Mar 31, 2023

Job Description

9 out of 10 prescriptions here in the US are filled by generic drugs. Sandoz is one of the top developers and manufacturers of life changing generic medicines and Sandoz has the aspiration to be the Leading Generic and Biosimilar Company in the world with a purpose of pioneering access for patients. We are looking for curious, innovative, driven people to help us get new generic and biosimilar products into the market to improve access for patients. Maybe that’s you.
Responsible for implementing and operating information security risk management and compliance processes across Sandoz North America (US and Canada) and acting as a partner to the business across the region.

Major Accountabilities (Describe the main results of the job to be achieved)

Drive the creation of the regional cyber security strategy in line with the global cyber security strategy and business objectives and considering key threats, client requirements, regulatory requirements, and technology trends.

Act as the information security partner for North America stakeholders.

Proactively scout for changes in region-specific cyber threats and regulatory requirements and provide cyber security leadership and guidance within the region.

Drive harmonization of cyber security services across the region and recognize the need for specific variations to support local business initiatives and local legal/regulatory requirements.

Drive cyber security policy and standards adoption within the region, and act as the cyber security evangelist.

Promote security awareness campaigns and tailor content and delivery to local / business specificities.

Oversee implementation and operation of cyber risk management processes across Sandoz North America in line with the cybersecurity risk management framework and the global delivery of information security services.

Set and cascade risk appetite for cybersecurity in line with overall operational risk appetite limits and ensure that action plans are in place for risk outside of tolerance.

Define and maintain executive and operational cybersecurity metric requirements for consolidated global reporting to provide the global lead of ISRM with actionable insights, KPIs and KRIs from the region.

The pay range for this position at commencement of employment is expected to be between $136,800.00. and $205,200.00. per year; however, while salary ranges are effective from 1/1/22 through 12/31/22, fluctuations in the job market may necessitate adjustments to pay ranges during this period. Further, final pay determinations will depend on various factors, including, but not limited to geographical location, experience level, knowledge, skills and abilities. The total compensation package for this position may also include other elements, including a sign-on bonus, restricted stock units, and discretionary awards in addition to a full range of medical, financial, and/or other benefits (including 401(k) eligibility and various paid time off benefits, such as vacation, sick time, and parental leave), dependent on the position offered. Details of participation in these benefit plans will be provided if an employee receives an offer of employment. If hired, employee will be in an “at-will position” and the Company reserves the right to modify base salary (as well as any other discretionary payment or compensation program) at any time, including for reasons related to individual performance, Company or individual department/team performance, and market factors.

Diversity & Inclusion / EEO

The Novartis Group of Companies are Equal Opportunity Employers and take pride in maintaining a diverse environment. We do not discriminate in recruitment, hiring, training, promotion or other employment practices for reasons of race, color, religion, gender, national origin, age, sexual orientation, gender identity or expression, marital or veteran status, disability, or any other legally protected status. We are committed to building diverse teams, representative of the patients and communities we serve, and we strive to create an inclusive workplace that cultivates bold innovation through collaboration and empowers our people to unleash their full potential.

Minimum Requirements

Bachelor's Degree (or equivalent) in Computer Science, Information Systems Management, Mathematics, Informatics, or other related fields
Certification or accreditation in Information Security (CISM, CISA, CISSP etc) is a plus
Fluent in written and spoken English
At least 10 years of experience in Information Security and Compliance; experience of running a risk management organisation in regulated environment
Solid understanding of cyber threats and regulatory requirements in the US and Canada, ideally with previous experience in the Life Science industry
Ability to manage a global team located in multiple geographical regions
Ability to travel across the region
Excellent negotiation, communication, and interpersonal skills ability to develop influential relationships with different stakeholders across all levels
Knowledge and experience of industry standards such as ISO 27001, CIS Controls, NIST, Cyber Essentials
Change Management Champion with experience in leading teams through large-scale IT change / transformation programs
An entrepreneurial mindset driven by curiosity, continuous improvement, and interest in technical advancements and trends
Strong project management skills with the ability to multitask and properly delegate work

Princeton, NJ
Technology Transformation
Full Time
careers default image

ISRM Lead for North America-Sandoz

Apply to Job Access Job Account