Operational GRC & Risk Analyst

Description

Medison offers hope to patients suffering from rare and severe diseases by forming partnerships with emerging biotech companies to accelerate access to highly innovative therapies in international markets.

As the creator and leader of the global partnership category in the pharma industry, we strive to be Always Ahead and work relentlessly to bring therapy to patients in need, no matter where they live.

Our values are at the core of every action we take, and we are committed to going above and beyond for the benefit of the patients we serve.

We are a dynamic, fast-paced company, operating in over 25 countries on 5 continents. We are looking for out-of-the-box thinkers, people who are passionate, caring, agile and adaptive, to join us on our mission. If you are looking to make a difference in people's lives, we invite you to join us!

We are seeking a motivated, process-oriented professional to join our global GRC and operational cybersecurity team.

This is a multifaceted role, combining elements of operational information security, IT general controls (ITGC) oversight, and risk management.

You will be mentored and guided by senior professionals in each of the functional areas, with the opportunity to gain broad exposure to global systems, processes, and governance structures.

Responsibilities

Strong understanding of cyber security frameworks and standards: In-depth knowledge of widely recognized frameworks such as NIST Cybersecurity Framework, ISO 27001, and SOC 2 TYPE 2, and an ability to apply them in practical scenarios to develop and implement robust security programs

Comprehensive knowledge of regulatory compliance requirements: Up-to-date understanding of relevant data protection and privacy regulations. The ability to interpret these requirements and translate them into actionable organizational policies and controls is crucial.

Experience with GRC tools and technologies: Practical experience utilizing GRC platforms and tools to automate and streamline compliance processes, manage audits, and track risk posture. Familiarity with reporting and dashboarding functionalities to provide insights into the organization's GRC maturity is also highly valued.

Expertise in third-party risk management and supply chain security: Proven ability to manage, conduct, and oversee the security posture of critical vendors and third-party service providers. This includes developing and implementing vendor risk assessment frameworks, conducting security due diligence, and ensuring contractual security requirements are met to protect the supply chain.

Proficiency in cyber security posture monitoring and control: Strong understanding of continuous monitoring strategies and technological controls to maintain and improve the organization's cyber security posture.

Requirements

• Bachelor’s degree in Accounting, Economics, Industrial Engineering, or related fields
• 2–4 years of experience in IT audit, GRC, or operational risk (preferably in a Big 4 or global advisory firm)
• Strong analytical, documentation, and process-thinking skills
• Excellent English – verbal and written communication
• Experience working with or for global companies – a strong advantage
• Strong orientation toward technology and systems
• Self-starter with the ability to work independently and take ownership
• Comfortable working in a matrix, multi-cultural environment