IT Security Engineer

About SHL Medical​

SHL Medical is a world-leading provider in the design, development, and manufacturing of advanced self-injection devices. With a global team of 6,000 employees, we partner with leading pharmaceutical and biotech companies to deliver innovative autoinjectors, pen injectors, and other drug delivery systems that ensure effective treatment for patients. Headquartered in Switzerland since 2018, with key operations in Sweden, Taiwan, and the US, we are united by a commitment to innovation, impact, and growth. Together, we empower our people to develop solutions that make a meaningful difference in the lives of millions of patients while fostering a supportive, inclusive, and dynamic workplace for our colleagues.​

Job Overview

As an IT Security Engineer, you will play a key role in helping our organisation evolve from a very technical to a more strategic, business-aligned security model. While maintaining a strong technical foundation, your focus will be on empowering infrastructure, application, and business teams to implement and own security controls. At the same time, you provide expert guidance, oversight, and support. From managing day-to-day security operations to influencing broader risk management and policy decisions, you will be instrumental in embedding security into how we operate. This is a unique opportunity to drive change, build strong cross-functional relationships, and shape a security culture that is both pragmatic and forward-looking.

Security Governance & Enablement

• Support the transition from a technically driven to a more strategic, business-aligned security organisation by helping define and implement new operational security models, policies, and frameworks.
• Enable and advise IT infrastructure and application teams in implementing security controls by providing architectural guidance, supporting and reviewing implementations, and validating against governance requirements.
• Collaborate cross-functionally with business operations, IT leaders, and system owners to align security strategies with operational goals.
• Serve as a bridge between technical security and strategic business goals, helping elevate the security posture through risk-based approaches.

Security Engineering

• Support the Head of Information Security in assessing the effectiveness of the organisation’s cybersecurity posture, identifying strengths and improvement areas in infrastructure, applications, utilities, and communication technologies.
• Suggest additional security controls, standards, and awareness programs based on business and regulatory needs.
• Advise on secure design and architecture across IT systems, especially on endpoint protection, identity, access, and network layers.
• Collaborate with infrastructure and application teams to perform and validate implementations of security controls.
• Participate in the security infrastructure roadmap.
• Provide subject matter expertise during security design reviews, including threat modelling and mitigation planning.
• Stay informed of emerging threats, technologies, and industry regulations and ensure internal policies and security controls reflect those changes.
• Assist in preparing materials for security architecture reviews and governance documentation

Operational Security Monitoring & Support

• Liaise with external SOC and MSSP providers to review security posture, incident metrics, and risk trends.
• Participate in incident response coordination, ensuring root cause analysis and response align with policy.
• Review and assess threat intelligence and monitoring data; provide recommendations to IT teams.
• Support and maintain policies and governance processes for operational security, including phishing response, vulnerability management, and endpoint protection.
• Support risk assessments and audits in coordination with IT and business stakeholders.
• Support provision of security reporting and dashboards for internal leadership and compliance audits.

Business Continuity & Disaster Recovery

• Assist the Head of Information Security in developing and reviewing contingency plans, ensuring alignment with governance and audit requirements.
• Coordinate testing of business continuity and disaster recovery strategies with IT and business units, ensuring governance standards are met.
• Support implementation and review of recovery processes.

• • Bachelor's degree in IT, cybersecurity, or related field
  • 5+ years in IT security, with experience in governance and operational enablement
  • Experience supporting organisational transitions from technical to governance-based security models
  • Strong understanding of security frameworks (NIST, ISO 27001), governance, and risk management
  • Demonstrated ability to influence and guide infrastructure/application teams to meet security and compliance standards
  • Familiarity with modern security tools: SIEM, endpoint protection, vulnerability management, etc.
  • Proven experience in developing and managing security awareness programs
  • Ability to communicate effectively with both technical and non-technical stakeholders
  • Fluent in English; Chinese is a plus​

   

• CISSP, CISM, or comparable certifications
• Experience in ISO 27001 implementation or audits
• Familiarity with audit procedures, risk reporting, and stakeholder engagement\
• Exposure to hybrid (IT and OT) environments

• Challenging assignments in a fast-growing and innovative industry.​

• A multicultural team and modern working environment with state-of-the-art facilities and technologies.​

• A place where we take pride in the inclusive and collaborative environment we have built - one where a true sense of belonging fosters meaningful exchange and shared growth.​

• Various opportunities for personal and professional development within a global organization.​

• Flexible hours and hybrid working policy. ​

​