Sr. Spec. DDIT ISC Gov GxP Assessments

Summary

We are looking for a motivated and skilled professional to join our DDIT ISC Governance GxP Assessments team as a Sr. Specialist. This role involves performing Control Assessments (CAs), identifying deficiencies, and reporting risks. The Sr. Specialist will also be integral in tracking risks and supporting initiatives beyond routine assessments. Furthermore, the individual will assist in developing and delivering awareness sessions and trainings related to Control Assessments.

About the Role

Job Description/ Major Responsibilities

• Conduct Control Assessments and assist in IT Compliance Services delivery across different assets, including in-house applications, SaaS systems, mobile apps, technical platforms, OS, and databases.
• Identify control deficiencies and potential risks during assessments.
• Track and monitor remediation progress.
• Help develop and update awareness sessions/trainings and deliver mandatory trainings to keep the team informed on control requirements and best practices.
• Assess complex technology risks and internal controls, identifying opportunities for improvement.
• Contribute to audit efficiency through automation and continuous control monitoring.

Key Performance Indicators/ Measures of Success

• Number of assessments done versus planned according to defined service levels.
• Identified deficiencies and potential risks from the assessment.
• SMART criteria used for defining recommendations and remediation actions.
• The 4-eyes principle is applied to ensure peer review, with report quality assessed against expected standards.

Minimum Requirements

• Bachelor's degree in computer science, Information Systems, Accounting, or a related field. Advanced degree (Post Graduation) preferred.
• Professional certifications such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or similar credentials preferred.

Work Experience

• Minimum of 5 years of experience in IT audit, IT risk management, IT compliance, or a similar role.
• Strong understanding of SOX compliance requirements, internal control frameworks (e.g., COSO), and IT auditing standards (e.g., COBIT).
• Knowledge of IT systems and processes, including system development life cycle (SDLC), IT infrastructure, and cybersecurity.
• Knowledge of SOC Compliance (SOC1/SOC2) and skill in analyzing findings.

Language

• Business fluent in English (written and spoken)

Why Novartis: Helping people with disease and their families takes more than innovative science. It takes a community of smart, passionate people like you. Collaborating, supporting and inspiring each other. Combining to achieve breakthroughs that change patients' lives. Ready to create a brighter future together? https://www.novartis.com/about/strategy/people-and-culture

Join our Novartis Network: Not the right Novartis role for you? Sign up to our talent community to stay connected and learn about suitable career opportunities as soon as they come up: https://talentnetwork.novartis.com/network

Benefits and Rewards: Read our handbook to learn about all the ways we'll help you thrive personally and professionally: https://www.novartis.com/careers/benefits-rewards

Division
Operations

Business Unit
CTS

Location
India

Site
Hyderabad (Office)

Company / Legal Entity
IN10 (FCRS = IN010) Novartis Healthcare Private Limited

Functional Area
Technology Transformation

Job Type
Full time

Employment Type
Regular

Shift Work
No