Description
- Provide guidance to project teams in fulfilling the ISRM controls framework, policies and procedures requirements.
- Monitor and Support adherence to information security, risk and compliance requirements.
- Analyse and Facilitate right risk quantification with multiple stakeholders, so that right actions get triggered and escalate as necessary.
- Prepare, Facilitate, review and present Risk Meetings.
- Oversee and get remediated as needed quality of operational documents, records and trainings for supported IT function/business organization to ISRM and QMS requirements.
- Analyze gaps/Failed controls to synthesize and identify and Document risks.
- Ensure gap remediation and Quality and timeliness of Maintenance.
- Monitor KPIs and Initiate actions with Stakeholders.
- Ensure and facilitate identification of quality and compliance issues, gaps/risks and violations, and raising of Exceptions and Deviations.
- Facilitate, review and present Audit closure/extension requests.
- Lead quality of information improvement governance repositories of HLCCD/IRM/3PAS/IT360.
- Guide project teams/PQMs to assess potential security and compliance risks.
- Facilitate identification of gaps/risks that are beyond scope of Projects/Ops activity.
- Define plan and approach for implementation of Security and Compliance policies and procedures, eg IT Sec Baselines, Qualification.
- Trigger the usage of Compliance and Security Services including and through PQMs.
- Identify and get included the usage of PQM as a service in the CARs.
- Monitor Quality of output from Compliance and Security Services and provide feedback and track to closure or escalate through risk register.
- Analyse impact of new technologies and regulative changes on information security.
- Cascade information to IT function.
- Support implementation and monitoring of the Information Governance Framework within IT function to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the Novartis Organization.
- Contribute and get decisions arrived on QMS and IGM requirements, and ISRM industry standards and practices.
- Guide and facilitate usage of various ISRM services, eg SME guidance, Control Maturity Assessment, Security Risk Assessment, Penetration Testing, Third Party Assessment, etc.
Skills Required
Able to manage direct relations with stakeholders and project team members.