Operational GRC & Risk Analyst

Medison offers hope to patients suffering from rare and severe diseases by forming partnerships with emerging biotech companies to accelerate access to highly innovative therapies in international markets.

As the creator and leader of the global partnership category in the pharma industry, we strive to be Always Ahead and work relentlessly to bring therapy to patients in need, no matter where they live.

Our values are at the core of every action we take, and we are committed to going above and beyond for the benefit of the patients we serve.

We are a dynamic, fast-paced company, operating in over 25 countries on 5 continents. We are looking for out-of-the-box thinkers, people who are passionate, caring, agile and adaptive, to join us on our mission. If you are looking to make a difference in people's lives, we invite you to join us!

We seek a motivated, process-oriented professional to join our global GRC and operational cybersecurity team.

This is a multifaceted role, combining elements of operational information security, IT general controls (ITGC) oversight, and risk management.

Strong understanding of cyber security frameworks and standards: In-depth knowledge of widely recognized frameworks such as NIST Cybersecurity Framework, ISO 27001, and SOC 2 TYPE 2, and an ability to apply them in practical scenarios to develop and implement robust security programs
Experience with GRC tools and technologies: Practical experience utilizing GRC platforms and tools to automate and streamline compliance processes, manage audits, and track risk posture. Familiarity with reporting and dashboarding functionalities to provide insights into the organization's GRC maturity is also highly valued
Proficiency in cyber security posture monitoring and control: Strong understanding of continuous monitoring strategies and technological controls to maintain and improve the organization's cyber security posture.
Expertise in third-party risk management and supply chain security: Proven ability to manage, conduct, and oversee the security posture of critical vendors and third-party service providers. This includes developing and implementing vendor risk assessment frameworks, conducting security due diligence, and ensuring contractual security requirements are met to protect the supply chain.
Comprehensive knowledge of regulatory compliance requirements: Up-to-date understanding of relevant data protection and privacy regulations. The ability to interpret these requirements and translate them into actionable organizational policies and controls is crucial.
דרישות התפקיד
Bachelor’s degree in Accounting, Economics, Industrial Engineering, or related fields
2–4 years of experience in IT audit, GRC, or operational risk (preferably in a Big 4 or global advisory firm)
Strong analytical, documentation, and process-thinking skills
Excellent English – verbal and written communication
Experience working with or for global companies – a strong advantage
Strong orientation toward technology and systems
Self-starter with the ability to work independently and take ownership
Comfortable working in a matrix, multi-cultural environment
Experience with process analysis in ERM ( Enterprise Risk Management) - a strong advantage