Key Responsibilities

Information Security Compliance & Governance

• Lead the design, implementation, and monitoring of security compliance programs aligned with HIPAA, SOX, NIST, CSA, and other relevant frameworks.
• Ensure adherence to internal ISRM (Information Security Risk Management) policies and procedures.
• Maintain up-to-date documentation and evidence for audits and regulatory inspections.

Risk Management & Audit Coordination

• Own the end-to-end lifecycle of security risk assessments, including identification, evaluation, mitigation planning, and tracking.
• Coordinate internal and external audits, ensuring timely and accurate responses to findings.
• Develop and maintain risk registers and dashboards for leadership visibility.

Technical Security Oversight

• Provide subject matter expertise on security controls related to:
• Firewalls and network segmentation
• Windows end-user systems and SCCM configurations
• Active Directory security and access management
• Vulnerability management tools and remediation workflows
• Collaborate with IT infrastructure and endpoint teams to ensure secure configurations and patch compliance.

Metrics, Reporting & Continuous Improvement

• Define and track key performance indicators (KPIs) and control effectiveness metrics.
• Lead gap and vulnerability forums, driving remediation actions with stakeholders.
• Recommend and implement enhancements to compliance monitoring tools and processes.

Stakeholder Engagement & Training

• Act as a trusted advisor to business and IT teams on compliance and risk topics.
• Deliver training and awareness sessions on security policies, audit readiness, and risk mitigation strategies.
• Represent the function in cross-functional governance forums and risk committees.

Required Skills & Experience

Mandatory

• Proven experience in Information Security Compliance, Risk Management, and Audit Readiness.
• Deep understanding of regulatory frameworks: HIPAA, SOX, NIST, CSA.
• Strong technical knowledge of firewalls, networks, SCCM, Windows systems, and Active Directory.
• Hands-on experience with vulnerability management processes.

Preferred

• Experience in a regulated industry (e.g., pharma, healthcare, finance).
• Familiarity with ISRM tools and GRC platforms.
• Certifications such as CISA, CISM, CISSP, or CRISC.

Total Relevant Experience

13–16 years of progressive experience in Information Security, Compliance, Risk Management, or related domains, with a proven track record of leading cross-functional initiatives and audit programs in complex enterprise environments.

You’ll receive: You can find everything you need to know about our benefits and rewards in the Novartis Life Handbook. http://www.novartis.com/careers/benefits-rewards

Commitment to Diversity and Inclusion: 
Novartis is committed to building an outstanding, inclusive work environment and diverse teams' representative of the patients and communities we serve.

Accessibility and accommodation 
Novartis is committed to working with and providing reasonable accommodation to individuals with disabilities. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the recruitment process, or in order to perform the essential functions of a position, please send an e-mail to [email protected] and let us know the nature of your request and your contact information. Please include the job requisition number in your message

Join our Novartis Network: If this role is not suitable to your experience or career goals but you wish to stay connected to hear more about Novartis and our career opportunities, join the Novartis Network here: 
http://talentnetwork.novartis.com/network