I&t Risk and Compliance Management

CSL Vifor part of CSL is a world leading Nephrology, Iron Deficiency and Cardio-Renal pharmaceutical company and are experiencing rapid growth due to pipeline realization and optimization. In addition, due to the integration of Vifor into CSL a new position has arisen within the Cybersecurity, Compliance and Risk team as a I&T Risk and Compliance Management lead.

This position will focus on Risk Management activities and compliance including mastery of Risk registers and risk mitigation strategies and audit and inspection for IT related topics in QA and computer validation. Experience within a pharmaceutical or GxP setting is preferred as is some German Language capabilities. Fluent English is essential.

**Accountabilities**:

- Management of the Information Risk Management (IRM) framework and tooling
- Execute maturity and risk assessments on IT systems and services, identify risk and propose/agree mitigation measures with IT and business
- IT risk management: risk register, tracking, and reporting to enterprise risk management functions
- Operation and management of GRC solution
- Interface and partner with IT colleagues (all levels), business and other enabling functions (e.g.: internal audit, compliance, legal, data privacy, quality) for risk and compliance activities
- Oversee supplier assessment management framework
- Be informed on new regulations and assess impacts on security, data privacy, GxP, and compliance
- Act as SPOC for internal/external audits and inspections related to Security, IT and IT quality aspects
- Prepare SMEs for audits and inspections
- Coordinate IT efforts to support external due diligence, audits, and inspections and prepare official responses/evidences
- Coordinate and track deviation and recommendation resulting from audits and inspections
- Prepare permanent and ad-hoc risk assessments and reports
- Support the implementation of IT quality processes
- Set risk appetite and risk limits, establish and monitor key risk indicators, providing effective challenge to business heads
- Contribute to development of enterprise risk models and strategies
- Build relationships with key stakeholders within IT and the business

**Experience**:

- Minimum 7 years of experience in IT Risk and Compliance management,
- Experience with information security framework (e.g.: IS027001, NIST)
- Preferred experience in life science / pharmaceutical industry and with related regulations (e.g.: CSV, GAMP)
- Preferred experience with ITIL/COBIT frameworks as well as project management (e.g.: PMI PMP)
- Comfortable and proven in dealing with senior members of staff, architecture committees, key stakeholders and external auditors
- Fluent English Language is essential

**Education**:

- Bachelor or master’s degree in Risk Management / Information Security / Business Management or a similar profile
- Preferred: information security and risk management certifications (e.g. CISA, CRISC, IRM)
- Preferred: German language capabilities desired but not essential

**About CSL Vifor**:
CSL Vifor aims to become the global leader in iron deficiency and nephrology.

The company is a partner of choice for pharmaceuticals and innovative patient-focused solutions across iron, dialysis, nephrology and rare conditions. CSL Vifor strives to help patients around the world with severe, chronic and rare diseases lead better, healthier lives. It specializes in strategic global partnering, in-licensing and developing, manufacturing and marketing pharmaceutical products for precision patient care.

**We want CSL to reflect the world around us**:
As a global organization with employees in 35+ countries, CSL embraces diversity and inclusion. Learn more about Diversity & Inclusion at CSL.

**Do work that matters at CSL Vifor**: