Associate Director for Information Security and Compliance, M&A Team

Key Responsibilities: 

• Ensure Novartis M&A and BD&L transactions are planned and driven in secure and compliant manor.

• Maintain and continually develop Information Security and Compliance guidelines we deliver to M&A and BD&L.

• Provide governance/risk advisory into the M&A IT Function Leadership and their respective delivery team leads.

• Take ownership and accountability for the Information Security oversight and governance of a specific global governance/risk area.

• Ensure M&A IT transaction (project) risks are managed in line with ISC strategy, the policy framework, industry standards and applicable legal requirements.

• Ensure monitoring of information risk and proactive mitigation of issues on accordance with Novartis policy. Including the identification of points of improvement or gaps in the service delivery of the central ISC teams and work together with them to resolve them. Review ongoing improvements and the feasibility of enhancements to global processes for ISC.

• Ensure good communication and collaboration with key stakeholders across IT and the business.

• Maintain strong knowledge of internal controls and internal risk and control frameworks/standards or the Information Management Policy Framework

Essential requirements:

• University level degree in business/IT technical/scientific area or comparable education/experience

• Strong professional experience in a comparable role, for example Audit, Compliance or Legal.

• Good knowledge with GxP regulated business processes in the pharmaceutical industry.

• Experience with supporting projects from the Information Security and Risk Management perspectives

• Experience in a complex international matrix organization.

• Experience of assessing control suitability and proposing pragmatic mitigation activity where controls come up short.

• Experience of working with security related frameworks such as ISO 27XXX, COBIT, CIS, SOC and NIST.

• Strong experience in the communicating with and management of senior management (both from IT and the Business) on information security topics.

• Experience in the practical application of Information Security Risk Management.

• Proficient in English (written and spoken).

Desirable:

• Experience with M&A projects

• Professional information security, risk or audit certification, such as CISSP, CISM, CIA, CISA,

• CRISC or ISO 27001 auditor / practitioner

• Flexible approach (prioritize according to workload) with an ability to work to tight deadlines.

Commitment to Diversity & Inclusion:

We are committed to building an outstanding, inclusive work environment and diverse teams representative of the patients and communities we serve.

You’ll receive (Czechia only):
Monthly pension contribution matching your individual contribution up to 3% of your gross monthly base salary; Risk Life Insurance (full cost covered by Novartis); 5-week holiday per year; (1 week above the Labour Law requirement) ; 4 paid sick days within one calendar year in case of absence due to sickness without a medical sickness report; Cafeteria employee benefit program – choice of benefits from Benefit Plus Cafeteria in the amount of 12,500 CZK per year; Meal vouchers in amount of 105 CZK for each working day (full tax covered by company); Car Allowance; MultiSport Card. Find out more about Novartis Business Services: https://www.novartis.cz/

Why Novartis?
Our purpose is to reimagine medicine to improve and extend people’s lives and our vision is to become the most valued and trusted medicines company in the world. How can we achieve this? With our people. It is our associates that drive us each day to reach our ambitions. Be a part of this mission and join us! Learn more here: https://www.novartis.com/about/strategy/people-and-culture

Join our Novartis Network: If this role is not suitable to your experience or career goals but you wish to stay connected to learn more about Novartis and our career opportunities, join the Novartis Network here: https://talentnetwork.novartis.com/network

Accessibility and accommodation:
Novartis is committed to working with and providing reasonable accommodation to all individuals. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the recruitment process, or in order to receive more detailed information about the essential functions of a position, please send an e-mail to and let us know the nature of your request and your contact information. Please include the job requisition number in your message.