Cyber Specialist

Our Team:

Our Governance, Risk & Compliance team, reporting directly to the CISO alongside the Security Architecture and Security Operations & SOC teams, plays a pivotal role in safeguarding the organization's assets and ensuring regulatory compliance. Under the leadership of the Governance, Risk & Compliance Lead, this team ensures our organization's technological infrastructure is secure, compliant, and resilient against evolving cyber threats.

Main responsibilities:

The Cyber Specialist, reporting to the GRC Lead, will play a pivotal role in will play a pivotal role in ensuring regulatory adherence and operational integrity within the Governance, Risk & Compliance team. This role focuses on maintaining compliance with industry standards, policies, and regulatory requirements to mitigate legal and operational risks effectively. Key responsibilities include:

• Pen testing
  
• Coordinate penetration testing activities to ensure testing is performed at least every 3-6 months across most (>75%) on-premise and cloud environments
• Prepare vulnerability disclosure reports on outward facing systems (in the future)
  
• Performance management & consistency
  
• Compile data from defined cybersecurity KPIs every month for analysis to drive improvement actions.
  
• Capability building
  
• Design, implement and maintain training/awareness programs for the wider org.
• Ensure cybersecurity team has the right capabilities through training and evaluation.
  
• Manage activities with cross-team dependencies
  
• Provide guidance for key digital & cloud initiatives from a cybersecurity standpoint.
• Manage insurance coverage aligned with board and leaders across wider organisation.
  
• Data privacy
  
• Support of Global Data Privacy program (e.g., managing requests across regions, mapping of data and specific regulations, coordination with Global GBS)
• Management of data process agreements (incl. review of contracts, annual assessment re-evaluation)
  
  

About You

• Experience:
  
• 3-5 years of professional experience (equivalent combination of experience and education accepted)
• Previous work in an international environment.
• Demonstrated experience in cybersecurity compliance roles, focusing on strategic planning and execution.
• Proven track record of contributing to the development and implementation of cybersecurity strategies aligned with compliance standards and organizational goals.
• Experience in developing and implementing cybersecurity strategies that align with compliance standards and organizational objectives.
• Experience in managing cybersecurity performance metrics and KPIs to ensure continuous compliance and improvement.
• Experience collaborating with Security Architect and Operations teams in a feedback loop.
• Ability to develop and communicate policies based on feedback from the Security Architect team.
  
• Soft skills:
  
• Broad experience in working in large digital teams, with an understanding of how digital and business processes are linked.
• Expertise in stakeholder engagement and communication related to cybersecurity compliance, particularly with senior leadership and external auditors.
• Ability to design and execute training programs to enhance compliance awareness and build cybersecurity capabilities across the organization.
• Skilled problem solver and self-starter.
• A hands-on pragmatic attitude to driving change.
• Positive, "can-do" attitude.
  
• Technical skills:
  
• Experience with AGILE or similar project management frameworks.
• Working knowledge of common information security management frameworks (ISO/IEC 27001, ITIL, NIST, NISD, CISSP/CCSP, QxP, CIS20).
• Understanding of cybersecurity compliance frameworks and regulations (e.g., GDPR, CCPA, HIPAA, SOX) relevant to digital domains (network, cloud, endpoint, applications, data).
• Strong knowledge of cybersecurity risk management principles and practices, including risk assessment and mitigation strategies.
  
• Education:
  
• Bachelor’s and master’s degree (preferred) in any of the following fields of study: Information Technology, Computer Science, Cybersecurity or Information Security
  
• Languages:
  
• English
  
  

Pursue progress, discover extraordinary

Better is out there. Better medications, better outcomes, better science. But progress doesn’t happen without people – people from different backgrounds, in different locations, doing different roles, all united by one thing: a desire to make miracles happen. So, let’s be those people.

At Sanofi, we provide equal opportunities to all regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, or gender identity.

Watch our ALL IN video and check out our Diversity Equity and Inclusion actions at sanofi.com!

Pursue progress, discover extraordinary

Better is out there. Better medications, better outcomes, better science. But progress doesn’t happen without people – people from different backgrounds, in different locations, doing different roles, all united by one thing: a desire to make miracles happen. So, let’s be those people.

At Sanofi, we provide equal opportunities to all regardless of race, colour, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, ability or gender identity.

Watch our ALL IN video and check out our Diversity Equity and Inclusion actions at sanofi.com!