Governance & Compliance Operations Service Lead (f/m/d), 100%

Bachem is a leading, innovation-driven company specializing in the development and manufacture of peptides and oligonucleotides. With over 50 years of experience and expertise Bachem provides products for research, clinical development and commercial application to pharmaceutical and biotechnology companies worldwide and offers a comprehensive range of services. Bachem operates internationally with headquarters in Switzerland and locations in Europe, the US and Asia. The company is listed on the SIX Swiss Exchange. For further information, see www.bachem.com.

To drive our continuous organic growth, we are looking for highly qualified professionals. To strengthen the Global IT, Security and Compliance (S&C) department we are looking for a dedicated and experienced Governance, Compliance and Operations Excellence Service Lead (f/m/d), 100%.

In this role will be reporting to the Global IT, Information Security, Risk and Compliance Head (CSO).

Your tasks:

• Manage, hire, develop, retain the Governance, Compliance and Operations Excellence team.
• Develop and improve the global information security and compliance framework (ISF): policies, controls, procedures, directives and other governance aligned to the NIST cyber security framework and publications, and to comply with cyber and data protection regulations.
• As the GRC (Governance Risk and Compliance) product owner, lead the GRC processes and technology design and implementation with multiple process owners across S&C, Global IT, Quality Assurance and others. 
• Design, improve and periodically report security and compliance key risk indicators and metrics to support continuous improvements and increase security maturity in our business processes.
• Designs and delivers the education training and awareness services covering information security, data protection and GXP IT Compliance domains.
• Be the central point of contact and support technology and business teams before, during and after customer, internal and external audits of our technology services and processes.
• Identify and implement process, KPIs and metrics to improve and enhance operational efficiency, effectiveness and reduce operational costs.
• Foster a culture of operations excellence and continuous improvement in the security and compliance department.
• Run the project management office, manage the project managers working on the S&C Department projects and initiatives.
• Participate in the selection, and onboarding and management of third-party service providers delivering S&C solutions and services.
• Support the hiring, onboarding and training activities for S&C team members.

Your profile:

• Bachelor's or master's degree in information security, IT, or related field.
• Extensive professional experience in information technology, at least 5 years in roles related to this job role posting - preferably in a pharmaceutical, biotechnology or in other manufacturing organizations.
• Relevant information security professional certifications e.g. CISSP (Certified Information Systems Security Professional), CISM, CRISC, CISA, GSEC-GIAC, ISO 27001 auditor / practitioner.
• Working knowledge, training and or certifications in GRC platforms such as ServiceNow GRC, Archer, MetricStream; and the NIST Cyber Security Framework: Standards, Guidelines and Practises.
• Experience in implementing information security, data protection and GXP IT controls and managing security and compliance risks related to Data Protectio GXP relevant systems, and in accordance with regulations such as EU and UK GDPR, CCPA, EU NIS2, and USA SEC Disclosure Requirements.
• Program or Project management working experience, certifications are a plus.
• You are resilient and take accountability for delivering your work.
• You are passionate about cybersecurity and can coach and help others who come from diverse backgrounds in information technology, compliance, or information security domains.
• You have an elevated level of personal integrity, ability to professionally handle confidential matters and convince others using appropriate level of judgment and maturity.
• You have people management and leadership experience, can develop yourself and others.
• You have strong verbal and written communication skills in English and German is mandatory.
• You are a strong communicator: presentation and training, relationship management, consultation, negotiation.
• You can work in a matrix and geographically dispersed organization.

This role was designed leveraging the USA NIST NICE Framework.

• This role fulfils oversight and governance tasks from the following work roles: Cybersecurity: Policy and Planning, Workforce Management, Curriculum Development, Instruction, work role: Authorizing Official/Designating, Representative, some of Legal Advice. Privacy compliance, Program management, Technology Portfolio Management and Program Auditing. .
• By visiting these pages, you can find more information on the abilities, knowledge, skills, tasks, and capability indicators required to perform on this role at Bachem.
• You can find more details about career progression pathways.

Our offer:

• A dynamic and rapidly growing work environment with internal development opportunities
• Flexible working hours with home office days and an option for obtaining additional vacation days through workload reduction
• Employee development through numerous internal and external training opportunities
• 60% coverage of pension fund contributions by Bachem AG as well as option for extra-mandatory pension provision with our Pension Plan Plus
• Access to the Swibeco benefits platform with discounts from external partners
• Fresh, healthy and varied food in our staff restaurant
• A wide range of free sports activities on the Bachem Campus

Would you like to drive innovation together with us?

We look forward to receiving your complete application documents via our application portal.

Learn more about the Bachem Group and get inspired by our exciting work environment at our location in Bubendorf!