Information Security & Data Privacy Manager

Information Security & Data Privacy Manager

Allschwil Vollzeit Kein Homeoffice möglich
J
Information Security & Data Privacy Manager
Level of employment: 100% (full-time). Working place: Allschwil and Home‑Office. This role supports the Compliance Officer in operating and maintaining ISO27001:2022 ISMS and other management systems, executing projects, and ensuring compliance across data privacy, supplier security, and regulatory requirements in a regulated medical device environment. Responsibilities
Operate and maintain the ISO27001:2022 ISMS: keep policies and documentation current, run the security‑exception register, document security incidents and track their remediation, monitor vulnerabilities and threat sources, and produce periodic cyber reports in coordination with IT Security & Operations. Prepare and maintain security assessments for new and existing suppliers and cloud services on a new‑engagement and yearly‑review cycle. Support the data‑privacy management system under Swiss nDSG/FADP and EU GDPR: keep privacy documentation current, document and assess data‑breach incidents, and support the handling of data‑subject requests in liaison with the Data Protection Officer. Support internal IT and business units in generating and maintaining security and privacy documentation, risk management, monitoring, corrective actions and improvement measures within ISO13485 / EU MDR quality management system. Administer information‑security and data‑privacy training: support the yearly training plan and grow into designing and delivering trainings over time. Organise and support internal and external audit activities, including ISO27001 certification and surveillance audits and medical‑device audits; grow your content contribution over time. Coordinate internal departments, intra‑group stakeholders and external providers on compliance issues; track and report the status of project and operational compliance activities to internal stakeholders (optionally including the Medgate Group and the Group). Support corporate project activities; analyse problems and propose actions to remediate gaps. Qualifications
Advanced university or university of applied sciences degree in engineering, science or related discipline. Fluent in German and English, both written and spoken. Professional experience in a regulated industry (e.g., medical devices, healthcare or financial services) combined with strong organisational skills. Solid understanding of management systems, organisational structures, processes, regulatory requirements and standards, particularly ISO27001, Swiss Data Protection Act (DSG/nDSG) and GDPR. ISO27001 Foundation and/or Internal Auditor certification is an advantage or can be obtained on the job. Knowledge of ISO13485, EU MDR, EU AI Act and professional confidentiality obligations is an advantage or can be acquired quickly. Ability to bridge business, compliance and IT functions, translating regulatory requirements into practical solutions. Passion for responsible adoption of AI, digital health solutions and emerging technologies within a highly regulated environment. Analytical mindset, strong problem‑solving skills and ability to navigate complex challenges within regulatory frameworks and dynamic environments. Strong communication skills and ability to communicate clearly, positively and appropriately with diverse stakeholders while building trust and alignment. Experience with collaboration tools such as Microsoft 365, Jira and Confluence; familiarity with security awareness, data privacy, and security operations tools is a plus.
#J-18808-Ljbffr
J

Kontaktdaten:

Job-Room Recruiting-Team