The GRC Technology Leader will provide technical and information security expertise for the development and implementation of the GRC technology. The leader will support the design and implementation of the GRC technology to enable an effective IT risk and compliance program. In addition, the leader is responsible for collaborating across the enterprise to maximize the use of the GRC technology and to analyze and assist in the implementation of risk management frameworks, policies, standards, and compliance attestations.

• Lead the design and implementation the selected GRC technology by understanding the problems, goals, and requirements of the various organizations
• Collaborate across Information Security, Information Technology, Compliance and Audit teams to remediate new and outstanding issues as well as track all issues in the GRC technology
• Build appropriate dashboards and templates for metrics consumption
• Support the development and implementation of the IT risk management program ensuring information security risks are identified, monitored, and tracked through the GRC technology.
• Support key projects and oversee project and change management activities for GRC initiatives.
• Support other organization initiatives and deliverables as needed.

Qualifications: 

• Knowledge of information security risk management frameworks and compliance practices including ISO 27001, ISO 27005, NIST 800-53 and NIST 800-30
• Superior knowledge and working experience on several GRC technology platforms and technologies required (e.g., OneTrust, ServiceNow)
• Ability to translate technical, regulatory, and security requirements into practical considerations for the GRC technology development
• Experience performing IT control reviews, third party security evaluations, and security risk assessments is highly desirable.
• Bachelor's degree with 9 years of expereince or Master's degree with 8 years of experience in Computer Science, Information Science or related discipline. 
• Ability to handle multiple tasks and prioritize effectively required
• Solid analytical thinking. 

This position is part of AbbVie’s Information Security & Risk Management (ISRM) team.  We are here to put our partners in a position to succeed. We do it by providing the knowledge, tools, and support they need to effectively use data and technology while also effectively managing risk.