Executive Director - Operational Risk Assessment & Oversight

Role Summary

Executive Director, Operational Risk Assessment & Oversight is a senior risk leader within Strategic Risk Management (SRM), accountable for independent, second-line assessment quality, oversight, and escalation of operational risks arising from third-party relationships and ESG-related risk, including human rights. Operational risk in this context refers to risks originating from internal operations, supply chain sourcing, suppliers, contractors, and other third-party relationships that may have enterprise-level impact if unmanaged. This role ensures that designated operational risk domains are assessed consistently, calibrated against risk appetite, supported by aligned metrics and KPIs, and escalated appropriately into the enterprise risk portfolio owned by Strategic Risk Portfolio & Intelligence. The role is intentionally designed to reinforce oversight, risk monitoring enablement, and escalation.

Responsibilities

• Enterprise Operational Risk Assessment & Oversight
  • Ensure consistent calibration of inherent, residual, and out-of-tolerance risk.
  • Maintain risk metrics and KPIs aligned to the strategic risk framework, enabling ongoing risk monitoring across the organization.
  • Apply SRM risk appetite to determine when risks require elevation into enterprise risk forums.
  • Support risk domains with tracking and mitigation of enterprise level third party and human rights related inherent and residual risk.
• Risk Triangulation Across Domains
  • Triangulate third party and ESG related risk signals across domains (i.e. procurement, supply chain, cyber, quality, compliance, legal, ESG, and resilience).
  • Identify systemic, concentration, and compounding operational risk not visible within single domains.
  • Synthesize inputs into a clear, decision-ready operational risk view.
• Third-Party & ESG-Related Risk Oversight (Including Human Rights)
  • Comprehensive, enterprise oversight of third-party and ESG-related operational risk assessments across risk domains.
  • Ensure human rights risk is assessed using risk-based, enterprise-consistent criteria, not programmatic indicators.
  • Monitor regulatory, geopolitical, and stakeholder developments that may shift risk posture.
• Escalation, Insight & Reporting
  • Serve as the SRM escalation point for material third-party and ESG-related operational risks.
  • Provide Senior Leader-ready and Audit Committee-ready insight grounded in metrics, trends, and forward-looking indicators.
  • Partner with Strategic Risk Portfolio & Intelligence to ensure escalated risks are decision-ready.
• Leadership & Influence
  • Lead a focused SRM team delivering assessment rigor, monitoring enablement, and advisory support.
  • Influence across functions without direct authority, reinforcing first-line accountability.
  • Strategize and lead executive and audit committee reporting on third-party risk oversight.
  • Model disciplined escalation and enterprise-level thinking.
• Key Stakeholders
  • Enterprise Risk Committee & Audit Committee
  • Procurement & Supplier Management (execution owner)
  • Sustainability and Social Impact
  • Risk Domains (Cyber, Quality, Compliance, Legal, Resilience)
  • Internal Audit

Qualifications

• Required: B.S./B.A.
• Required: 12-15 years of experience in operational risk, third-party risk, ESG/human rights, supply chain, or related disciplines
• Required: Significant experience in highly regulated industries (pharma preferred)
• Required: Strong executive presence, judgment, and ability to operate at senior leader and Audit Committee levels
• Required: Experience leveraging analytics and metrics to enable risk monitoring and insight
• Preferred: M.S./M.B.A.
• Preferred: Professional certifications (e.g., CPM, CPIM, Six Sigma)

Additional Requirements

• Travel: Ability to travel to visit customers, patients, or business partners as required; essential for field-based and remote-by-design roles.