AbbVie is looking for a results-driven, customer centric, policy and compliance leader with excellent stakeholder management skills, with the vision and drive to help us elevate our policy and compliance program.
The Senior IT Policy & Compliance Lead will be responsible for executing against the strategic direction of the IT Compliance Services organization and will be an active member of the IT Policy Steering committee, participate in designing the IT Policy strategic roadmap. They will be responsible for the continuous improvement activities within their group and the wider IT Governance, Risk and Compliance organization. They will ensure AbbVie’s BTS leadership has the information needed to make strategic risk-based decisions enabling the achievement of business objectives globally.
This position is part of AbbVie’s Information Security & Risk Management (ISRM) team. We are here to put our partners in a position to succeed. We do it by providing the knowledge, tools, and support they need to effectively use data and technology while also effectively managing risk.
- Acts as senior-level consultant providing direction and support to IT Compliance function on policy, identified gaps in policy or the control's environment provide experienced advice on new control and policy requirements.
- Integrate new laws, statutes, standards, and regulatory into control framework and support periodic or regular library refresh activities, processes, and procedures.
- Manages the evolution of AbbVie’s IT policies and related documentation to a controls and standards-based program, developing a control set aligned with appropriate external standards (NIST, ISO2700X, COBIT, etc.)
- Periodic review of policy structure that includes alignment of governance documents (Policies, Standards, Procedures, and Security Baselines) with changing security/risk landscape.
- Ensure governance documents are well-aligned with the AbbVie’s Risk Controls, applicable regulations, and industry standard methodologies.
- Drives ongoing simplification of IT policies and related documentation
- Manages policy approval process, including communication of policy changes
- Develop and implement a program to consult with IT Compliance leaders on impacts from changes to policies, controls, and related documents.
- Identifies policy and process changes requiring communication and / or development of new training for employees and contractors; leads the development of communications and training related to policies, controls, and related documentation.
- Creates content for, and maintains, IT Policy Portal.
- Drive efficiencies by seeking opportunities for centralization, globalization, and automation
- Participate in process reviews and identify opportunities for significant enhancements in operational efficiency, overall effectiveness, and identifiable benefits to the company
- Performs work using standard methodologies, processes, and tools to ensure IT Compliance. Resolve issues that may delay multiple projects for multiple client areas or otherwise subject the company to financial or regulatory risk.
- Develops business relationships and integrates activities with internal and external IT and QA departments to ensure successful implementation and support of project efforts by ensuring consistent IT Policy and Compliance practices.
- Develops and proposes solutions to ensure on-going compliance with industry rules and regulations (internal and external). Significantly contributes to business process improvement and overall knowledge of the organization.
- Bachelor's Degree or equivalent certification or experience with 7+ years’ experience in an IT policy and compliance role
- Strong knowledge of Policy and Control frameworks
- Sound knowledge of risk management, technical control design and methodologies
- Good understanding of implementing (develop & maintain) information/cyber security and technology Controls and analyzing or evaluating the associated Risks.
- Advance knowledge of IT and Security policies
- Knowledge of risk management processes, including steps and methods for assessing risk
- Knowledge of SOX, HIPPA, FCA, PII, PCI, SOC 1 & 2, ISO27001 requirements
- Able to deliver high quality, accurate work within tight deadlines.
- Knowledge of the organization's enterprise information technology (IT) goals and objectives
- Excellent analytical, judgment and consultative capabilities and communication skills and the ability to work with IT management and staff.
- Excellent engagement and communications skills
- GRC framework use/design/implementation would be a plus.
- MBA or Legal or Big 4 consulting is a plus.
Significant Work Activities: Continuous sitting for prolonged periods (more than 2 consecutive hours in an 8 hour day)
Travel: Yes, 10 % of the Time
Job Type: Experienced