AbbVie Business Domain Risk, Security & Compliance Lead in Lake County, Illinois
The Business Domain Risk, Security & Compliance Lead role is accountable for facilitation of IT risk management processes. Collaborates cross-functionally to help mature and execute the IT Risk Security and Compliance processes which include; governance, risk assessment, risk analysis, risk metrics, risk reporting, supplier monitoring, internal / external audit support and technology enablement. Provides leadership for the creation of a Compliance Strategy, project execution and improvement initiatives for IT. Creates strategies and processes related to all areas of Governance, Risk Management and Compliance. Also, coordinates the efforts of several groups to ensure compliance with SOX, Personal Identifiable Health Information, PCI, as well as other federal and industry regulations and requirements.
Key Responsibilities Include:
Responsible for compliance with applicable Corporate and Divisional Policies and procedures.
Ensure that all applicable AbbVie IT policies and procedures are followed. Reviews and provides input to improve procedures as applicable.
- Establish and oversee formal risk analysis and risk-assessment programs for various Information Services systems and processes.
- Ensure and monitor compliance withSOX, Personal Identifiable Health Information, PCI, as well as other federal and industry regulations and requirements.
- Liaise with Internal Audit, Corporate Compliance, Office of General Counsel and Risk Management to remediate new and outstanding issues; track security-related issues.
- Participate in the overall creation and maintenance of AbbVie’s risk, security & compliance policies, standards, guidelines and baselines.
- Promote and monitor our corporate wide IS Security awareness program.
- Develop, promote and monitor AbbVie’s Electronic Records Retention program. Work with business units to ensure data is properly classified.
- Maintain expertise on governance, risk, security & compliance trends through training, research and development in order to mitigate potential security exposures.
- Train other staff and external clients as necessary.
- Ensures Business Domain specific suppliers meet Service Level Agreements (SLAs)
Ensure that contingency and / or business continuity technology services are compliant with technology policies and other regulatory requirements.
Provides targeted and quantifiable reporting of IT Risk Management activities, including all aspects of the metrics/reporting lifecycle management.
Collaborates with all technology groups, lines of business, and corporate functional areas to define, gather and analyze risk metrics. Provides targeted reporting to all levels of IT and Business management.
Maintains a customized process, risk and control framework to improve the organization’s IT risk profile by aligning with the regulatory and quality, industry practices and internal requirements.
- Coordinates and communicates IT risk-related activities among key stake holders. Integrates and coordinates risk intelligence artifacts to gain efficiencies and reduce redundancy.
- Monitors key risk indicators (KRIs) and key performance indicators (KPIs)
- Executes, maintains, oversees governance, risk and compliance tools with the goal of improving efficiency, reducing costs, improving agility and optimizing information technology governance, risk, and controls management processes, while providing the business a more defined view into technology risk.
- Understands the business organizational structure and culture to best attain objectives and results.
- Bachelor’s Degree Information Technology, Computer Science or Computer Engineering
- 5 -10 years of experience with IT compliance, IT risk, and/or IT audit
- In-depth understanding with all aspects of regulatory and contractual compliance, especially Payment Card Industry (PCI), Sarbanes Oxley, and Health Information Portability and Accountability Act (HIPAA) requirements
- Experience communicating and presenting both verbally and in writing to various audiences, including committees, large groups, senior management, and executive leadership.
- Experience with IT process, risk and control frameworks, such as COBIT, ISO 27001, ITIL, Risk IT.
Willing to travel at least 25% of the time for business purposes .
Advanced knowledge of risk assessment design and delivery.
- Experience with Software Development Lifecycle (SDLC) methodologies.
- Professional security management certification: CISSP or CISA preferred.
- Ability to prioritize and multi-task and strong problem resolution skills.
- Demonstrated ability to coordinate cross-functional teams towards task completion.
- Requires knowledge of outsourcing methodologies and operating models, and working with professional services firms.
- Requires experience overseeing geographically distributed and culturally diverse work-groups.
- Excellent written and verbal communication skills.
- Knowledge of business and technology trends.
- Strong interpersonal / relationship management skills.
Job Classification: Experienced
Job: INFORMATION TECHNOLOGY
Primary Location: USA-Illinois-Lake County
Travel: Yes, 25 % of the Time
Req ID: 1702505
Equal Opportunity Employer Minorities/Women/Veterans/Disabled