Senior Engineer, Information Security

Zuellig Pharma is a leading healthcare solutions company in Asia, and our purpose is to make healthcare more accessible to the communities we serve. We provide world-class distribution, digital, and commercial services to support the growing healthcare needs in this region.

The company was started a hundred years ago and has grown to become a multibillion-dollar business covering 17 markets with over 12,000 employees. Our people serve more than 200,000 medical facilities and work with over 450 clients, including the top 20 pharmaceutical companies in the world.

Purpose of the Role:

This position will provide assistance to the activities and initiatives of Data Privacy Officer of ZPAP ROHQ for ZP Enterprise which covers the Enabling Functions, Markets and Business Units of Zuellig Pharma. This position will also give extra hand to ensure organization compliance with Data Privacy Initiatives and implementations in considerations with the available technology and business processes; and with ISO 27001 ISMS (Information Security Management System) activities and program for Zuellig Pharma Enterprise

What You’ll Do :

• Manage and oversee security governance tools, including but not limited to Microsoft Intune, SAP GRC, Microsoft Conditional Access, and phishing simulation platforms.
• Review and analyze SAP security notes, proactively communicating risks and coordinating with stakeholders to ensure timely remediation as part of governance.
• Create, maintain, and continuously improve Information Security Management System (ISMS) policies and standards to drive maturity in cybersecurity governance.
• Ensure ISMS policies and standards are reviewed in a timely manner and kept up-to-date with any changes in the Zuellig Pharma (ZP) infrastructure, systems, and emerging threat landscape.
• Support the Data Privacy Officer (DPO) of ZPAP in ensuring enterprise-wide compliance with applicable Data Privacy Laws, focusing on PH laws and regions where Zuellig Pharma has a point of presence.
• Drive core data privacy initiatives, including documenting assets, maintaining inventories of systems processing personal data, conducting compliance audits, and reviewing Data Privacy Impact Assessments (DPIAs).
• Collaborate with the DPO to develop and execute training and awareness programs regarding Data Privacy, Protection, and the proper handling of personal data across the Data Life Cycle.
• Liaise with internal teams and critical enabling functions (such as HR, Business Operations, Legal, and other necessary parties) for related Data Privacy and Protection programs.
• Review and evaluate the compliance of ZP Business Units, Enabling Functions, and Markets on data protection policies, controls, and their implementation.
• Partner with the Cybersecurity team to perform security due diligence on third parties, evaluating the readiness of their controls in relation to Data Privacy and Protection.
• Support the ZP Cybersecurity team in driving and maintaining ISO 27001 and ISO 27701 initiatives and programs for the ZP enterprise.
• Perform other delegated Cybersecurity, governance, and risk management tasks as required to support the overall security posture.

What will make you successful:

Must-Have:

• Bachelor's Degree in MIS / Business / IT or a similar subject with strong exposure to information technology.
• At least 3-5 years of professional experience in Data Privacy and Protection; Risk Management
• At least 3 years of professional experience in IT Security and Compliance
• Experience in working in a multinational company or regional setup
• Knowledge on Data Privacy and Protection concepts and terminologies especially for PH laws
• Familiarity with performing risk assessments in alignment with the industry standards such as ISO 31000, etc.
• Able to develop awareness program for Data Privacy and Protection
• Advanced knowledge or skills in using Microsoft Office application such as, but not limited to Microsoft Word and PowerPoint
• Knowledge on ISO 27001 ISMS and IT Security processes, concepts and technologies
• Basic concepts on ISO 27701 Privacy Information Management Systems

Advantage to Have:

•  
• Trainings specific to Data Protection Officer course or equivalent trainings provided by NPC or other vendors; with IT Security Certifications such as, COMPTIA Security+.
• Ability to identify the work required and organize, facilitate and / or perform the work with only minimal guidance from superiors
• Very good presentation and communication skills
• Excellent analytical skills

What we offer :

• We are committed to fostering an inclusive environment where our employees can learn, grow, and achieve shared success.
• We champion diversity, equity, and inclusion, ensuring every individual feels valued, respected, and treated fairly.
• As a leading multi-market healthcare solutions provider, we empower our employees to gain comprehensive knowledge and expertise in the dynamic healthcare industry across the region.
• Enjoy the flexibility to effectively balance your work and personal life while taking charge of your career journey through our empowering growth opportunities.
• Our Total Rewards program is designed to support your overall well-being in every aspect.