Zuellig Pharma is a leading healthcare solutions company in Asia, and our purpose is to make healthcare more accessible to the communities we serve. We provide world-class distribution, digital, and commercial services to support the growing healthcare needs in this region.
The company was started a hundred years ago and has grown to become a multibillion-dollar business covering 17 markets with over 12,000 employees. Our people serve more than 200,000 medical facilities and work with over 450 clients, including the top 20 pharmaceutical companies in the world.
Purpose Of The Role
This role will play an essential part of overall IT security that manages digital identities and user access to data, systems, and resources within an organization. This includes the policies, programs, and technologies that reduce identity-related access risks within a business.
What You'll Do
- Develop and implement IAM program with policies and procedures aligned with the ISMS policies & standards and tailored fit to ZP's business objectives.
- Develop and implement comprehensive identity and access management strategies, policies, and procedures in collaboration with IT and security teams.
- Conducts validation and review of adherence to security controls in place for the entire ZP Market, in collaboration with IT Technology Teams to ensure that security baseline standards related to user access control are being implemented.
- Validate security configurations in AD and Identity Providers (IDPs) including, but not limited to, OKTA, Google, and Microsoft to ensure implementation of secured user authentication and authorization.
- Design and oversee Single Sign-On (SSO) solutions, multi-factor authentication (MFA), and role-based access controls (RBAC) to ensure that there's a standard policies and procedures based on the over-all use case of ZP Organization.
- Leverage expertise in Windows and Azure Active Directory to configure, manage, and optimize identity services in both on-premises and cloud environments.
- Strict implementation to conduct regular audits and assessments of access permissions, identifying and mitigating security risks.
- Collaborate with cross-functional teams to ensure optimized identity and access management controls into various systems and applications.
- Assist and collaborate with ZP Windows/Infrastructure Team should the security team participation is required in responding and resolving identity-related security incidents, either by conducting thorough investigations and implementing preventive measures.
- Monitors the privilege access logs used by Fire Fighters end-users.
- Ensure that periodic user access reviews are being implemented in a timely manner across all ZP organization
- Perform review and analysis of logs on critical systems such as but not limited to SAP systems (e.g. SM20, SUIM etc), Active Directory Systems and perform report on a monthly and as necessary.
- Stay abreast of emerging technologies and industry best practices in identity and access management.
- Respond to audit findings and implement remediation measures.
- Handle escalated customer inquiries and support tickets.
- Internal and external audits initiatives and program for ZP related to IT and Cybersecurity, this also involves the monitoring the status and completion of IT audit actionable items for ZP GTS (involving ZP Markets).
- Technical assessment of security access requests from ZP end-users regarding the website access request, email domain reputation review (whitelist or blacklist request), Office 365 access control security, Audit Logging solution, ZP mobile device and application management and other security solutions handled by ZP Cybersecurity team.
- ISO 27001 Information Security Management System audit initiatives and preparations document management and control, preparing the stakeholders to ISMS audit (e.g. perform workstation audit readiness), Creation of necessary standards, procedures, & workflow and other assigned tasks related to ISMS
- Coordinates with the Information Security Officers of business units and/or IT Support of the business units for any related security initiatives for ZP.
- Performs technical security audits to assess effectiveness or policies/procedures and systems security safeguards e.g. workstation security audit, system hardening procedures and others.
- Performs other duties as assigned.
- Processes, assesses, and evaluates service tickets assigned to ZP Enterprise Cybersecurity Services Team.
Must-Have
What will make you successful:
- Total of 6-8 years working experience in the field of Cybersecurity, Information Security with strong background on technology security/IT Security solution implementations.
- Has an experience in implementing IT Security Solutions
- Experience in managing and Implementation of Active Directory and implementation of Active Directory & IDP's (Azure, GCP, OKTA, Windows AD)
- Experience in handling and facilitation of Cybersecurity incidents and can perform basic incident response
Advantage To Have
- Experience in participating in IT Security Audits
- Experience in security hardening implementation to systems,
- Experience in Azure & Google Devops security
- Minimum of 2 years of experience in ISMS (ISO 27001) any related information security regulated audit standards.
What We Offer
- We are committed to fostering an inclusive environment where our employees can learn, grow, and achieve shared success.
- We champion diversity, equity, and inclusion, ensuring every individual feels valued, respected, and treated fairly.
- As a leading multi-market healthcare solutions provider, we empower our employees to gain comprehensive knowledge and expertise in the dynamic healthcare industry across the region.
- Enjoy the flexibility to effectively balance your work and personal life while taking charge of your career journey through our empowering growth opportunities.
- Our Total Rewards program is designed to support your overall well-being in every aspect.
