The Role & Department
At Genmab, the Associate Director Security Operations is a security professional who has a passion for technology and cyber security and has a broad knowledge and experience in security operations processes, procedures and state-of-the art security monitoring solutions. (S)/he knows that detective and reactive security capabilities form key pillars in the cyber security strategy of an organization and that an understanding of business goals and processes but also critical data flows and applications are essential for this role as is an excellent understanding of security risks, threats and attack vectors.
The Associate Director Security Operations combines this knowledge and expertise with a hands-on mentality and capabilities in designing and implementing fit-for-purpose solutions, for efficient usage and continuously improvement.
The Associate Director Security Operations will fulfill several roles. The primary role is to lead the Security Operations Team of Genmab and ownership of the detective and responsive security processes, such as security incident management, vulnerability management, and security monitoring. Being a leader of a team requires from the director to define and drive towards clear goals and targets while at the same time ensuring that the partly virtual team works efficiently together. This also includes the definition of the strategy and roadmap to strengthen the security posture of Genmab in alignment with the Security Officer DK, and as part of the overall cyber security strategy of Genmab.
Another role will be to act as the Service Delivery Manager towards Genmab’s Managed Security Service Provider (MSSP). In strong collaboration with the MSSP, the director is responsible for the design, maintenance, and improvement of detective security capabilities in form of security monitoring use cases. Another task will be to engage with and support IT business stakeholders and projects in defining a security monitoring strategy and realizing monitoring needs by identifying relevant data flows and critical security events and assisting together with the Security Operations Team in the implementation of business rules, triggers, alarms and alike.
Other important parts of this role will be the alignment on the performance and execution of security processes with other IT&D groups and to chair the Security Operations meetings in which different operational IT&D groups are represented. Driving towards improvements and resolution of gaps in the security posture of Genmab requires from the director strong capabilities in bringing goals and vision of several teams together.
The director needs to have strong capabilities in leading a team, driving towards results, working independently, taking ownership and at the same time willing to take acceptable risks.
The Associate Director will report functionally to the Security Officer DK and hierarchically to the Head of Cyber Security & IT Risk Management.
Key Responsibilities include
- Leader of the global Security Operations Team of Genmab
- Service Delivery Manager towards Genmab’s MSSP
- Owner of operational security processes such as security incident management, vulnerability management, threat intelligence and security monitoring
- Owner of the security monitoring solution, Microsoft Azure Sentinel.
- Owner of operational security standards, processes and procedures and process descriptions
- Security Incident Handler (Tier 2)
- Execution if security assessments and penetration testing
- At minimum 5 years of demonstrable work experience in different IT security functions including as a team leader; preferred to have experience as leader of the security operations team
- Working experience in multinational organizations and virtual teams
- Excellent knowledge of IT security technology combined with an insight in threat actors and attack vectors
- Demonstrates a continuous willingness to learn by following trainings and certifications
- Experience in working in/for a biotech or pharmacological company is not a must, but a pre
- Excellent presentation and communication skills and capable to explain (complex) technical security issues in “normal” language to non-technical stakeholders
- Very good communication skills in English
Furthermore, you have:
- Strong soft and interpersonal skills, including teamwork, facilitation, and negotiation
- Strong consultancy and influence skills
- Excellent stakeholder management skills, i.e. being able to communicate effectively with different stakeholders and to deal with the different interests in the organization
- Excellent planning and organizational skills