If you find science, speed, and success exhilarating, you have come to the right place.
Novavax, Inc (Nasdaq:NVAX) is a biotechnology company that creates transformational vaccines that address some of the world’s most pressing infectious diseases. We have more than a decade of experience contending with some of the world’s most devastating diseases, including COVID-19, seasonal influenza, RSV, Ebola, MERS, and SARS. Hard-won lessons and significant advances illustrate that our proven technology has tremendous potential to make a substantial contribution to public health worldwide.
Our scientists are committed to developing vaccine candidates for some of the world’s toughest viral threats by utilizing the power of our innovative recombinant nanoparticle vaccine platform. Our vaccine technology combines the power and speed of genetic engineering with the immunogenicity enhancing properties of our Matrix-M™ adjuvant to efficiently produce highly immunogenic particles targeting some of the most pressing viral infectious diseases.
Novavax, Inc. is headquartered in Gaithersburg, Maryland with additional facilities in Uppsala, Sweden and Bohumil, Czech Republic.
This role will report to the IT Governance Risk and Compliance department and directly to the Information Technology Third Party Risk Manager. The Analyst II Business Continuity / Risk Management (BC/RM) will work with the IT organization to develop and maintain the IT Business Continuity Program. The incumbent will document scope and extent and process for IT Business Continuity. The process will include risk assessment, Business Impact Analysis (BIA), plan writing, testing, monitoring, training and governance. The analyst will help establish and maintain a governance structure, including ownership of controls over BCM. The analyst will use information gathered during program establishment to document and maintain a roadmap for developing and monitoring key activities of the program. The analyst will be responsible for building, rollout and delivery of training to staff. Additionally they will work with the business to support technology recovery from an IT perspective.
Key program activities supported will be annual risk assessment, BIA, testing and training. Additionally the analyst will provide regular reporting to leadership on Key Performance Indicators (KPIs) agreed on during the risk assessment process. They will also be responsible for facilitating and leading documentation updates following certain trigger events (testing, live events, business changes, etc). Documentation will be maintained in a central repository, or tool by the analyst.
As this role also supports the enterprise risk management function, the analyst will participate in and facilitate risk assessments and follow up activities. The analyst will provide reporting and updates to IT leadership. Risk management activities will support audit and assessment activities. Responsibilities include but are not limited to:
Business Continuity (BC)
- Work as part of a diverse team to help document a BC Program that meets compliance and continuity objectives. Coordinate with IT on design and operating effectiveness of controls related to BC.
- Meet and build relationships with key members of the organization in IT, finance, and other departments to enhance the Business Continuity control environment across the organization.
- Serves as the Business Continuity domain expert and point of contact to Internal and External Auditors.
- Completes annual BCM risk assessment activities, and examines organizations exposure to risk in order to develop remediation strategies. Assists with the creation of effective remediation solutions and/or exception documentation where applicable.
- Ensure that Business Impact Analyses (BIAs) are completed for each business unit according to a 2 year BIA refresh cycle.
- Ensure that Business Continuity Management (BCM) documentation is developed, maintained, monitored in accordance with company policies
- Coordinate annual testing to confirm the accuracy and effectiveness of recovery procedures including IT DR plans and Business Continuity plans
- Develop training and awareness materials that can be distributed through the organization to guide employees in response to adverse events / disasters.
- Coordinate with leadership to help ensure that current recovery strategies, procedures, and documentation meet business needs. Maintain repositories and tools supporting BCM processes.
- Work with TPRM to determine the adequacy of measures in place at 3rd party vendors / suppliers.
- Assist in auditing to assess the company's posture against the legal, regulatory, compliance and industry standards.
Enterprise Risk Management (ERM)
- Obtain and implement a framework for assessing risk within the IT organization.
- Actively support the development and implementation of governance and procedures to establish a process for ERM to assess the overall IT Risk and its implications to operations.
- Review the Risk Management procedure and plans to ensure that scope includes GxP, CSV, IT Security/ Cybersecurity, Data Integrity, and key IT processes.
- Provide input/ feedback to ERM about compliance aspects related to risks identified during the risk assessment process.
- Actively participate in risk assessments to ensure IT Compliance areas/ processes are considered, root cause is properly defined, and effective mitigation actions are established.
- Facilitate how audits and internal assessments can support mitigation plans as part of the Risk Management strategy and program.
- Contribute to the reporting of IT Risk Management topics in combination with the priorities for the Internal Audits/assessments Program.
- Support IT Organization in the definition of mitigation/ remediation plans and lead/follow-up in the completion of identified actions.
- Provide regular communication with the manager about status of deliverables, and escalate any issues for prompt resolution.
- Keep all IT informed and involved in the BC and RM exercises, plans and any topic that may impact the organization.
- Project management skills in a complex IT organization.
- Strong verbal and written communication skills with ability to effectively communicate with business partners about BC risks.
- Bachelor's Degree from a regionally accredited four-year college or university in Business, Computer Information Systems, Management Information Systems, Computer Science or related field and 5+ years of experience in IT; or equivalent combination of education and experience, preferred.
- At least 2 years of Business Continuity Planning experience coupled with prior experience in ERM and other risk management areas.
- Understanding of core IT concepts/infrastructure, and core economic/financial concepts and risks.
- Formal BCP training or certification (ABCP or CBCP) is preferred.
- Risk management training or certification desirable but not required.
- Experience with GRC platforms, Mass Communications tools and other BCM tools is a plus.
- Pharmaceutical industry experience/background. Must be able to quickly integrate an understanding of regulations impacting the industry and their impacts to BCM strategies.
- Good analytical skills with high attention to detail and accuracy
- Ability to coordinate, lead and facilitate group meetings.
- A strong understanding of Operational risk and resilience, Business Process improvement methods as well as risk related control frameworks and practices (COSO, ISO, ITIL, CMM, COBIT, etc.)
- Good interpersonal skills with ability to analyze situations
- Must be able to effectively work in a fast-paced environment, be flexible, and possess the ability to adapt to shifting priorities, to work well in teams. Ability to multitask and work independently on numerous projects.
- Strong organizational skills and good attention to detail.
- Ability to analyze and comprehend complex data.
- Excellent relationship building/ collaboration skills across a number of audiences (internal and external).
- Strong written and oral communications and skills.
- Experience and domain with Word, Excel, PowerPoint, Visio, and MS Teams.
Novavax offers a base salary, annual bonus, equity grants, professional career development/growth opportunities, and a comprehensive benefits package including medical, dental, vision, Rx, STD, LTD, Life, Optional Life, 401(k) plan.
Equal Opportunity Employer/Veterans/Disabled
Novavax is an equal employment opportunity employer. Employment and advancement opportunities are available to all individuals on an at-will basis, regardless of their race, color, national origin, religion, ancestry, citizenship status, military or veteran status, sex, sexual orientation, gender identity or expression, age, marital status, family responsibilities, pregnancy, disability, genetic information, protective hairstyle, or any other characteristic protected by applicable federal, state, or local law.
Except where prohibited by applicable state law, this position requires that you be fully vaccinated against COVID-19 unless you need a reasonable accommodation or qualify for an exemption.
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)