Your responsibilities include, but are not limited to:
- Ensure information risks are relevant, well-documented and efficiently managed. Perform periodic data quality checks and work with compliance teams on data quality improvement.
- Collaborate with information security teams (e.g. Security Operations, Vulnerability Management, etc.) to understand risk posture and identify emerging concerns.
- Analyze information risk data to identify trends and insights, summarize key findings and recommendations.
- Track key performance indicators in the information management area.
- Prepare reports for leadership, e.g. material for Information Risk Committee meetings, etc.
- Participate in the maintenance and continuous improvement of the Information Risk Management process and tool. Provide the process and tool training and end-user support.
- Help build foundations for Risk Quantification (assessing risk impact in financial terms).
What you will bring to the role:
- 2-4 years of experience in IT or IT Security
- Practical (hands-on) experience with risk management, IT consulting and/or IT audit
- Strong analytical and problem-solving skills, as well as management reporting experience.
- Excellent communication skills and stakeholder management, with ability to articulate complex risk scenarios to technical and non-technical stakeholders.
- Ability to work independently, take ownership on a task and deliver through completion, as well as good teamwork and collaborative approach
- strong interest in risk management and information security, with curiosity and willingness to grow and develop within the team and Novartis
Desirable:
- Professional information security and/or risk management certification (e.g. CISSP, CISM, CRISC, Management of Risk, etc.) is a plus.
- experience with ServiceNow.
