Job title
: Cyber Risk Specialist
About Us
Opella is the self-care challenger with the purest and
third-largest portfolio in the Over-The-Counter (OTC) & Vitamins, Minerals & Supplements (VMS) market globally
.Our mission is to bring health in people’s hands by
making self-care as simple as it should be
. For half a billion consumers worldwide – and counting.At the core of this mission is our
100 loved brands
, our
11,000-strong global team, our 13 best-in-class manufacturing sites
and 4 specialized science and innovation development centers. Headquartered in France, Opella is the proud maker of many of the world’s most loved brands, including Allegra, Buscopan, Doliprane, Dulcolax, Enterogermina, Essentiale and Mucosolvan.
B Corp certified in multiple markets
, we are active players in the journey towards healthier people and planet. Find out more about our mission at www.opella.com.
About The Job
Our Team:
Our Governance, Risk & Compliance team, reporting directly to the CISO alongside the Security Architecture and Security Operations & SOC teams, plays a pivotal role in safeguarding the organization's assets and ensuring regulatory compliance. Under the leadership of the Governance, Risk & Compliance Lead, this team ensures our organization's technological infrastructure is secure, compliant, and resilient against evolving cyber threats.
Main Responsibilities
The Cyber Risk Specialist, reporting to the GRC Lead, will play a pivotal role in will play a pivotal role in ensuring regulatory adherence and operational integrity within the Governance, Risk & Compliance team. This role focuses on maintaining compliance with industry standards, policies, and regulatory requirements to mitigate legal and operational risks effectively. Key responsibilities include:
- Third party Risk management support
Design, review, and update supplier risk assessment frameworks (incl. criteria for tiering of vendors).
Communicate cyber policies to strategic vendors, assess their cybersecurity risk and compliance at least every 12 months and as needed, and drive remediation/mitigation of risks.
Oversee the review of cybersecurity risk posed by the supply chain of all strategic vendors at least every 12 months.
Monitor deployed 3rd party HW/SW for vulnerabilities and ensure compliance.
Design, implement, and maintain training/awareness programs for the wider organization.
Ensure the cybersecurity team has the right capabilities through training and evaluation.
About You
- Experience:
- 3-5 years of professional experience (equivalent combination of experience and education accepted)
- Previous work in an international environment.
- Demonstrated experience in cybersecurity compliance roles, focusing on strategic planning and execution.
- Proven track record of contributing to the development and implementation of cybersecurity strategies aligned with compliance standards and organizational goals.
- Experience in developing and implementing cybersecurity strategies that align with compliance standards and organizational objectives.
- Experience in managing cybersecurity performance metrics and KPIs to ensure continuous compliance and improvement.
- Experience collaborating with Security Architect and Operations teams in a feedback loop.
- Ability to develop and communicate policies based on feedback from the Security Architect team.
- Soft skills:
- Broad experience in working in large digital teams, with an understanding of how digital and business processes are linked.
- Expertise in stakeholder engagement and communication related to cybersecurity compliance, particularly with senior leadership and external auditors.
- Ability to design and execute training programs to enhance compliance awareness and build cybersecurity capabilities across the organization.
- Skilled problem solver and self-starter.
- A hands-on pragmatic attitude to driving change.
- Positive, "can-do" attitude.
- Technical skills:
- Experience with AGILE or similar project management frameworks.
- Working knowledge of common information security management frameworks (ISO/IEC 27001, ITIL, NIST, NISD, CISSP/CCSP, QxP, CIS20).
- Understanding of cybersecurity compliance frameworks and regulations (e.g., GDPR, CCPA, HIPAA, SOX) relevant to digital domains (network, cloud, endpoint, applications, data).
- Strong knowledge of cybersecurity risk management principles and practices, including risk assessment and mitigation strategies.
- Education:
- Bachelor’s and master’s degree (preferred) in any of the following fields of study: Information Technology, Computer Science, Cybersecurity or Information Security
Pursue progress, discover extraordinary
Better is out there. Better medications, better outcomes, better science. But progress doesn’t happen without people – people from different backgrounds, in different locations, doing different roles, all united by one thing: a desire to make miracles happen. So, let’s be those people.
At Sanofi, we provide equal opportunities to all regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, or gender identity.
Watch our ALL IN video and check out our Diversity Equity and Inclusion actions at sanofi.com!
Why us?
At Opella, you will enjoy doing challenging, purposeful work, empowered to develop consumer brands with passion and creativity. This is your chance to grow new skills and be part of a bold, collaborative, and inclusive culture where people can thrive and be at their best every day.
We Are Challengers.
We Are Dedicated To Making Self-care As Simple As It Should Be. That Starts With Our Culture. We Are Challengers By Nature, And This Is How We Do Things
All In Together:
We keep each other honest and have each other's backs.
Courageous:
We break boundaries and take thoughtful risks with creativity.
Outcome-Obsessed:
We are personally accountable, driving sustainable impact and results with integrity.
Radically Simple:
We strive to make things simple for us and simple for consumers, as it should be.Join us on our mission. Health. In your hands.www.opella.com/en/careers
