Role : Cybersecurity Compliance Expert
Location : Hyderabad
Our Team:
Our Governance, Risk & Compliance team, reporting directly to the CISO alongside the Security Architecture and Security Operations & SOC teams, plays a pivotal role in safeguarding the organization's assets and ensuring regulatory compliance. Under the leadership of the Governance, Risk & Compliance Lead, this team ensures our organization's technological infrastructure is secure, compliant, and resilient against evolving cyber threats.
Main responsibilities:
The Compliance FTE, reporting to the GRC Lead, will play a pivotal role in ensuring regulatory adherence and operational integrity within the Governance, Risk & Compliance team. This role focuses on maintaining compliance with industry standards, policies, and regulatory requirements to mitigate legal and operational risks effectively. Key responsibilities include:
- Strategy & Roadmap (incl. budget)
- Refresh cyber strategy at least every 18 months and ensure it supports the broader organisation strategy.
- Deliver cybersecurity strategy in line with defined roadmap, timelines and milestones.
- Communicate a prioritised, approved and funded cybersecurity roadmap to the broader organisation.
- Manage cybersecurity spend optimisation and benchmark regularly (i.e. every 24 months)
- Performance management & consistency
- Compile data from defined cybersecurity KPIs every month for analysis to drive improvement actions.
- Review outputs of KPIs (real time or periodically depending on metrics) and identify trends/issues with performance, facilitate remediation of issues and refresh KPIs where necessary.
- Stakeholder management
- Prepare and provide Board/ELT with monthly/quarterly updates.
- Define, review, test and update decision rights for the cybersecurity team in the key digital and wider organisation governance forums to ensure effective and appropriate decision making related to cybersecurity.
- Capability building
- Design, implement and maintain training/awareness programs for the wider org.
- Ensure cybersecurity team has the right capabilities through training and evaluation.
- Manage activities with cross-team dependencies
- Provide guidance for key digital & cloud initiatives from a cybersecurity standpoint.
- Manage insurance coverage aligned with board and leaders across wider organisation.
About you
- Experience:
- 5-10 years of professional experience (equivalent combination of experience and education accepted)
- Previous work in an international environment.
- Demonstrated experience in cybersecurity compliance roles, focusing on strategic planning and execution.
- Proven track record of contributing to the development and implementation of cybersecurity strategies aligned with compliance standards and organizational goals.
- Experience in developing and implementing cybersecurity strategies that align with compliance standards and organizational objectives.
- Experience in managing cybersecurity performance metrics and KPIs to ensure continuous compliance and improvement.
- Experience collaborating with Security Architect and Operations teams in a feedback loop.
- Ability to develop and communicate policies based on feedback from the Security Architect team.
- Soft skills:
- Broad experience in working in large digital teams, with an understanding of how digital and business processes are linked.
- Expertise in stakeholder engagement and communication related to cybersecurity compliance, particularly with senior leadership and external auditors.
- Ability to design and execute training programs to enhance compliance awareness and build cybersecurity capabilities across the organization.
- Skilled problem solver and self-starter.
- A hands-on pragmatic attitude to driving change.
- Positive, "can-do" attitude.
- Technical skills:
- Experience with AGILE or similar project management frameworks.
- Working knowledge of common information security management frameworks (ISO/IEC 27001, ITIL, NIST, NISD, CISSP/CCSP, QxP, CIS20).
- Understanding of cybersecurity compliance frameworks and regulations (e.g., GDPR, CCPA, HIPAA, SOX) relevant to digital domains (network, cloud, endpoint, applications, data).
- Strong knowledge of cybersecurity risk management principles and practices, including risk assessment and mitigation strategies.
- Education:
- Bachelor’s and master’s degree (preferred) in any of the following fields of study: Information Technology, Computer Science, Cybersecurity or Information Security
- Languages:
Pursue progress, discover extraordinary
Better is out there. Better medications, better outcomes, better science. But progress doesn’t happen without people – people from different backgrounds, in different locations, doing different roles, all united by one thing: a desire to make miracles happen. So, let’s be those people.
At Sanofi, we provide equal opportunities to all regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, or gender identity.
Watch our ALL IN video and check out our Diversity Equity and Inclusion actions at sanofi.com!
Pursue
progress, discover
extraordinaryBetter is out there. Better medications, better outcomes, better science. But progress doesn’t happen without people – people from different backgrounds, in different locations, doing different roles, all united by one thing: a desire to make miracles happen. So, let’s be those people.
At Sanofi, we provide equal opportunities to all regardless of race, colour, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, ability or gender identity.
Watch our ALL IN video and check out our Diversity Equity and Inclusion actions at sanofi.com!
