GRC Manager Risk, Quality & Compliance, SOX, CRISC/CISA

Employer
Elevate Direct
Location
Brentford, UK
Salary
Competitive
Closing date
29 Sep 2020

View more

Sector
Technology & New Media
Contract Type
Permanent
You need to sign in or create an account to save a job.
GRC Manager: Risk, Quality & Compliance, SOX, CRISC/CISA

The role is responsible for providing management and day to day support to the TSR - GRC Director for Governance, Risk & Compliance activities across the assigned business unit ensuring that Tech risks & controls from project inception to support within their business unit are identified, prioritized, effectively managed, and monitored. Additionally this role should work within the business unit to ensure Tech follows the required internal and external compliance standards and delivers a reduction in the overall risk profile for our customers

The role may or may not have a number of TSR GRC Managers or TSR GRC Specialists reporting into it, as well as multiple matrix relationships across Tech, other business functions and the external supplier base.

This role description forms a generic outline of the TSR GRC Manager role. Particular roles could encompass some, but not all elements and may focus on particular areas, eg, Programme rather than Operations. The TSR GRC Manager may support one or more Tech Business Units

Required Skills

Computer science, Information Management, Pharma industry
Key Skills

CISA (Certified Information Systems AudTechor) / CRISC (Certified in Risk and Information Systems Control) / CGEIT (Governance of Enterprise IT) CPA (certified Public Accountant) /Information Security CISP CISM

Minimum of 5 years experience in a combination of Risk Management, Quality Assurance and Compliance function in a Pharmaceutical environment

Demonstrable experience of successfully managing Assurance or operational activities within a Business Unit

Current knowledge of how ERP solutions support business processes to that business unit

Strong understanding of the regulatory trends in the Pharmaceutical industry is foundational to success in this role

Proven management experience of cross functional teams located globally

hese positions can be accountable for Financial and pharmaceutical Compliance of GRC Tech function globally, this is a niche area and poses real challenges in term of external talent acquisition.

Proven line management experience in prior roles, if role requires line management

Awareness of the regulatory trends within the Pharmaceutical industry

Understanding of ITMS, Smart Controls and how a business unit deploys this methodology

Experience of operating in an international environment with tact, diplomacy and cultural sensitivity

Experience in interpreting policies, procedures and processes for ensuring compliance with risk management programs

Knowledge of Tech Support processes, such as ITIL

Good knowledge of Software Qualty Assurance

Knowledge of Information security standards (e.g. ISO27001) and Privacy Regulations

Understanding of Agile, Kanban and Scrum basics

Learning agility, including participating in #godigital learning and ensuring they keep up to date with GRC and Security trainings

Good understanding of emerging technology risks eg cloud (SAAS, PAAS and IAAS), Automation etc

The role encompasses the following 5 responsibilities:

Risk Management

Quality & Compliance (including Operations, Programme/Product and Project support)

IBM/MM monitoring

Audit Support

Information Policy Formation

Security Awareness and Training

Risk Management

Contribute to identification and initiation of Risk mitigation projects to address significant risks impacting a Business unit, using Smart Controls assessments

Facilitate risk identification and risk discussions within the business unit, both operational risk, product/project and strategic risk

Assist Business Unit management to make risk informed decisions through a comprehensive Risk Dashboard

Raise and approve(where necessary) Policy Exceptions and significant Risks through RMS

Input into, review and enforce compliance within Tech Policies and Standards as required within Business Unit

Ensure emerging risks are identified and escalated appropriately and in a timely manner

Perform GRC requirements within third party framework

Support Product owners in the management of their project risks, ensuring risk identification process is embedded and operational

Ensure awareness of Computer Security Incident Response (CSIR) process and report suspected security breach

Partner with other TSR GRC and Security staff to deliver a continuous training and education programme to ensure ongoing awareness on new and updated Policies and Standards within their Business Unit.

Governance Risk & Compliance:

Contribute to maintenance of the Business Unit delivery and operational frameworks (Activities, deliverables, roles and responsibilties) and ensure alignment to ITMS

Monitor deliverable quality, ensure quality standards are being met for products/ projects, programmes or operations within their remit, following a risk based approach, according to ITMS, Smart Controls assessments, local SOPs and projects PQPs

Contribute to providing Project Quality assurance oversight depending on the specific project risk profile, including specific assurance reviews as requested by stakeholders

Ensure Business Unit activities align with Regulatory requirements and liaise with Business Quality Groups to contribute to the overall GxP validation or Sox status of the business facing application systems or services

Contribute to ensuring Business Unit is keeping up with regulatory and legal requirements through a pro-active knowledge management programme

Contribute to ensuring Sarbanes-Oxley compliance of Business Unit systems and applicable processes

Quality assurance over the system change control within the Business Unit

Supporting Product teams to maximise their velocity by right sizing their governance approach

Management Monitoring/Independent Business monitoring (MM/IBM)

Execute relevant self-inspection programmes within remit through Management monitoring and Independent Business monitoring where required

Support implementation of relevant Management monitoring programmes in Business Unit for processes not owned by TSR GRC

Partner with other TSR GRC staff to design a management monitoring and independent business controls monitoring schedule. Work with TSR IBM team to Plan, execute, report agreed IBM controls monitoring, including controls in-scope for Sarbanes-Oxley, independently from Process owners

Provide interpretation and results updates at Business Unit RMCB

Audit Support

Contribute to ensuring Business Unit is ready to host external inspections from regulatory bodies (FDA, EMEA, tax authorities, external (Deloitte) and internal auditors (A&A, GCV,CSQA))

Support management of overall Business Unit inspection readiness activities and CAPAs in liaison with the business

Report status on CAPA's to Business Unit RMCB

Information Policy Formation

Work with the TSR GRC GxP lead/Controls owners and ITMS team to review and approve the policy, standards, procedures, guidance and training for compliance with relevant legislation and GSK Requirements.

Support reviews of the information systems for compliance wTechh legislation and specifies any required changes wTechhin their Business UnTech

Support the TSR GRC Director to implement policies, standards and procedures with aligned Tech Business

Security Awareness and Training

Support the development of Security awareness with their aligned Tech Business Unit

Ensure they undertake relevant TSR training initiatives

Role is working from Home

If you match these requirements, please apply as usual. Elevate will send you an email, please open, click and action it and your application will be visible to the hiring organisation directly. Elevate provides a route to contract and contingent assignments across many skills areas by matching your profile to relevant jobs that our customers post to the platform.

Please note that Elevate Direct is a software provider and not a recruitment agency. As such, Elevate is not involved in the recruitment processes for any employer, who uses the platform. Please contact employers directly through your Elevate profile with any queries related to your application.
You need to sign in or create an account to save a job.

Get job alerts

Create a job alert and receive personalised job recommendations straight to your inbox.

Create alert