GRC Lead :: Onsite

Role Overview

Information Security & Compliance Consultant supporting pharmaceutical supply chain and Advanced Therapies (Car-T) IT platforms. Responsible for security controls, risk assessments, and regulatory compliance across global projects.

Key Responsibilities

• Conduct security risk assessments for supply chain and Advanced Therapies applications

• Provide security consulting to ensure Minimum Viable Security (MVS)

• Implement and monitor application security controls (change, incident, access management)

• Ensure compliance with SOX, GxP, GDPR, IAPP, and internal policies

• Advise business and IT teams on secure system design and regulatory needs

• Perform incident trending, vulnerability assessments (static/dynamic), and remediation planning

• Maintain security metrics, risk dashboards, and assessment status reports

• Act as central security contact and coordinate with ISRM teams

• Oversee interns/contractors and support key security initiatives

Required Qualifications

• Bachelor’s degree in IT / Computer Science

• 7 years in application security and controls consulting

• Strong knowledge of web/cloud applications, SOX, and security principles

• Excellent communication and documentation skills

Preferred Skills

• Certifications: CISSP, CISM, CISA

• Pharma systems security experience

• Knowledge of Car-T, GxP, GDPR, privacy, and risk management