Global ISRC Specialist for Europe

Sandoz continues to go through an exciting and transformative period as a global leader and pioneering provider of sustainable Biosimilar and Generic medicines. As we continue down this new and ambitious path, unique opportunities will present themselves, both professionally and personally. Join us, the future is ours to shape!

Job Summary

Supporting the implementation of local or EU IT related regulations (e.g. NIS2) and management of technology and information risk and compliance management processes across Sandoz Region Europe and partnering with Technology Product Domains (Customer Engagement (CE), Global Development Pipeline & Portfolio (GDPP) and Core Technology (Infrastructure, Information Security & Risk & Compliance (ISRC) and Enterprise Application Services (EAS))) in regards to security and compliance related topics. Additionally, assist with learning and awareness activities, with the reporting of cybersecurity metrics and providing trend analysis to leadership.

Your Key Responsibilities

Your responsibilities include, but are not limited to:

• Coordinate NIS2 readiness in Germany & Austria, engaging with Country Leadership and STO site Heads.
• Oversee compliance of local Operation Technology (OT) and support its implementation .
• Act as an Information Security Partner for the business Region Europe and the Product Domains of Customer Engagement (CE), Global Development Pipeline & Portfolio (GDPP) and Core Technology (Infrastructure, Information Security & Risk & Compliance (ISRC) and Enterprise Application Services (EAS)), including collaboration with Business Information Security Managers/Experts (BISM/E), Domain Quality Managers (DQM), Information Security & Compliance Champions (ISCCs) and Project Quality Managers (PQM).
• Influence a network of Information Security & Compliance Champions (ISCCs) sitting within the business, in Manufacturing (e.g., Austria, Germany, Slovenia), Development (Austria, Slovenia) and Commercial sites (Germany, Switzerland), and the Product Domains to act as the information security and risk management first point of contact .
• Assist the creation of the regional cyber security strategy in line with the global cyber security strategy and business objectives and considering key threats and vulnerabilities, client requirements, regulatory requirements, and technology trends.
• Support global cyber security policy and standards adoption within the Region Europe and the Product Domains and act as the cyber security evangelist. Serve as the voice of ISRC within the Region Europe and the Product Domains and the voice of the region Europe to Global ISRC.
• Provide guidance to Business and Technology regarding internal and external Audits, Third Party Risk Management assessments and responses; Issue and Exceptions Request Processing; and Regulatory Requirements and Reporting (e.g., EMA, FDA, ICO, BSI, DSN) regarding cyber and information security.
• Support the implementation and operation of cyber risk management processes across Sandoz Europe and the product domains in line with the IMF framework and the global delivery of information security services .
• Support and collaborate in maintaining executive and operational cybersecurity and risk metric requirements for consolidated global reporting to provide the global lead of ISRC with actionable insights, KPIs and KRIs globally and within the region Europe and the Product Domains .
• Monitor security and compliance metrics and drive cyber security policy and standards adoption within the region and within the in-scope Product Domains .
• Partake in the promotion of security Awareness Campaigns, Trainings and Table-Top Exercises at multiple levels and across IT and Business functions, e.g. Sandoz Emergency Management (SEM Tiers 1, 2 and 3). Support tailoring content and delivery to local / business specificities.
• Support the development and maintenance of the Sandoz ISRC Incident Response Plan inclusive of Microsoft Security Service for Enterprise (MSSE) Security Event and Incident Management (SEIM) Process and Security Operating Model (SOM).

Experience:

• At least 5 years of previous experience in Information Security and Compliance; experience of risk management in a regulated environment
• Previous knowledge of cyber threats and regulatory requirements in Europe, ideally with previous experience in the Life Science industry
• Previous knowledge of industry standards such as ISO 27001, CIS Controls, NIST, Cyber Essentials
• Ability to engage effectively with employees, external partners, and other stakeholders
• Good communication and interpersonal skills
• Strong time management skills with the ability to multitask and remain calm during demanding situations
• Entrepreneurial mindset driven by curiosity, continuous improvement, and interest in technical advancements and trends
• Certification or accreditation in Information Security (CISM, CISA, CISSP etc.) is a plus
• Fluent in English & German is essential for this role

Why Sandoz?

Generic and Biosimilar medicines are the backbone of the global medicines industry. Sandoz, a leader in this sector, provided more than 900 million patient treatments across 100+ countries in 2024 and while we are proud of this achievement, we have an ambition to do more!

With investments in new development capabilities, production sites, new acquisitions, and partnerships, we have the opportunity to shape the future of Sandoz and help more patients gain access to low-cost, high-quality medicines, sustainably.

Our momentum is powered by an open, collaborative culture driven by our talented and ambitious colleagues, who, in return for applying their skills experience an agile and collegiate environment with impactful, flexible-hybrid careers, where diversity is welcomed and where personal growth is supported!