IT Security Advisor - Mergers and Acquisitions

About the Department
The Finance and Operations dept. brings insights and intelligence to inform decision making & drives digitalization and business solutions to attain NNI goals. Finance and Operations works closely across the organization to guide enterprise-wide resource allocations, investment choices, drive core operations and develop insights to drive growth and operational excellence across the value chain while innovating for future capabilities. Our focus on innovation ensures we're constantly building future capabilities. We're responsible for regulating accounting, upholding workplace safety, managing our supply chain and sampling, supporting technological and data innovation, insights and analytics, delivering patient support solutions, maintaining our facilities and assuring the integrity and completeness of all business transactions. At Novo Nordisk, you will have the opportunity to build a life-changing career in a global business environment. We encourage our employees to make the most of their talent, and we reward hard work and dedication with opportunities for continuous learning and personal development. Are you ready to maximize your potential with us?
The Position
This business-oriented information security professional provides advisory support to IT projects within the Americas region. Individuals in this position will ensure that information security risks are effectively assessed, understood, and managed in alignment with our risk management process.
The individual in this position will: Seek understanding of business processes and systems, Build relationships with stakeholders within Global IT and the broader business. Implement information security strategy. Advise system and project teams on information security procedures. Conduct risk identification and assessment with attention to the business processes and goals. Develop and support implementation of business-oriented security strategies. Develop and conduct targeted security training. Support other projects and duties as assigned.
Individuals in this position will demonstrate expertise with information security threats, vulnerabilities, risks, and mitigating controls. This position will require an understanding of enterprise technologies such as networks, operating systems, application architecture, and cloud service models. They will be responsible for performing technical risk assessments of systems and will assist with identification and documentation of controls to protect these systems.
Relationships
This position reports directly to the Senior Manager, Global Security Operations - Americas and works in alignment with the Denmark based Global Information Security Advisory department to extend their advisory services throughout the Americas region.
Provides information security advisory support to project managers, system managers, line of business representatives, IT operations staff, and application development teams.
This role will interface routinely with key stakeholders including senior security operations personnel, Global Information Security management team members, line of business personnel, as well as third party technology service providers.
Essential Functions

• Drive Information Security due diligence as a part of the overall due diligence setup in Novo Nordisk. You will primarily focus on deals taking place within North America
• Plan and execute integration activities for acquired companies or assets
• Actively participate in and drive the continuous improvement of embedding and working with information security aspects throughout the Due Diligence & integration process
• Build inhouse information security capabilities to safeguard future partnerships, licensing and acquisitions deals
• Identify focus areas, key priorities, stakeholder and business owners
• Identify risks and business impact, define security deliverables, ensure buy-in and drive implementation
• Communicate plans, progress, impediments, and outcome
• When applicable, ensure alignment to current and future security initiatives such as cloud security, application security, classification & data protection, and supply chain security

Physical Requirements
0-10% overnight travel required.
Qualifications

• A Bachelor's degree in IT, data science, information security, or another relevant field (Business)
• A profound interest in information security
• A minimum of 6 years of progressively responsible relevant experience
• At least 3+ years of relevant experience in consulting (information security or similar), pharmaceutical organization or M&A is preferred
• Demonstrated track record of setting up and managing complex projects and cross-organizational initiatives with multiple stakeholders
• Ability to solve complex problems independently by getting to the core and clearly communicating scenarios, impacts and recommendations to the decision-makers
• Strong communication and presentation skills using relevant tools

We commit to an inclusive recruitment process and equality of opportunity for all our job applicants.
At Novo Nordisk we recognize that it is no longer good enough to aspire to be the best company in the world. We need to aspire to be the best company for the world and we know that this is only possible with talented employees with diverse perspectives, backgrounds and cultures. We are therefore committed to creating an inclusive culture that celebrates the diversity of our employees, the patients we serve and communities we operate in. Together, we're life changing.
Novo Nordisk is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, gender identity, sexual orientation, national origin, disability, protected veteran status or any other characteristic protected by local, state or federal laws, rules or regulations.
If you are interested in applying to Novo Nordisk and need special assistance or an accommodation to apply, please call us at 1-855-411-5290. This contact is for accommodation requests only and cannot be used to inquire about the status of applications.