Assoc. dir. business information security expert isc (xico)

summary

• support implementation of enterprise information security risk and control processes to protect patients and company information both internally and at third parties.
• implement activities to establish security governance principles and processes across functions leveraging enterprise policies, awareness and training programs as well as in-country business partnering.

major accountabilities

• ensure security risks are managed in line with isrm strategy, the policy framework, laws and regulations and best industry standards; collaborate with business to understand threats and ensure novartis’ most critical business processes and data are protected.
• ensure implementation of the information management framework to safeguard the integrity, confidentiality and availability of information owned, controlled or processed by novartis.
• deliver effective security training and awareness programs and coordinate delivery across functions and countries.
• manage compliance with relevant country regulations.
• support software asset and records management governance and deliver services to support business operations as well as for mergers, acquisitions and divestitures.
• assess security risks around third parties and deliver services to reduce exposure.
• perform assessments and verification of achieved quality levels and risks in respect to external legislative and regulatory requirements, as well as internal policies.
• manage relationships at a functional level across divisions, countries and tt.
• establish close collaboration with stakeholders to facilitate alignment with policies, risks as well as internal and external audits.
• monitor adherence of the defined governance principles to ensure expected value is delivered.
• take responsibility to ensure adherence with security and compliance policies and procedures within the information management policy scope.

key performance indicators

• effectiveness of oversight and leadership around information security risk and compliance activities.
• transparency level of risks across the enterprise.
• governance elements and principles established and enforced with high efficiency and effectiveness.
• levels of collaboration/working relationship achieved with enterprise senior management.

work experience

• accountability.
• strategy development.
• influencing without authority.
• relationship management.
• collaborating across boundaries.
• interactions with senior management.
• experience working cross-functionally and trans-nationally.

skills

• business partnering.
• communication skills.
• cyber security.
• influencing skills.
• information security.
• it governance.
• risk management.
• stakeholder management.

languages

• english.
• spanish.

division: operations
business unit: cts
location: mexico
site: insurgentes
company / legal entity: mx06 (fcrs = mx006) novartis farmacéutica s.a. de c.v.
functional area: technology transformation
job type: full time
employment type: regular
shift work: no