Summary

Location: Prague, Czechia

Our Information Security & Compliance (ISC) group are looking for a Senior Specialist, Compliance (Biomedical Research) DDIT ISC to join the team!
The Senior Specialist, Compliance (Biomedical Research) DDIT ISC will support the implementation of the information security, governance and strategy per the information management framework through business partnering. They will execute risk and compliance processes and oversight, operational tasks, and / or business partnering with sub-functions, while ensuring that all the activities necessary to design, develop and implement applications, IT Services and systems satisfy the governance and risk compliance requirements of the organization. An important focus will also be to support and monitor adherence to information security, risk and compliance of business application which are in operations.

• Ensure functional Biomedical Research asset risks are managed in line with ISC strategy, the policy framework, laws and regulations and best in class industry standards.
• Ensure implementation of the information governance framework to ensure the integrity, confidentiality and availability of information owned, controlled or processed by Novartis
• Responsible for ensuring governance, quality, IMF controls implementation and compliance within projects and operations of IT assets which are in scope.
• Ensure monitoring of information risks and proactive mitigation.
• Ensure procedures for Disaster Recovery/Business Continuity are established and define how to deal with information breaches.
• Lead gap and vulnerability forums to collaborate with key stakeholders on remediation required.
• Understand and be able to efficiently support waterfall SDLC and agile ways of working.
• Manage preparation and delivery of the weekly/monthly compliance reports to leadership team.
• Facilitate the preparation and follow-up on internal and external audits.
• Provide governance & risk support to Biomedical Research function globally.
• Develop and present key risk/gap/vulnerability metrics based on industry best practices
• Analyze impact of new technologies and regulative changes on information security
• Work with Demand, Project/operations teams to assess potential risks, advise on risk mitigation, security and compliance issues
• Take responsibility to ensure adherence with Security and Compliance policies and procedures within Business Information Security management scope
• Continuously monitor and analyze information risk of data assets and identify potential issues and resolve with appropriate stakeholders

• University or master level degree in business/technical/scientific area or comparable education/experience
• At least 7 years in handling Complex project portfolio and risk management
• Solid experience in Business risk management & IT Governance, Security Information and Compliance, IT Control implementation, ITGC (IT General Controls)
• Good understanding of cloud infrastructure concepts and its uses (AWS, Azure)
• Strong knowledge of all relevant information security policies and practices
• Excellent communication skills in English (written and spoken) and strong stakeholder management
• Ability to find solution to complex problems
• Good data analysis and reporting skills to senior management stakeholders

• Innovative mindset, utilizing Gen AI and process automation (low or no code development)
• Previous experience with ServiceNow reporting
• Professional certification, such as CISSP, CISM or ISO 27001 auditor, CIA, CISA or CRISC
• Strong knowledge in IMF Policy framework and Information Security tools