- Location
- Telangana (Sandoz), India
- Type
- Full-time
- Experience
- 15+ years
- Closing date
- Today
- Source
- Workday
Description
Job Description Summary
Sandoz continues to go through an exciting and transformative period as a global leader and pioneering provider of sustainable Biosimilar and Generic medicines. As we continue down this new and ambitious path, unique opportunities will present themselves, both professionally and personally. Join us, the future is ours to shape!The GRC Assurance Partner is a key member of the Information Security, Resilience and Compliance (ISRC) organization, responsible for strengthening security governance, risk management, and compliance practices across Sandoz. This role acts as a trusted advisor to business and technology stakeholders, driving security control implementation, risk-informed decision making, governance reporting, and continuous improvement of the organization's security posture.
Job Description
Your Key Responsibilities:
Your responsibilities include, but not limited to:
Serve as the primary ISRC contact for assigned regions and supported product domains/functions, providing practical guidance on security, compliance, and risk-related matters.
Partner with business and technology leadership to define security requirements, support prioritization, and promote risk-based decision-making.
Drive the adoption and consistent implementation of ISRC processes, controls, and governance frameworks across supported areas.
Manage the security and compliance posture of technology assets and services, ensuring ownership, accountability, and adherence to defined security requirements.
Support security control implementation by advising on control design, facilitating evidence collection, and coordinating with control owners and security architects.
Manage control deficiencies and security findings through remediation, tracking, validation, and timely closure.
Administer the risk exception process, ensuring appropriate approvals, compensating controls, periodic reviews, and remediation activities.
Support audits, compliance assessments, asset classification activities, third-party risk reviews, and security awareness initiatives while providing executive-level security reporting and metrics.
KPI: Percentage of security findings, control deficiencies, and risk exceptions closed within agreed timelines.
What you'll bring to the role:
Essential Requirements:
Bachelor’s degree, or equivalent experience, in Computer Science, Information Technology, Engineering, or a related discipline.
Minimum 15 years of experience in information security, technology risk management, or a related field.
Proven experience partnering with business and technology teams across regional or enterprise portfolios.
Strong knowledge of information security frameworks and standards such as ISO 27001, NIST, and CIS Controls.
Experience applying security and risk management principles across product development, cloud environments, and third-party ecosystems.
Demonstrated ability to manage governance processes, risk assessments, audits, compliance activities, and executive reporting.
Strong program and project management capabilities with experience handling multiple priorities and stakeholders.
Ability to translate technical security risks into business impact and influence decision-making at multiple organizational levels.
Essential Skills: Excellent communication, stakeholder management, consulting, collaboration, and continuous improvement mindset with the ability to influence without direct authority.
Languages: Fluent written and spoken English.
Desirable Requirements:
Professional certifications such as CISSP, CISM, CISA, or equivalent information security credentials.
Experience with privacy regulations, regulatory compliance requirements, and pharmaceutical industry environments.
You'll receive:
Competitive compensation and performance-related rewards.
Flexible and hybrid working opportunities.
Comprehensive health and wellness benefits.
Learning and development programs to support continuous professional growth.
Access to global career development and internal mobility opportunities.
Inclusive, collaborative, and purpose-driven work environment focused on innovation and impact.
Why Sandoz?
Generic and Biosimilar medicines are the backbone of the global medicines industry. Sandoz, a leader in this sector, provided more than 900 million patient treatments across 100+ countries in 2024 and while we are proud of this achievement, we have an ambition to do more!
With investments in new development capabilities, production sites, new acquisitions, and partnerships, we have the opportunity to shape the future of Sandoz and help more patients gain access to low-cost, high-quality medicines, sustainably.
Our momentum is powered by an open, collaborative culture driven by our talented and ambitious colleagues, who, in return for applying their skills experience an agile and collegiate environment with impactful, flexible-hybrid careers, where diversity is welcomed and where personal growth is supported!
Join us!
Skills Desired
Communication Skills, Compliance Audits, Compliance Management, Compliance Risk Assessment, Compliance Training, Influencing Skills, Quality Assurance