IT Auditor

The contex/Company description Recordati, established in 1926, is an international pharmaceutical group, listed on the Italian Stock Exchange (Reuters RECI.MI, Bloomberg REC IM, ISIN IT 0003828271), with a total staff of more than 4,300, dedicated to the research, development, manufacturing and marketing of pharmaceuticals. Headquartered in Milan, Italy, Recordati has operations in Europe, Russia and the other C.I.S. countries, Ukraine, Turkey, North Africa, the United States of America, Canada, Mexico, some South American countries, Japan and Australia. An efficient field force of medical representatives promotes a wide range of innovative pharmaceuticals, both proprietary and under license, in several therapeutic areas including a specialized business dedicated to treatments for rare diseases. Recordati is a partner of choice for new product licenses for its territories. Recordati is committed to the research and development of new specialties with a focus on treatments for rare diseases. Your contribution/mission As IT Internal Auditor you will play a critical role in ensuring the integrity, security, and efficiency of the organization’s information technology systems and processes. This position involves conducting comprehensive IT audits, assessing the effectiveness of IT controls, identifying risks, and recommending improvements to safeguard the organization’s digital assets. You will collaborate with internal audit teams, the Group IT&C Department, and management to enhance IT governance and compliance. As part of your key responsibilities, you will oversee the: Audit Planning: Develop and execute IT audit plans, including risk assessments, objectives, and testing procedures, in alignment with industry standards and best practices IT Controls Evaluation: Assess the effectiveness of IT controls, configurations, and security measures to identify vulnerabilities and ensure compliance with relevant regulations and standards (NIS2, others). Data Analysis: Analyse data, systems, and processes to detect irregularities, anomalies, or potential security breaches. Investigate and report on findings. IT Governance: Evaluate the organization’s IT governance framework, policies, and procedures. Provide recommendations for improving IT governance practices. Cybersecurity Assessment: Conduct cybersecurity assessments, penetration testing, and vulnerability assessment to identify and address security weaknesses. Compliance: Ensure adherence to industry regulations, compliance requirements, and internal policies, including but not limited to GDPR, NIS2, NIST, etc. Reporting: Prepare clear and concise audit reports, including findings, recommendations, and action plans. Present findings to management and stakeholders. Collaboration: Collaborate with internal audit colleagues to integrate IT considerations into broader audit processes and address IT-related matters. Collaborate with the Group IT&C Department, in specific about NIS/NIS2 compliance. Training and Awareness: Develop and deliver IT-related training and awareness programs to enhance the organization’s cybersecurity posture and IT awareness among employees. Your profile You have Bachelor’s degree in information technology, Computer Science, or a related field and relevant professional certifications such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified Internal Auditor (CIA) preferred. You have 8 years of experience in IT auditing or in IT department ( cybersecurity ) . Thanks to your experience you have gained strong knowledge of IT governance frameworks (e.g., COBIT), cybersecurity principles, and industry standards (e.g., ISO 27001, NIST, CIS Controls framework) and you are proficient inauditing tools, data analysis software, and IT management systems. Analytical mindset, problem-solving, good communication, independent but collaborative and multitasking are some of your skills. You have strong ethical and professional conduct, with a commitment to confidentiality and data integrity. And you want to stay updated on emerging IT trends, security threats, and regulatory changes. Your English is fluent. Additional information Location: Milan, Italy Direct Manager: Group Auditor Director Travel: This position may require occasional travel (up to 10%) to various company locations for audits or training. “At Recordati, we believe in equal opportunities and we guarantee that everyone can achieve their potential. We see diversity as a value and will not tolerate any discrimination based on ethnicity, nationality, gender, sexual orientation, disability, age, political or religious belief, or any other personal characteristics. At Recordati, we work hard to create a safe and inclusive work environment, where we all have our rights to physical and psychological integrity respected on a daily basis, as well as our right to freedom of opinion and association. We recognise that we each have a role to play in the success of our business and we implement staff development policies through which everyone’s contribution and achievements can be appropriately rewarded.” J-18808-Ljbffr