IT Risk and Compliance Management

Ort: Switzerland - Glattbrugg/Zurich

Senioritätslevel: Senior Manager

Ihr Profil

CSL Vifor part of CSL is a world leading Nephrology, Iron Deficiency and Cardio-Renal pharmaceutical company and are experiencing rapid growth due to pipeline realization and optimization. In addition, due to the integration of Vifor into CSL a new position has arisen within the Cybersecurity, Compliance and Risk team as a I&T Risk and Compliance Management lead.

This position will focus on Risk Management activities and compliance including mastery of Risk registers and risk mitigation strategies and audit and inspection for IT related topics in QA and computer validation. Experience within a pharmaceutical or GxP setting is preferred as is some German Language capabilities. Fluent English is essential.


        Management of the Information Risk Management (IRM) framework and tooling

        Execute maturity and risk assessments on IT systems and services, identify risk and propose/agree mitigation measures with IT and business

        IT risk management: risk register, tracking, and reporting to enterprise risk management functions

        Operation and management of GRC solution

        Interface and partner with IT colleagues (all levels), business and other enabling functions (e.g.: internal audit, compliance, legal, data privacy, quality) for risk and compliance activities

        Oversee supplier assessment management framework

        Be informed on new regulations and assess impacts on security, data privacy, GxP, and compliance

        Act as SPOC for internal/external audits and inspections related to Security, IT and IT quality aspects

        Prepare SMEs for audits and inspections

        Coordinate IT efforts to support external due diligence, audits, and inspections and prepare official responses/evidences

        Coordinate and track deviation and recommendation resulting from audits and inspections

        Support and coordinate qualification and validation projects of GxP relevant IT systems, services and applications

        Prepare permanent and ad-hoc risk assessments and reports

        Support the implementation of IT quality processes

        Set risk appetite and risk limits, establish and monitor key risk indicators, providing effective challenge to business heads

        Contribute to development of enterprise risk models and strategies

        Build relationships with key stakeholders within IT and the business


        Minimum 7 years of experience in IT Risk and Compliance management,

        Experience with information security framework (e.g.: IS027001, NIST)

        Preferred experience in life science / pharmaceutical industry and with related regulations (e.g.: CSV, GAMP)

        Preferred experience with ITIL/COBIT frameworks as well as project management (e.g.: PMI PMP)

        Comfortable and proven in dealing with senior members of staff, architecture committees, key stakeholders and external auditors

        Fluent English Language is essential


        Bachelor or master’s degree in Risk Management / Information Security / Business Management or a similar profile

        Preferred: information security and risk management certifications (e.g. CISA, CRISC, IRM)

        Preferred: German language capabilities desired but not essential

Über uns

Inhalt ein-/ausblenden


Richtlinien für Agenturen