Associate Director for Information Security and Compliance, M&A Team
Job ID: REQ-10016875
Aug 07, 2024
Summary
Associate Director for Information Security and Compliance, M&A Team Location: Prague, Czechia; Barcelona, Spain. About the role: Novartis Mergers and Acquisitions (M&A) as well as Business Development and Licensing (BD&L) are key contributors to our strategy and mission. We are typically engaged to support the security of billion-dollar transactions with the potential to improve the lives of millions of patients worldwide. Our team now seeks to strengthen its ability to support these patient life-changing transactions via the appointment of an Associate Director for M&A ISC. Our objective is to ensure that Novartis M&A and BD&L transactions comply with Novartis policies designed to protect deal value so that acquisitions can be rapidly integrated whilst ensuring compliance is maintained. This is a high profile role and the successful candidate will benefit from exposure to and partnering with senior IT and Business leads to implement and support a broad range of Information Security and Risk Management (ISC) topics including information security, compliance and/or information risk management within M&A and BD&L areas.
About the Role
Key Responsibilities:
1. Ensure Novartis M&A and BD&L transactions are planned and driven in a secure and compliant manner.
2. Maintain and continually develop Information Security and Compliance guidelines delivered to M&A and BD&L.
3. Provide governance/risk advisory into the M&A IT Function Leadership and their respective delivery team leads.
4. Take ownership and accountability for the Information Security oversight and governance of a specific global governance/risk area.
5. Ensure M&A IT transaction (project) risks are managed in line with ISC strategy, the policy framework, industry standards and applicable legal requirements.
6. Ensure monitoring of information risk and proactive mitigation of issues in accordance with Novartis policy, including identifying points of improvement or gaps in the service delivery of the central ISC teams and working together with them to resolve them.
7. Review ongoing improvements and the feasibility of enhancements to global processes for ISC.
8. Ensure good communication and collaboration with key stakeholders across IT and the business.
9. Maintain strong knowledge of internal controls and internal risk and control frameworks/standards or the Information Management Policy Framework.
Minimum Requirements
1. University level degree in business/IT technical/scientific area or comparable education/experience.
2. Strong professional experience in a comparable role, for example Audit, Compliance or Legal.
3. Good knowledge of GxP regulated business processes in the pharmaceutical industry.
4. Experience with supporting projects from the Information Security and Risk Management perspectives.
5. Experience in a complex international matrix organization.
6. Experience of assessing control suitability and proposing pragmatic mitigation activity where controls come up short.
7. Experience of working with security related frameworks such as ISO 27XXX, COBIT, CIS, SOC and NIST.
8. Strong experience in communicating with and managing senior management (both from IT and the Business) on information security topics.
9. Experience in the practical application of Information Security Risk Management.
10. Proficient in English (written and spoken).
11. Experience with M&A projects.
12. Professional information security, risk or audit certification, such as CISSP, CISM, CIA, CISA, CRISC or ISO 27001 auditor/practitioner.
13. Flexible approach (prioritize according to workload) with an ability to work to tight deadlines.
Commitment to Diversity & Inclusion
We are committed to building an outstanding, inclusive work environment and diverse teams representative of the patients and communities we serve.
#J-18808-Ljbffr