We are seeking an experienced IT Audit Specialist to join the global Built-in Security Quality & Compliance initiative within a leading pharmaceutical organization. The role sits within the Risk, Audit and Compliance section and focuses on driving regulatory alignment, cybersecurity assessments, and IT risk management across multiple global functions. The position requires a deep understanding of regulatory frameworks, validation processes, and global compliance standards.

IT Audit Specialist – Risk, Audit & Compliance (Pharma / ISO / GxP / Data Privacy)

Your responsibilities

• Lead and coordinate internal and external audits related to IT security, data privacy, and regulatory compliance.
• Act as a liaison between audit stakeholders including host managers, subject matter experts, and auditors to ensure timely execution and documentation of remediation activities.
• Provide strategic guidance on IT risk mitigation, controls implementation, and compliance improvements in alignment with ISO 27001, NIST RMF, GDPR, HIPAA, 21 CFR Part 11, and other applicable frameworks.
• Partner with business, legal, procurement, and security teams to ensure systems are validated, compliant, and secure.
• Monitor and interpret regulatory changes and translate them into IT audit and compliance controls.
• Foster innovation and simplification in audit processes, driving continuous improvement across audit practices.
• Support vendor and third-party system assessments to ensure compliance with validation and security requirements.
• Engage with global teams across time zones, driving consistency in risk and compliance operations.

Our requirements

• Minimum 5 years of experience in IT audit, compliance, or risk management within regulated industries (preferably pharmaceutical or life sciences).
• Proven expertise in conducting audits and assessments across cybersecurity, privacy, and IT compliance domains.
• Strong knowledge of industry standards and frameworks: ISO 27001, ISO 31000, NIST RMF, COBIT, GDPR, HIPAA, 21 CFR Part 11, ICH Q9/Q10.
• Experience with computerized system validation (CSV) and third-party compliance oversight.
• Excellent communication skills and the ability to interface with senior stakeholders across global teams.
• Demonstrated ability to lead cross-functional teams and drive decision-making in complex environments.
• Fluent written and spoken English.
• CISA – Certified Information Systems Auditor
• CRISC – Certified in Risk and Information Systems Control
• CISSP – Certified Information Systems Security Professional
• ISO/IEC 27001 Lead Auditor
• CIPP/E or CIPP/A – Certified Information Privacy Professional
• CIA – Certified Internal Auditor