跳至主要内容
两名身穿白色实验室外套的女性一起看着电脑屏幕

Cybersecurity Risk & Governance Expert

海得拉巴, 印度 Permanent 发布日期 Nov. 18, 2024
立即申请

Role : Cybersecurity risk & governance expert

Location : Hyderabad

Our Team:

Our Governance, Risk & Compliance team, reporting directly to the CISO alongside the Security Architecture and Security Operations & SOC teams, plays a pivotal role in safeguarding the organization's assets and ensuring regulatory compliance. Under the leadership of the Governance, Risk & Compliance Lead, this team ensures our organization's technological infrastructure is secure, compliant, and resilient against evolving cyber threats.

Main responsibilities:

The Governance & Risk FTE, reporting to the GRC Lead, will play a pivotal role in ensuring robust risk management and governance within the Governance, Risk & Compliance team. This role focuses on orchestrating risk appetite decisions, conducting thorough risk assessments and penetration testing, managing third-party risks, supporting governance-driven activities, and overseeing data privacy initiatives. Key responsibilities include:

  • Risk appetite & management
    • Orchestrate decisions on cyber risk appetite for the organisation in collaboration with the broader business
    • Define and deliver risk reporting plans and key indicators
    • Assess risk and govern the process of updating risk appetite at least every 12 months in coordination with other teams
    • Monitor compliance to cyber policies across the organisation (incl. policies & tech standards, DLP, IAM)
  • Risk assessment & pen testing
    • Conduct risk assessments at least every 6 months across all environments
    • Conduct penetration testing at least every 3-6 months across most (>75%) on-premise and cloud environments
    • Prepare vulnerability disclosure reports on outward facing systems (in the future)
  • Third party management support
    • Design, review and update supplier risk assessment frameworks (incl. criteria for tiering of vendors)
    • Communicate cyber policies to strategic vendors, assess their cybersecurity risk and compliance at least every 12 months and based on need, and drive remediation/mitigation of risks
    • Review the cybersecurity risk posed by the supply chain of all strategic vendors at least every 12 months
    • Monitor deployed 3rd party HW/SW for vulnerabilities and ensure compliance
  • Support GRC-driven activities
    • Support the definition of cybersecurity-related enterprise standards, policies and controls
    • Support audits covering risk-centric assessments (incl. follow up findings with corrective measures), provide inputs to regulatory and compliance teams on cybersecurity risk; support the deployment of corporate compliance programs
  • Data privacy
    • Define data privacy policies and standards and monitor compliance across the organisation from legal/regulatory perspective
    • Support of Global Data Privacy program (e.g., managing requests across regions, mapping of data and specific regulations, coordination with Global GBS)
    • Management of data process agreements (incl. review of contracts, annual assessment re-evaluation)

About you

  • Experience:
    • 5-10 years of professional experience (equivalent combination of experience and education accepted)
    • Previous experience in implementing ISO27001 and NIS-2
    • Previous work in an international environment.
    • Demonstrated experience in working within cybersecurity teams, particularly in governance and risk.
    • Proven track record of contributing to the design and implementation of governance and risk solutions aligned with organizational goals and regulatory requirements.
    • Experience collaborating with Security Architect and Operations teams in a feedback loop.
    • Ability to develop and communicate policies based on feedback from the Security Architect team.
  • Soft skills:
    • Broad experience in working in large digital teams, with an understanding of how digital and business processes are linked.
    • Stakeholder management and communication skills, especially when interacting with senior leadership.
    • Skilled problem solver and self-starter.
    • A hands-on pragmatic attitude to driving change.
    • Positive, "can-do" attitude.
  • Technical skills:
    • Experience with AGILE or similar project management frameworks.
    • Working knowledge of common information security management frameworks (ISO/IEC 27001, ITIL, NIST, NISD, CISSP/CCSP, QxP, CIS20).
  • Education:
    • Bachelor’s and master’s degree (preferred) in any of the following fields of study: Information Technology, Computer Science, Cybersecurity or Information Security
  • Languages:
    • English

Pursue progress, discover extraordinary

Better is out there. Better medications, better outcomes, better science. But progress doesn’t happen without people – people from different backgrounds, in different locations, doing different roles, all united by one thing: a desire to make miracles happen. So, let’s be those people.

At Sanofi, we provide equal opportunities to all regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, or gender identity.

Watch our ALL IN video and check out our Diversity Equity and Inclusion actions at sanofi.com!

追寻 发展探索 菲凡

进步需要我们每个人的参与——不论其背景、地域、或职业,我们都有一个共同的愿望:创造奇迹。你也可以成为其中的一员。我们不断追求变革,拥抱新思想,探索我们所能提供的一切机会。让我们一起追求进步。共同发现非凡。

在赛诺菲,不分种族、肤色、血统、宗教、性别、国籍、性取向、年龄、公民身份、婚姻状况、残疾或性别认同,我们为所有人提供平等的机会。

观看 “在赛诺菲的一天” ,并在官网 (sanofi.com) 上查看赛诺菲的多元化、公平与包容倡议!

立即申请
  • 您还没有查看任何职位。

  • 您还没有保存任何职位。

男人的侧面,在贴满便条的墙前微笑

共享中心

从波哥大到布达佩斯,从吉隆坡到海得拉巴,我们的版图上处处都有您的全力付出。如果您选择在共享中心施展抱负,您将身处全球变革的中心。我们无惧艰难,并肩作战,努力缩短新药抵达患者手中的时间。您将充分发挥创造力,成就独一无二的自我,从而帮助其他人拥有健康生活。让我们努力探索先进科技,改变更多人的生活。

体验可能性

  • Ama

    Ama puts her project management techniques and ServiceNow knowledge to use to help advance Sanofi’s Digital Data operating model. Learn how our team connects data and AI to do what’s never been done before.

    了解更多
  • Cambridge Crossing

    We're bringing together 2,500 people from across our organization — R&D, Medical, Commercial and Global colleagues all working to realize the power of collaboration.

    了解更多
  • Innovation in Action

    Our flexible lab of the future will transform how we conduct research, while our innovation center will be fully integrated with existing R&D locations.

    了解更多
  • Sanofi’s AI Centre of Excellence in Toronto

    The Centre is focused on using leading technologies to develop world-class data and artificial intelligence (AI) products to create value for the health sector.

    了解更多
  • Sanofi Canada's Philanthropic Efforts

    By chasing the miracles of science to improve people’s lives, we surprise ourselves with what we can achieve. Our team is humbled by the impact our efforts make.

    了解更多
  • Sustainable and Green

    Our new facility was built to minimize the environmental impact — helping protect our planet and people. Using resources efficiently, we're providing greener, healthier workspaces.

    了解更多
  • 您保存的职位

    了解更多
  • 了解更多
  • 我们的办公地点

    我们的员工遍布60多个国家/地区。他们勠力同心,携手共创医疗健康领域的美好未来。无论您在哪里工作,我们的专家都会指导您推动职业发展,您也将能够运用先进的科学技术,取得意义非凡的重大突破。

    了解更多
  • 勇敢追梦,奔赴美好未来

    想要改变自己的生活,乃至改变全球数百万人的生活,该怎么做?加入我们,开启职业新篇章,然后在我们的保驾护航中展翅高飞,并向优秀的人求教,为这份事业做出切实的贡献。

    了解更多
  • 您和我们相互依存,共同成长

    我们精心打造薪酬体系,为您的身心健康、财务健康与社交健康提供全面保障。我们有着海纳百川的包容性团队文化,无论您在哪个岗位,都能展翅高飞。

    了解更多
  • 心怀梦想,成就一番事业

    我们希望您以饱满的热情投入到自己的工作岗位中,给全球数百万人带来美好生活。您的职业发展道路由您自己来掌控。您只管制定目标,我们会提供充足的培训机会和支持,让您得偿所愿。

    了解更多
  • 我们的人与文化

    我们是首个建立多元化、公平性和包容性(DE&I)委员会的制药企业。我们还建立了“菲常联盟”,为每位员工提供发声的平台。您的声音是我们建设未来道路的重要基石。

    了解更多
  • 我们的故事

    我们关注每一个员工的声音。因为,我们的未来取决于所有员工的付出与努力。正因为他们的助力,我们才能追求远大的理想。

    了解更多
  • 为什么选择我们?

    我们为您提供各种工具、支持和培训机会,帮助您实现自己的目标。我们也希望您充分发挥潜力,帮助我们实现目标:将新药研发到临床治疗的时间减半。

    了解更多