Associate Director, Global Technology Solutions, Governance, Risk, & Compliance, NA & LATAM

Role Summary

Associate Director, Global Technology Solutions, Governance, Risk, & Compliance (GRC) to build, enable and transform risk management, compliance and security capabilities in North America & LATAM. Responsible for policies, procedures, and internal controls to ensure regulatory and legal compliance and best practices, and for driving third party risk management and a GRC system to automate program governance.

Responsibilities

• Responsible for implementation of controls to build and enhance the GRC program.
• Responsible for monitoring, remediation, and reporting of controls gaps in the IT and Cybersecurity program areas. Provide management level status updates and risk profile dashboards including current and desired future state of control maturity.
• Responsible for leading internal IT, Cybersecurity, and third-party information security risk management activities for various information services systems and processes.
• Collaborate with IT and business stakeholders to understand risks to critical infrastructure by defining potential business impacts.
• Assess, report and mature the compliance posture for internal policies and guidelines as well as regulatory requirements based on frameworks including SOX, US DoJ Data Rule, GxP, ISO, NIST CSF, and other relevant data security & privacy laws and regulations.
• Maintain, improve, and enforce BeOne security policies and IT security standards along with security exception processes.
• Effectively engage IT, stakeholders, business partners, and vendors to maintain an understanding of current risks, new systems, and changes to the environment.
• Lead efforts including but not limited to: IT Policy Management, IT Compliance Management, Training & Awareness Management, IT Risk Management and Third Party Security Risk Management.

Qualifications

• Required:
  • Bachelors Degree with 8+ years‚Äô experience of GRC implementation, processes, and practices.
  • Experience working with and implementing GRC tools and processes.
  • Experience building and developing successful risk management programs.
  • Experience with third party risk management and conducting third-party risk assessments.
  • Experience in creating and maintaining security policy, standard, guideline and procedure documents
  • Experience leading GRC functions and playing role of people manager with effective people coaching capabilities.
  • Extensive knowledge and experience in security and compliance frameworks such as SOX, US DoJ Data Rule, GxP, NIST, ISO, etc.

Education

• Bachelor‚Äôs Degree or equivalent experience

Skills

• Strong leadership, accountability and ownership of responsibilities
• Strong communication skills with various business functions and stakeholders
• Experience leading regulatory compliance efforts for SOX, US DoJ Data Rule
• Experience facilitating and performing third-party vendor risk assessments and providing guidance on secure design and operation
• Advanced understanding of information security concepts including cloud security, encryption, access controls, intrusion detection and prevention, disaster recovery, network security, security operations, security architecture
• Experience working in a global enterprise environment
• Industry certifications: CRISC, CISSP, CISM, CISA

Additional Requirements

• None specified beyond qualifications