Information Security Officer job description. What is involved in the ISO role? Information Security Officer of pharmaceuticals at GlaxoSmithKline, Dawn-Marie Hutchinson, explains in our interview at SecureWorld Philadelphia:
[SecureWorld] Tell me about your role and how you view yourself as an ISO within this organization.
[Dawn-Marie Hutchinson] So I'm the Pharmaceuticals Information Security Officer, so I actually report to the Global Information Security Officer. So I'm responsible for pharmaceuticals research and development and the pharma supply chain, which means I have a really large purview, a really large administrative oversight, and my job isn't to secure the technology and that organization. It's to secure the business of what we do.
From designing and developing drugs, to producing drugs, to selling the drugs-that whole business chain. I have to secure the entire business chain, and that's what my role is. I think as we transition from tech-focused security and focus more on business-centric security, you know, business alignment as my primary objective.
[SW] And how do you get your team on board with enabling the business, but also maintaining security? How does that balance appear in your mind?
[Hutchinson] So it's a new kind, I think it's new for everybody. But one of the things I've been doing with my team is I bring in outside experts to speak to my team just to teach them to help keep new information coming in.
I think for any organization, as my experience as a consultant showed me, is that when organizations always are looking inward, when there isn't money for training and there isn't money for opportunities like SecureWorld, that staff gets stagnant.
And it's hard for them to see business enablement if they're not hearing it from people like me on conference floors. So, finding opportunities for them to get new information beyond just what they see and do on a day-to-day basis.
[SW] One of the things that I know you mentioned was that you've been on both the privacy and security sides of the house. Tell me how those are linked and why you think that link is crucial.
[Hutchinson] So privacy really speaks to how we use data. How do we collect it? Does the person that's giving it to us know what we're using it for? And are we, are we honoring the relationship with that data subject? That's really what privacy is about, managing the integrity of the relationship.
Privacy doesn't exist without security, because we can't honor that relationship that we're going to protect the data, without security. So security’s role really is to understand the business reason why we collected it, and support the continued protection of it, whether it is who has access to that data, how it’s transmitted, how it moves through the organization.
My job is to care for the customer. And so while privacy is more of the forward face of the customer and understanding what their rights are, mine is more of a quiet backstage role ensuring that the privacy promises that were made are here too.
Related: 2019 cybersecurity gathering calendar: www.secureworl...
16 окт 2024
