Senior IT Compliance Consultant (IT Policy and Compliance)

Employer
AbbVie
Location
Lake County, IL, US
Posted
Oct 02, 2018
Ref
1807209
Required Education
Bachelors Degree
Position Type
Full time
Provides senior-level consultation and direction to functional areas on IT Compliance policy, process, and procedures. Identifies, proposes, initiates and leads significant improvement programs related to IT policy, processes and procedures. Leads AbbVie's PCI-DSS compliance program.

Responsibilities:
  • Manages the evolution of AbbVie's IT policies and related documentation to a controls and standards-based program, developing a control set aligned with appropriate external standards (NIST, ISO2700X, COBIT, etc.)
  • Enables readiness of policies and controls for certification to relevant standards such as ISO 27001
  • Drives simplification of IT policies and related documentation
  • Aligns IT policies to identified business risk
  • Manages policy approval process, including communication of policy changes
  • Identifies policy and process changes requiring communication and / or development of new training for employees and contractors; assists in the development of communications and training related to policies
  • Manage the execution of AbbVie's PCI-DSS compliance program, including completion and submission of SAQs for AbbVie globally, training of employees and contractors (as required) on PCI compliance, maintain currency in PCI-DSS compliance requirements, consult with IT and business on PCI compliance, and develop programs to audit and validate PCI compliance.
  • Drive efficiencies by seeking opportunities for centralization, globalization and automation
  • Participate in process reviews and identify opportunities for significant enhancements in operational efficiency, overall effectiveness and identifiable benefits to the company
  • Performs work using standard methodologies, processes and tools to ensure IT Compliance. Resolve issues that may delay multiple projects for multiple client areas or otherwise subject the company to financial or regulatory risk.
  • Develops business relationships and integrates activities with internal and external IT and QA departments to ensure successful implementation and support of project efforts by ensuring consistent IT Policy and Compliance practices.
  • Develops and proposes solutions to ensure on-going compliance with industry rules and regulations (internal and external). Significantly contributes to business process improvement and overall knowledge of the organization.


Basic:
  • Bachelor's Degree or equivalent certification or experience.
  • 7+ years' experience in in an IT policy and compliance role
  • Strong familiarity with IT standards, development of IT policies and controls
  • Expertise with PCI-DSS compliance, direct experience completing the PCI-DSS SAQ D
  • Familiarity with ISO 27001 certification process
  • Familiarity with SOX audit procedures, IT General Controls
  • Excellent analytical, judgment and consultative capabilities and communication skills and the ability to work with IT management and staff.
  • Relevant certifications (CISM, CIPP, CISSP, CISA, CRISC, etc) are preferred

Equal Opportunity Employer Minorities/Women/Veterans/Disabled