Sandoz
Website:
sandoz.com
Job details:
Join us in building the future of Sandoz.
Through STEP (Sandoz Transformation Enterprise Program), we are creating a unified, integrated digital core and simplifying our end-to-end ways of working. From SAP S/4HANA to Veeva, Workday, LabVantage, and beyond, you’ll help design and deliver future-ready systems that drive global impact — enabling us to deliver affordable medicines to more patients worldwide.
Job Summary
Ensure the STEP Program is executed in full alignment with the Sandoz Information Management Framework (IMF). This encompasses comprehensive adherence to all security and compliance requirements, including emerging regulatory obligations such as NIS2.
Your Key Responsibilities
Represents the ISRC organization within the STEP program.
- Ensures effective implementation of the STEP program in alignment with the established IMF framework and associated controls.
- Implements, and enforces security policies, standards, and guidelines to ensure ongoing compliance with Sandoz’s IMF, relevant industry practices, and regulatory mandates.
- Facilitates comprehensive knowledge transfer, training, and awareness regarding the IMF across all levels of the program.
- Oversees documentation of any deviations from the Information Management Framework, ensures associated risks are identified, recorded, reported, and appropriately approved.
- Guarantees that all necessary application documentation is maintained and stored in accordance with policy.
- Engages and brings in security subject matter experts to support security, compliance and timely implementation of requirements.
- Delivers regular status reports and updates to senior management.
- Collaborates with cross-functional teams to embed security and compliance requirements throughout the application development lifecycle.
- Monitors organizational adherence to internal policies, industry standards, and applicable regulatory requirements.
- Identifies and manages information security risks associated with STEP, formulates strategic roadmaps, leads execution, and aligns risk with the Technology Risk function.
- Supervises STEP’s compliance with evolving cybersecurity legislation and provides expert guidance on information security and privacy matters.
- Establishes and drives information security assurance processes for vendors, including third-party risk assessments and contractual reviews.
- Holds accountability for STEP systems from a security and compliance point of view, ensures proper preparation and coordination when it comes to internal and external audits.
- Acts as the key liaison between the STEP and the ISRC organizations.
- Ensures secure integration of STEP with Business-As-Usual (BAU) systems, coordinating with relevant stakeholders to maintain ongoing security and compliance throughout system interfaces and data exchanges.
- Adhere compliance with GxP requirements
Minimum Requirements
What you’ll bring to the role:
Work Experience
- Led the execution of a large-scale technology initiative with a focus on maintaining security and compliance standards.
- Collaborated with both internal stakeholders and external partners to ensure integration of security and compliance requirements across technology platforms.
- Oversaw incident response activities concerning security and compliance issues, conducting thorough investigations and implementing effective remediation strategies.
- Applied expertise in compliance frameworks, including ISO 27001, NIS2, and GDPR.
- Conducted comprehensive risk assessments and developed robust mitigation plans.
- Monitored and ensured ongoing compliance with internal policies and relevant regulatory requirements.
Skills
- Over 15 years of experience in Information Security and Compliance, including leading Risk Management or Assurance functions within regulated environments.
- Exceptional negotiation, communication, and interpersonal abilities, with a proven track record of building influential relationships across all organizational levels.
- Comprehensive knowledge of industry standards such as ISO 27001, CIS Controls, NIST, and Cyber Essentials.
- Demonstrated expertise in Change Management, with experience guiding teams through significant IT transformation and change initiatives.
- Extensive leadership experience, adept at managing and developing diverse teams across multiple geographies.
- Possesses an entrepreneurial mindset, characterized by curiosity, a commitment to continuous improvement, and a strong interest in emerging technologies and industry trends.
- Advanced project management capabilities, including effective multitasking and delegation.
- Pragmatic and solutions-oriented approach.
Education
- Master of Science degree or equivalent experience in computer science, engineering or information technology or another relevant field
- Certification or accreditation in Information Security (CISM, CISA, CISSP, etc.) a plus
Languages
English
Why Sandoz?
Generic and Biosimilar medicines are the backbone of the global medicines industry. Sandoz, a leader in this sector, provided more than 900 million patient treatments across 100+ countries in 2024 and while we are proud of this achievement, we have an ambition to do more!
With investments in new development capabilities, production sites, new acquisitions, and partnerships, we have the opportunity to shape the future of Sandoz and help more patients gain access to low-cost, high-quality medicines, sustainably.
Our momentum is powered by an open, collaborative culture driven by our talented and ambitious colleagues, who, in return for applying their skills experience an agile and collegiate environment with impactful, flexible-hybrid careers, where diversity is welcomed and where personal growth is supported!
Join us!
#Sandoz
Click on Apply to know more.