About this role
Role Overview
The Regional Information Security Officer (RISO) is responsible for establishing, leading, and continuously improving a comprehensive regional cybersecurity and risk management program for the Clinical Diagnostics, U.S. National Business Line (NBL).
The RISO provides strategic leadership to manage information security risk, ensure alignment with business objectives, enable effective governance, and drive appropriate adoption of Eurofins Group security services, policies, and standards across the region.
This role partners closely with business and IT leadership to proactively identify, assess, and remediate security risks while supporting operational scalability and regulatory compliance.
Key Responsibilities
Regional Security Leadership & Governance
Lead and manage the regional information security function, ensuring consistent, high-quality security practices aligned with Eurofins Group standards and relevant localized requirementsProvide security oversight for regional infrastructure and solution delivery teams, embedding security into day-to-day operationsCollaborate closely with the Group Information Security organization to implement global standards and execute regional action plansProvide executive-level visibility into regional security posture, risks, and remediation effortsRisk Management & Compliance
Conduct information security risk assessments in accordance with ISO 31000 and NIST 800-30, including oversight of risk treatment plansEnsure all information within scope is handled in compliance with applicable statutory, regulatory, legal, and contractual requirements (e.g., HIPAA, GDPR, CCPA)Drive consistent execution of vulnerability management and remediation activitiesSupport internal and external audits, including customer security assessmentsSecurity Assurance & Technical Oversight
Ensure security is integrated into project delivery processes through policies, standards, and active oversightAdvise IT and business stakeholders on security requirements related to system selection, implementation, configuration, and operationPlan and oversee third-party security assessments, including penetration testing and SOC 2 Type II auditsPartner with Regional Security Support (RSS) teams to review and approve security related changes and requestsAwareness, Resilience & Collaboration
Ensure ongoing security awareness and training through the centralized LMS platformDrive collaboration with business and IT teams on business continuity and disaster recovery initiativesSupport periodic access reviews and physical security considerations within scopePartner with Legal, Audit, Risk, Compliance, and Operations teams as required
Qualifications
Required Profile
7–10 years of progressive experience in information security, including at least 5 years in a leadership roleBachelor’s degree in computer science, information security, or a related fieldCISSP and/or CISM certification preferred.Demonstrated experience in healthcare, laboratory, or other highly regulated environments (healthcare or laboratory strongly preferred).Strong knowledge of security governance and risk frameworks such as HITRUST CSF, ISO 27001, NIST 800-series, and NIST CSF.Working knowledge of IT governance frameworks (e.g., ITIL, COBIT 2019).Experience establishing and reporting on cybersecurity and risk metrics.Leadership & Communication Skills
Strong emotional intelligence with the ability to influence and lead across diverse stakeholder groups.Proven ability to communicate security and risk concepts to both technical and non-technical audiences.Experience leading personnel in cross-functional initiatives.Comfortable operating in complex, fast-paced environments with ambiguity and competing priorities.Demonstrated ability to work effectively across geographies and cultures. Working hours:
Monday to Friday - 08:00 to 17:00 Hybrid Work