Senior Specialist, Compliance (Biomedical Research), DDIT ISC
Prague
Novartis
Working together, we can reimagine medicine to improve and extend people’s lives.Job Description Summary
Location: Prague, CzechiaOur Information Security & Compliance (ISC) group are looking for a Senior Specialist, Compliance (Biomedical Research) DDIT ISC to join the team!
The Senior Specialist, Compliance (Biomedical Research) DDIT ISC will support the implementation of the information security, governance and strategy per the information management framework through business partnering. They will execute risk and compliance processes and oversight, operational tasks, and / or business partnering with sub-functions, while ensuring that all the activities necessary to design, develop and implement applications, IT Services and systems satisfy the governance and risk compliance requirements of the organization. An important focus will also be to support and monitor adherence to information security, risk and compliance of business application which are in operations.
Job Description
Your responsibilities include, but are not limited to:
Ensure functional Biomedical Research asset risks are managed in line with ISC strategy, the policy framework, laws and regulations and best in class industry standards.
Ensure implementation of the information governance framework to ensure the integrity, confidentiality and availability of information owned, controlled or processed by Novartis
Responsible for ensuring governance, quality, IMF controls implementation and compliance within projects and operations of IT assets which are in scope.
Ensure monitoring of information risks and proactive mitigation.
Ensure procedures for Disaster Recovery/Business Continuity are established and define how to deal with information breaches.
Lead gap and vulnerability forums to collaborate with key stakeholders on remediation required.
Understand and be able to efficiently support waterfall SDLC and agile ways of working.
Manage preparation and delivery of the weekly/monthly compliance reports to leadership team.
Facilitate the preparation and follow-up on internal and external audits.
Provide governance & risk support to Biomedical Research function globally.
Develop and present key risk/gap/vulnerability metrics based on industry best practices
Analyze impact of new technologies and regulative changes on information security
Work with Demand, Project/operations teams to assess potential risks, advise on risk mitigation, security and compliance issues
Take responsibility to ensure adherence with Security and Compliance policies and procedures within Business Information Security management scope
Continuously monitor and analyze information risk of data assets and identify potential issues and resolve with appropriate stakeholders
What you will bring to the role:
University or master level degree in business/technical/scientific area or comparable education/experience
At least 7 years in handling Complex project portfolio and risk management
Solid experience in Business risk management & IT Governance, Security Information and Compliance, IT Control implementation, ITGC (IT General Controls)
Good understanding of cloud infrastructure concepts and its uses (AWS, Azure)
Strong knowledge of all relevant information security policies and practices
Excellent communication skills in English (written and spoken) and strong stakeholder management
Ability to find solution to complex problems
Good data analysis and reporting skills to senior management stakeholders
Desirable:
Innovative mindset, utilizing Gen AI and process automation (low or no code development)
Previous experience with ServiceNow reporting
Professional certification, such as CISSP, CISM or ISO 27001 auditor, CIA, CISA or CRISC
Strong knowledge in IMF Policy framework and Information Security tools
Commitment to Diversity & Inclusion:
We are committed to building an outstanding, inclusive work environment and diverse teams representative of the patients and communities we serve.
You’ll receive (CZ only):
Monthly pension contribution matching your individual contribution up to 3% of your gross monthly base salary; Risk Life Insurance (full cost covered by Novartis); 5-week holiday per year; (1 week above the Labour Law requirement) ; 4 paid sick days within one calendar year in case of absence due to sickness without a medical sickness report; Cafeteria employee benefit program – choice of benefits from Benefit Plus Cafeteria in the amount of 12,500 CZK per year; Meal vouchers in amount of 105 CZK for each working day (full tax covered by company); Public Transportation Allowance; MultiSport Card. Find out more about Novartis Business Services: https://www.novartis.cz/
Why Novartis?
Our purpose is to reimagine medicine to improve and extend people’s lives and our vision is to become the most valued and trusted medicines company in the world. How can we achieve this? With our people. It is our associates that drive us each day to reach our ambitions. Be a part of this mission and join us! Learn more here: https://www.novartis.com/about/strategy/people-and-culture
Join our Novartis Network: If this role is not suitable to your experience or career goals but you wish to stay connected to learn more about Novartis and our career opportunities, join the Novartis Network here: https://talentnetwork.novartis.com/network
Accessibility and accommodation:
Novartis is committed to working with and providing reasonable accommodation to all individuals. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the recruitment process, or in order to receive more detailed information about the essential functions of a position, please send an e-mail to and let us know the nature of your request and your contact information. Please include the job requisition number in your message.
Skills Desired
Communication Skills, Compliance Audits, Compliance Management, Compliance Risk Assessment, Compliance Training, Influencing Skills, Quality Assurance* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Audits Automation AWS Azure CIA CISA CISM CISSP Cloud Compliance CRISC Governance ISO 27001 Monitoring Risk assessment Risk management SDLC Strategy
Perks/benefits: Career development Insurance Team events
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.