| || • Systematically supports the implementation and monitoring of the Novartis IS&RM Policy Framework to ensure that the integrity, confidentiality and availability of information owned, controlled, and/or processed by the CNIBR Organization is assured.
• Ensures implementation of the Novartis IS&RM Framework by establishing required structures and procedures.
• Ensures execution of IS&RM activities according to the IS&RM strategy in alignment with CNIBR’s leadership team and business stakeholders (e.g. QA, Legal, Finance, etc.).
• Works collaboratively as a key contributor with Cyber Security to ensure alignment with the Information Security program and Cyber Security technical controls and strategy.
• Ensures implementation of IS&RM awareness and education programs and sponsors effective communication.
• Ensures that serious information risks and incidents are reported, resolved, and monitored.
• Facilitates the preparation and follow-up on internal and external audit where those audits relate to aspects in scope of IS&RM. Assists in the formulation and creation of documents and maintains the overall IS&RM strategy for the CNIBR Organization following the defined Governance Structure.
• Assists in informing, publicizing and marketing the key aspects of the IS&RM strategy so that all customers, potential customers, staff members, suppliers and other relevant groups are aware of the strategy, how it will be taken forward, and what the value is to the organization. Actively participates in the sponsorship, design and management of IS&RM process and metrics to ensure a robust and effective organization. Validates that all the activities necessary to design, develop, deploy, operate and retire IT services satisfy IS&RM requirements. Assumes responsibility for the optimal design, delivery and deployment of processes, practices and other activities to ensure security of information throughout its lifecycle. Responsible for managing information risks (threats, vulnerabilities, and impact). This includes assessing threats and vulnerabilities of information (and information systems) and evaluating how vulnerable information is to threats.