Apr 22, 2022

Job Description

1 company! - That is the journey Novartis is on in its quest to extend and improve people’s lives through reimagining medicine. We have a clear strategy: to be a focused medicines company powered by sophisticated therapy platforms and data science.

Join us today as Associate Director Information Security Compliance where you can contribute to implementing & monitoring information security, IT compliance, records management and/or information risk management programs to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the organization
Key Responsibilities
• Provide governance/risk advice & support for associates in an IT function or support delivery of a specific governance/risk area or service globally.
• Ensure quality and compliance to information governance within projects & operations of IT function / business organization.
• Analyze risk impact on important data assets and apply risk mitigation measures and deliver project or operational quality management services or provide security & IT compliance assessments
• May support the delivery of global information governance programs, e.g. risk management processes, information security awareness programs, data classification, storage & transmission guidelines, audit coordination and management, or development and maintenance of the Information Management Policy Framework.
• Manage functional IT asset risks in line with Information Security & Risk Management strategy, the policy framework, laws and regulations and best in class industry standards.
• Systematically supports implementation and monitoring of the ISRM Policy Framework on Information Technology and Operational Technology assets within the IT Functions and Business organization. Ensure compliance to IT controls.
• Ensure Novartis information assets (including Crown Jewels) are secured by working with security SMEs in deploying appropriate security measures; and identified vulnerabilities are analyzed, prioritized, and treated for in-scope applications in operations
• Manage an ISRM Functional Engagement & Partnership organization serving as a single touch point for Risk Management and provide Risk Mitigation guidance to IT Function Support IT Function in understanding the risk exposure and technical safeguards for IT Risk Management there by ensuring their compliance with Information Management Policy Framework.
• Continuously monitor and analyze risks of information assets and identify potential issues and support and track risk remediation activities based on agreed risk mitigation solutions.

Diversity & Inclusion / EEO

Novartis is committed to building an outstanding, inclusive work environment and diverse teams representative of the patients and communities we serve.

Minimum Requirements

What you’ll bring to the role:
• University degree in business/technical/scientific area or comparable education/experience. Professional Information Security certification, such as CISSP, CISM or ISO 27001 auditor / practitioner.
• Over 12 years of experience in Business information security and compliance, Risk management; Audit management, Information Governance and Management
• Experience with Good Practice Quality guidelines and regulations, GxP
• Detailed knowledge of Pharma professional practices and industry regulations and codes would be an added advantage
• Experience in managing SOX compliance audits working with both internal and external auditors.
• Deep understanding in SAP Security and how it works directly relates to compliance and regulatory audit requirements
• Understanding SAP Security roles, profiles and user access controls for SAP instances
• Knowledge of GRC solutions, Identity Governance and Assurance solutions e.g. SAP GRC and SAP Cloud Identity and Access governance
• Familiar with SAP ECC, BW, HANA and Cloud environment

Why consider Novartis?
769 million lives were touched by Novartis medicines in 2020, and while we’re proud of this, we know there is so much more we could do to help improve and extend people’s lives.

We believe new insights, perspectives and ground-breaking solutions can be found at the intersection of medical science and digital innovation. That a diverse, equitable and inclusive environment inspires new ways of working.

We believe our potential can thrive and grow in an unbossed culture underpinned by integrity, curiosity and flexibility. And we can reinvent what's possible, when we collaborate with courage to aggressively and ambitiously tackle the world’s toughest medical challenges. Because the greatest risk in life, is the risk of never trying!

Imagine what you could do at Novartis!

Commitment to Diversity & Inclusion:
Novartis is committed to building an outstanding, inclusive work environment and diverse team’s representative of the patients and communities we serve.

Join our Novartis Network: If this role is not suitable to your experience or career goals but you wish to stay connected to learn more about Novartis and our career opportunities, join the Novartis Network here: https://talentnetwork.novartis.com/network
Global Drug Development
Petaling Jaya
Information Technology
Full Time
careers default image

Associate Director, Information Security Compliance

Apply to Job Access Job Account