Information Security and Compliance Champion

Job Description Summary

Supporting the implementation of product delivery projects and operation of products across Sandoz product domain (PD or Core Technology) with security related queries. Additionally, providing guidance on and tracking of remediation activities and providing of cyber security trend analysis and reporting on cybersecurity metrics to ISRM. Working closely with the Regional ISRM leads.

 

Job Description

Major accountabilities:

• Act as an information security and compliance champion for stakeholders within the product domain.
• Support the project delivery and product operations in line with the global Sandoz cyber security, information management strategy and business objectives (considering key threats, client requirements, regulatory requirements, and technology trends).
• Proactively scout for changes in region-specific cyber threats and regulatory requirements and regularly update stakeholders.
• Support the cyber security strategy implementation within the product domain.
• Guiding the business audit coordination team based on ISRM requirements as defined in the IMF framework.
• Promote the security awareness campaigns and tailor content and delivery to local / business specifics and legislative requirements.
• Collaborate with the product domain / regions / countries to ensure the implementation and operation of cyber risk management processes is in line with the cybersecurity risk and issue management framework and the global delivery of information security services.
• Manage the maintenance of executive and operational cybersecurity metric requirements for consolidated global reporting to provide the global lead of ISRM with actionable insights, KPIs and KRIs from the region.
• Performs Records Management on behalf of the supported PD / region / country. Coordinates physical binder handovers and retrievals with 3rd party service provider Iron Mountain and performs record disposition assessment.

Minimum Requirements:

Education:

• University degree or equivalent experience in Computer Science, Information Systems Management, Mathematics, Informatics, or other related fields

Work Experience and Skills:

• Previous experience in Information Security and Compliance; experience of risk management in a regulated environment
• Previous knowledge of cyber threats and regulatory requirements, ideally with previous experience in the Life Science industry
• Previous knowledge of industry standards such as ISO 27001, CIS Controls, NIST, Cyber Essentials
• Ability to engage effectively with employees, external partners, and other stakeholders
• Good communication and interpersonal skills
• Strong time management skills with the ability to multitask and remain calm during demanding situations
• Entrepreneurial mindset driven by curiosity, continuous improvement, and interest in technical advancements and trends

Languages :

• Fluent in written and spoken English
• Knowledge of one or more regional languages is expected

 

Skills Desired

Budget Management, Business Acumen, Performance Management, Planning, Risk Management, Service Delivery Management, Stakeholder Management, Waterfall Model