IT Regional Security Officer

Company Description

Eurofins Scientific is an international life sciences company, providing a unique range of analytical testing services to clients across multiple industries, to make life and our environment safer, healthier and more sustainable. From the food you eat, to the water you drink, to the medicines you rely on, Eurofins laboratories work with the biggest companies in the world to ensure the products they supply are safe, their ingredients are authentic and labelling is accurate.

The Eurofins network of companies believes that it is a global leader in food, environment, pharmaceutical and cosmetic product testing and in discovery pharmacology, forensics, advanced material sciences and agroscience contract research services. It is also one of the market leaders in certain testing and laboratory services for genomics, and in the support of clinical studies, as well as in biopharma contract development and manufacturing. It also has a rapidly developing presence in highly specialised and molecular clinical diagnostic testing and in-vitro diagnostic products.

The group's key figures are approximately: Turnover of 6.5 billion euros, more than 940 laboratories in 62 countries and around 62,000 employees.

Job Description

Role Overview

The Regional Information Security Officer (RISO) is responsible for establishing, leading, and continuously improving a comprehensive regional cybersecurity and risk management program for the Clinical Diagnostics, U.S. National Business Line (NBL).

The RISO provides strategic leadership to manage information security risk, ensure alignment with business objectives, enable effective governance, and drive appropriate adoption of Eurofins Group security services, policies, and standards across the region.

This role partners closely with business and IT leadership to proactively identify, assess, and remediate security risks while supporting operational scalability and regulatory compliance.

Key Responsibilities

• Lead and manage the regional information security function, ensuring consistent, high-quality security practices aligned with Eurofins Group standards and relevant localized requirements
• Provide security oversight for regional infrastructure and solution delivery teams, embedding security into day-to-day operations
• Collaborate closely with the Group Information Security organization to implement global standards and execute regional action plans
• Provide executive-level visibility into regional security posture, risks, and remediation efforts

Risk Management & Compliance

• Conduct information security risk assessments in accordance with ISO 31000 and NIST 800-30, including oversight of risk treatment plans
• Ensure all information within scope is handled in compliance with applicable statutory, regulatory, legal, and contractual requirements (e.g., HIPAA, GDPR, CCPA)
• Drive consistent execution of vulnerability management and remediation activities
• Support internal and external audits, including customer security assessments

Security Assurance & Technical Oversight

• Ensure security is integrated into project delivery processes through policies, standards, and active oversight
• Advise IT and business stakeholders on security requirements related to system selection, implementation, configuration, and operation
• Plan and oversee third-party security assessments, including penetration testing and SOC 2 Type II audits
• Partner with Regional Security Support (RSS) teams to review and approve security related changes and requests

Awareness, Resilience & Collaboration

• Ensure ongoing security awareness and training through the centralized LMS platform
• Drive collaboration with business and IT teams on business continuity and disaster recovery initiatives
• Support periodic access reviews and physical security considerations within scope
• Partner with Legal, Audit, Risk, Compliance, and Operations teams as required

Qualifications

Qualifications

Required Profile

• 7–10 years of progressive experience in information security, including at least 5 years in a leadership role
• Bachelor’s degree in computer science, information security, or a related field
• CISSP and/or CISM certification preferred.
• Demonstrated experience in healthcare, laboratory, or other highly regulated environments (healthcare or laboratory strongly preferred).
• Strong knowledge of security governance and risk frameworks such as HITRUST CSF, ISO 27001, NIST 800-series, and NIST CSF.
• Working knowledge of IT governance frameworks (e.g., ITIL, COBIT 2019).
• Experience establishing and reporting on cybersecurity and risk metrics.

Leadership & Communication Skills

• Strong emotional intelligence with the ability to influence and lead across diverse stakeholder groups.
• Proven ability to communicate security and risk concepts to both technical and non-technical audiences.
• Experience leading personnel in cross-functional initiatives.
• Comfortable operating in complex, fast-paced environments with ambiguity and competing priorities.
• Demonstrated ability to work effectively across geographies and cultures.

Additional Information

Working hours:

Monday to Friday - 08:00 to 17:00 Hybrid Work