Job description:

Support the design, implementation, and continual improvement of a single, multi‑country ISO/IEC 27001:2022‑certified ISMS, consolidating existing regional/country/product certifications and practices into a harmonized, scalable, and auditable framework. Align global ISMS and regional Security Management Plans (SMPs) while accommodating local regulatory nuances and cultural contexts.

Plan and conduct independent audits to assess compliance with regulations, guidelines, and operating procedures.  Prepare and distribute reports of findings to supervisor, operations staff, management, and customers. Provide consultation in interpretation of regulations, guidelines, policies, and procedures.  Support management in promotion and assessment of compliance to regulations, guidelines and corporate policies.

Responsibilities:

A. Global ISMS Consolidation & Certification

• Build and lead a multi‑site certification program (scope definition, site selection, audit sampling logic, audit calendar), leveraging the most mature regions/entities and existing certificates
• Consolidate and maintain the global Statement of Applicability (SoA 27001:2022), including Annex‑A control coverage, compensating controls, and justifications; ensure SoA traceability to IISF controls and regional SMPs.
• Establish an evidence lifecycle (create–collect–curate–reuse) integrated with our document repositories to streamline internal/external audits.

B. Risk, Governance & Control Integration

• Resolve conflicts and identify gaps in policies/standards and manage pragmatic local exceptions with formal rationale.
• Drive risk assessment & treatment consistency (method, scoring, residual risk acceptance), integrating into GRC tooling and SMP governance.
• Design assurance mapping across ISO 27001, SOC 2, and client questionnaires to reduce duplication and improve response speed/quality.

C. Audit Readiness & Continuous Improvement

• Plan and conduct internal audits and readiness assessments; track findings, and effectiveness checks to closure through the document repositories
• Support external certification audits.

Qualifications:

• Bachelor’s degree or equivalent experience in information security, technology, or related field.
• 5–8+ years implementing and operating ISO/IEC 27001 ISMS (at least one end‑to‑end certification; multi‑site/global strongly preferred).
• Hands‑on experience with ISMS consolidation/harmonization (SoA rationalization, control baselining, evidence management, audit orchestration).
• Familiarity with SOC 2 and translating between frameworks to reduce redundant controls/tests.
• Proven cross‑cultural leadership: delivering outcomes across regions, time zones, and diverse compliance cultures.

Preferred Qualifications

• Certifications: ISO 27001 Lead Implementer/Lead Auditor, CISSP/CISM/CISA/CRISC.
• Experience working with or mapping corporate / regional SMPs, or similar enterprise security frameworks.
• Exposure to GRC platforms
• Sector familiarity (clinical research, pharma, healthcare) and applicable regulatory ecosystems.

IQVIA is a leading global provider of clinical research services, commercial insights and healthcare intelligence to the life sciences and healthcare industries. We create intelligent connections to accelerate the development and commercialization of innovative medical treatments to help improve patient outcomes and population health worldwide. Learn more at https://jobs.iqvia.com