Director, IT Compliance

Employer
AbbVie
Location
Lake County, IL, US
Posted
Sep 07, 2018
Ref
1806372
Required Education
Bachelors Degree
Position Type
Full time
The Director of IT Compliance Services is a critical leadership role accountable for developing and implementing AbbVie's IT compliance strategy in collaboration with Information Security, Quality and business compliance leadership.

This position will be responsible for:
  • Defining and Executing the IT Compliance Strategy
  • Establishing a Regulatory Intelligence Program for IT Compliance
  • Defining, Launching and Operating IT compliance services for the organization
  • Defining and Executing a Sustainable Training & Audit Readiness Program
  • Partnering & Influencing Key AbbVie Organizations


Primary Responsibilities Include:

Define and Execute the IT Compliance Strategy
  • Understand the corporation's vision, goals, and ITO's strategies.
  • Develop the IT Compliance Strategy, Roadmap and Organizational design to ensure IT compliance with new and upcoming regulations. Scope includes: SOX, Safe Harbor, HIPAA, PCI, Data Integrity, Commercial/ Ad Promo rules, Product Device Software applications, Infrastructure change control, Security controls, etc.
  • Define Best in Industry IT Policies to remain in compliance with regulations while implementing a risk-based approach for an agile BioPharma company.
  • Establish an IT Management Review to include IT Compliance KPIs for internal AbbVie and with Key IT Partners (e.g. HP, Unisys, EMC).
  • Define, launch and operate IT Compliance services. Develop value-based criteria and thresholds to migrate current IT Compliance activities to incorporate IT services concepts - establish IT Compliance Service Catalogue which may include services such as:
    • Compliance Lifecycle Services
    • Assessment Services
    • Strategic Planning Services
    • Advisory Services
  • Develop a continuous improvement program focused on business value, process optimization, cost avoidance, cost reductions and IT "Speed to Market"


Establish a Regulatory Intelligence Program for IT Compliance

Define a Holistic Global Program around Regulatory Intelligence focused on IT Compliance
  • Track, trend and share industry updates involving IT systems and practices. Evaluate AbbVie's compliance and develop and track plans to remediate.
  • Develop a communication plan to disseminate key guidance, rules and standards to the organization for IT Practitioners to understand and implement.
  • Best in Class Benchmarking with industry peers to establish requirements for compliance while supporting innovation and improved agility and IT "Time to Market"


Define and Execute a Sustainable Training & Audit Readiness Program
  • Establish an IT Compliance Training Plan to include principles on:
    • Applicable Laws, Regulations, and Definitions
    • Global Regulatory Agencies overview
    • Warning Letters and Statements of Non-conformance
    • Commercial & Ad Promo Rules
    • Internal IT Audit Process
    • Share audit findings and lessons learned across IT for continuous improvement
    • Compliance importance and impact to our patients
  • Develop business ready tools to facilitate and simplify IT compliance.
    • Prepare and establish guidelines and toolkits as Audit "Defense" packages for enterprise IT systems, infrastructure, security, plant and affiliate Audit Support
    • Establish tools and techniques for IT practitioners to translate requirements/policies/ procedures into easy to follow checklists for implementation, tailored to ITOs with a risk-based approach
    • Develop tools to track, remind and document compliance evidence for compliance areas
  • Establish a program to request and support Mock Audits around new IT systems and requirements


Partner & Influence Key AbbVie Organizations

Build and maintain productive relationships with all levels in the AbbVie IT organization, business functions, and with external partners to support business strategies:
  • Align with SQA organizations to support effective communications and define common standards across ITOs and VRBs
  • Communicate to and receive strategic direction from IT Senior Staff
  • Guide and lead strategy and goals for the IT Compliance Managers

Manage Human Resource Strategy for the team
  • Design, implement and manage the human resource strategy for the team, including succession planning, career path progression planning, leadership development, skill benchmarking, and resource prioritization and optimization for 15+/- colleague staff and a third-party service workforce
  • Recruit, select and retain colleague staff including the long term development of organizational capabilities and capacity to match business demands and workloads
  • Organize, prioritize and manage work assignments for the team, including third-party service providers

Track Financial Performance
  • Define service cost for meaningful unit of measure and calculate impact of service on AbbVie's Profit & Loss
  • Secure appropriate service financing in conjunction with other Service Managers or relevant IT leadership
  • Lead annual budgeting process for all applicable cost centers
  • Manage and track financial performance of the service at or below relevant value benchmark


Basic:
  • Bachelors degree. MS/MBA preferred.
  • 15+ years of overall IT experience, including 5+ years focus on Compliance and Regulated Processes
  • Expertise in, ISO standards, Software Development Lifecycle (SLC) processes, IT Validation practices, SQA practices, and SOX, HIPAA, PCI, etc. regulations around IT systems
  • Ability to travel globally.


Preferred:
  • Ability to consistently apply a service oriented approach to IT compliance while working with various stakeholders, develop updated service processes and technology elements that are easy transition to operation
  • Ability to identify and prioritize continual improvement opportunities, including developing improvement approach alternatives, opportunity cost and estimates of net benefit impact
  • Ability to develop business focused balanced scorecards that articulate IT compliance level, service quality and cost

Equal Opportunity Employer Minorities/Women/Veterans/Disabled