AbbVie Business Domain Risk, Security & Compliance Lead in Lake County, Illinois
Business Domain Risk, Security & Compliance Lead
USA, Illinois, Lake County
1 additional location
Requisition # 1904370
The Business Domain Risk, Security & Compliance Lead role is accountable for facilitation of IT risk management processes. Collaborates cross-functionally to help mature and execute the IT Risk Security and Compliance processes which include; governance, risk assessment, risk analysis, risk metrics, risk reporting, supplier monitoring, internal / external audit support and technology enablement. Provides leadership for the creation of a Compliance Strategy, project execution and improvement initiatives for IT. Creates strategies and processes related to all areas of Governance, Risk Management and Compliance. Also, coordinates the efforts of several groups to ensure compliance with SOX, Personal Identifiable Health Information, PCI, as well as other federal and industry regulations and requirements.
Responsible for compliance with applicable Corporate and Divisional Policies and procedures
Ensure that all applicable AbbVie IT policies and procedures are followed. Reviews and provides input to improve procedures as applicable.
Establish and oversee formal risk analysis and risk-assessment programs for various Information Services systems and processes.
Ensure and monitor compliance with SOX, Personal Identifiable Health Information, PCI, as well as other federal and industry regulations and requirements.
Liaise with Internal Audit, Corporate Compliance, Office of General Counsel and Risk Management to remediate new and outstanding issues; track security-related issues.
Participate in the overall creation and maintenance of AbbVie’s risk, security & compliance policies, standards, guidelines and baselines.
Promote and monitor our corporate wide IS Security awareness program.
Develop, promote and monitor AbbVie’s Electronic Records Retention program. Work with business units to ensure data is properly classified.
Maintain expertise on governance, risk, security & compliance trends through training, research and development in order to mitigate potential security exposures.
Ensure that contingency and / or business continuity technology services are compliant with technology policies and other regulatory requirements..
Bachelor’s Degree Information Technology, Computer Science or Computer Engineering
5 -10 years of experience with IT compliance, IT risk, and/or IT audit
In-depth understanding with all aspects of regulatory and contractual compliance, especially Payment Card Industry (PCI), Sarbanes Oxley, and Health Information Portability and Accountability Act (HIPAA) requirements
Experience communicating and presenting both verbally and in writing to various audiences, including committees, large groups, senior management, and executive leadership.
Experience with IT process, risk and control frameworks, such as COBIT, ISO 27001, ITIL, Risk IT.
Advanced knowledge of risk assessment design and delivery preferred.
Experience with Software Development Lifecycle (SDLC) methodologies preferred.
Professional security management certification: CISSP or CISA preferred.
Requires knowledge of outsourcing methodologies and operating models, and working with professional services firms.
Requires experience overseeing geographically distributed and culturally diverse work-groups..
Significant Work Activities and Conditions: Continuous sitting for prolonged periods (more than 2 consecutive hours in an 8 hour day)
Travel: Yes, 10 % of the Time
Job Type: Experienced
Equal Employment Opportunity Employer
At AbbVie, we value bringing together individuals from diverse backgrounds to develop new and innovative solutions for patients. As an equal opportunity employer we do not discriminate on the basis of race, color, religion, national origin, age, sex (including pregnancy), physical or mental disability, medical condition, genetic information gender identity or expression, sexual orientation, marital status, protected veteran status, or any other legally protected characteristic.