Associate Director, Global Technology Internal Audit

About AbbVie

AbbVie's mission is to discover and deliver innovative medicines and solutions that solve serious health issues today and address the medical challenges of tomorrow. We strive to have a remarkable impact on people's lives across several key therapeutic areas including immunology, oncology and neuroscience - and products and services in our Allergan Aesthetics portfolio. For more information about AbbVie, please visit us at www.abbvie.com. Follow @abbvie on LinkedIn, Facebook, Instagram, X and YouTube.

The Associate Director, Global Technology Audit is responsible for leading and developing a team of technology auditors while providing senior‑level oversight, technical judgment, and risk leadership for global technology audit activities. This role ensures that technology, cybersecurity, data, and emerging technology risks are assessed with appropriate depth, consistency, and business relevance.  The Associate Director serves as a people manager and technical risk leader within Internal Audit, accountable for the performance, development, and engagement of a team of auditors. The role complements engagement coordination responsibilities performed by audit staff and supports Director‑level governance and stakeholder engagement by providing disciplined challenge, coaching, and escalation on complex or judgment‑intensive technology risk matters. This position plays a critical role in building and sustaining Internal Audit’s technology risk capability, particularly in high‑risk areas such as cybersecurity, cloud platforms, data and analytics, identity and access management, and third‑party technology risk.

Responsibilities

• Lead, manage, and develop a team of approximately seven technology auditors, including setting performance expectations, providing ongoing coaching and feedback, conducting performance reviews, and supporting career development and progression.
• Provide senior‑level oversight and technical judgment for global technology audit engagements, including cybersecurity, infrastructure, cloud platforms, data and analytics environments, identity and access management, and emerging technologies.
• Review and challenge technology risk assessments, audit scope, and conclusions to ensure appropriate focus on control design, sustainability, and risk impact, not solely operating effectiveness.
• Serve as a primary escalation point for complex or judgment‑intensive technology risk issues, supporting Directors in determining appropriate risk ratings, issue framing, and management messaging.
• Ensure consistency and quality in how technology risks are identified, assessed, and reported across audits, particularly in high‑risk or externally exposed environments.
• Coach and develop Lead and Senior auditors to strengthen risk‑based thinking, technical judgment, and the ability to articulate technology risk in clear business terms.
• Contribute to the development, maintenance, and continuous improvement of technology audit methodologies, guidance, and playbooks, with particular focus on cybersecurity and data‑related risk areas.
• Identify emerging technology and cyber risk trends and advise Internal Audit leadership on implications for audit coverage, skills, and resource needs.
• Support integration of technology audit activities with financial and compliance audits, as appropriate, to enhance efficiency and risk coverage.
• Collaborate with Directors to support external audit coordination, co‑sourcing activities, and talent sourcing strategies to ensure the technology audit team maintains the skills required to address evolving risks. 

• Bachelor’s degree in Information Technology, Computer Science, Engineering, Business, Accounting, or a related field from an accredited four-year college or university. An advanced degree is desirable.
• 8+ years of relevant experience in technology audit, technology risk management, cybersecurity, cloud architecture, data platforms, or related areas, gained through internal audit, consulting, or industry roles.
• Demonstrated people‑management experience, including coaching, performance management, and development of professional staff.
• Strong ability to assess technology and cyber risks using judgment‑based, risk‑focused approaches rather than checklist‑driven testing alone.
• Solid understanding of technology control design concepts and how technology risks can manifest even when controls are formally in place.
• Experience across multiple technology domains such as cybersecurity, cloud infrastructure, identity and access management, data platforms, third‑party technology risk, and system development or change processes.
• Proven ability to communicate complex technology and cyber risks clearly to non‑technical stakeholders, including executive management.
• Demonstrated capability to mentor and develop auditors beyond execution into risk‑based thinking and technical judgment.
• Familiarity with relevant frameworks and standards (e.g., COBIT, NIST, ISO, cloud shared responsibility models), with the ability to apply them pragmatically.
• Professional certifications such as CISA, CISSP, CRISC, or relevant cloud/security certifications are desirable but not required.

Applicable only to applicants applying to a position in any location with pay disclosure requirements under state or local law: ​

• The compensation range described below is the range of possible base pay compensation that the Company believes in good faith it will pay for this role at the time of this posting based on the job grade for this position. Individual compensation paid within this range will depend on many factors including geographic location, and we may ultimately pay more or less than the posted range. This range may be modified in the future. ​

• We offer a comprehensive package of benefits including paid time off (vacation, holidays, sick), medical/dental/vision insurance and 401(k) to eligible employees.​

• This job is eligible to participate in our short-term incentive programs. ​

Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, incentive, benefits, or any other form of compensation and benefits that are allocable to a particular employee remains in the Company's sole and absolute discretion unless and until paid and may be modified at the Company’s sole and absolute discretion, consistent with applicable law. ​

AbbVie is an equal opportunity employer and is committed to operating with integrity, driving innovation, transforming lives and serving our community.  Equal Opportunity Employer/Veterans/Disabled. 

US & Puerto Rico only - to learn more, visit https://www.abbvie.com/join-us/equal-employment-opportunity-employer.html

US & Puerto Rico applicants seeking a reasonable accommodation, click here to learn more:

https://www.abbvie.com/join-us/reasonable-accommodations.html