Job Description

At Sun Pharma, we commit to helping you "Create your own sunshine"- by fostering an environment where you grow at every step, take charge of your journey and thrive in a supportive community.
Are You Ready to Create Your Own Sunshine?
As you enter the Sun Pharma world, you'll find yourself becoming 'Better every day' through continuous progress. Exhibit self-drive as you 'Take charge' and lead with confidence. Additionally, demonstrate a collaborative spirit, knowing that we 'Thrive together' and support each other's journeys."
Key Responsibilities:
A Deputy General Manager (DGM) of IT Security Governance in the pharmaceutical industry is a senior leadership role responsible for establishing, implementing, and overseeing the organization's information security framework, policies, and compliance programs. This leadership role ensures that our cybersecurity strategy aligns with business objectives and adheres to stringent regulatory requirements and industry standards specific to the pharmaceutical sector. This role is crucial for protecting sensitive data, including patient information, intellectual property, and clinical trial data, while ensuring adherence to a complex web of industry-specific regulations.
Key Responsibilities:
Strategic Leadership:

• Develop and maintain a comprehensive IT security governance framework, policies, and procedures aligned with global standards like ISO 27001, NIST Cybersecurity Framework, and specific pharmaceutical regulations such as FDA 21 CFR Part 11 and GxP.
• Provide oversight of the incident response plan, ensuring a rapid and effective response to any security breaches or incidents to minimize impact and ensure business continuity.
• Design, implement, and sustain the organization's information security GRC strategy and framework, ensuring alignment with industry standards (e.g., ISO 27001, NIST, COBIT) and Indian regulatory requirements (e.g., RBI guidelines, IT Act 2000, SEBI, IRDAI).
• Develop and enhance GRC policies, standards, procedures, and guidelines to support effective risk management and regulatory compliance.
• Lead the identification, assessment, analysis, and prioritization of information security and IT risks across the organization.
• Develop, implement, and manage comprehensive risk management strategies, mitigation plans, and a robust IT security risk management program, including appropriate methodologies, tools, and reporting mechanisms.
• Conduct regular risk assessments and audits, such as business impact analyses (BIA), security risk assessments, and third-party risk assessments to evaluate the effectiveness of existing controls and recommend improvements.
• Oversee the organization's adherence to all relevant information security, data protection, data privacy, and other regional laws including IT-related laws, regulations, and contractual obligations. Lead and coordinate internal and external security audits, assessments, and certification efforts (e.g., ISO 27001), serving as the primary liaison throughout the process.
• Oversee the effective implementation and operationalization of security controls across the organization.
• Perform control effectiveness testing and maturity assessments to ensure continuous improvement.
• Lead the development and execution of a company-wide security awareness and training program to foster a culture of security, ensuring all employees understand their roles and responsibilities in protecting company information.
• Create and present regular GRC reports, dashboards, and key performance metrics to senior leadership, offering visibility into major risks, compliance posture, and continuous improvement efforts.

Qualifications:
Bachelor's degree in Computer Science, Information Technology, Business Administration, or a related field. Master's degree in Cybersecurity, Risk Management, or Business Administration is highly preferred.
Experience:

• Minimum of 10 to 12 years of progressive experience in IT/Information Security, with at least 3 to 5 years dedicated to Governance, Risk, and Compliance (GRC) in a leadership or senior managerial capacity.
• Proven track record of designing, implementing, and managing comprehensive GRC programs in complex organizational environments.
• In-depth understanding of cybersecurity frameworks (e.g., ISO 27001, NIST) and key pharmaceutical regulations (e.g., FDA 21 CFR Part 11, GxP).
• Hands-on experience with GRC platforms/tools is a plus.
• Experience in a regulated industry (e.g. Pharmaceuticals, Healthcare) is highly desirable.

Certifications (Highly Desirable):

• CISA (Certified Information Systems Auditor)
• CISM (Certified Information Security Manager)
• CRISC (Certified in Risk and Information Systems Control)
• CISSP (Certified Information Systems Security Professional)
• ISO 27001 Lead Auditor/Implementer
• Any relevant certifications in data privacy (e.g., CIPP/E, CIPP/A)

Skills Required