and business impact.

Engage AbbVie Third Party Vendors to assess security posture, remediation requirements and compensating controls as they apply to Business Programs.

Develop in-depth knowledge of Security policies, processes and procedures, as well as compliance processes and initiatives in order to provide domain expertise and guidance to Manufacturing Operations.

Provide Information Security expertise and guidance to IT and Business System Owners to ensure an appropriate balance between security risks and business enablement for identified business programs and initiatives.

Review current technology and information policies and practices for continued applicability with respect to AbbVie Manufacturing Operations business programs. Provide recommendations for improvements.

Provides consistent and detailed exception documents and timely resolution of investigations based on CAPA requirements.

Ensures IT compliance and adherence of applicable internal and external regulations and guidelines for Infrastructure projects that impact Manufacturing Operations (e.g. Campus Compute Facility (CCF), servers, storage, end-user computing (EUC)).

Bachelors Degree or an equivalent combination of education and work experience

Minimum of 8 year's Information Security/technology experience or equivalent experience in Information Risk Management.

Mix of IT operations and business program experience required.

Demonstrated skills in project management, teamwork, written/verbal communication and interpersonal skills required.

Minimum 1+ years writing and/or approving CAPA documents.

Strong experience and up to date knowledge in network security products and platforms, including user authorization, encryption tools and techniques, communication protocols, vulnerability assessments, data loss and penetration testing, and secure coding.

Certified Information Systems Security Professional (CISSP) or other equivalent certifications desired. Information Security Consulting background and experience desired.

Knowledge/experience with:

Administration of servers and storage environments

System development lifecycle (SDLC)

Qualification of computerized systems (e.g. servers, printers, PCs) and operational technology