GRC Strategy and Risk Governance Director
AbbVie’s mission is to discover and deliver innovative medicines that solve serious health issues today and address the medical challenges of tomorrow. We strive to have a remarkable impact on people’s lives across several key therapeutic areas: immunology, oncology, neuroscience, eye care, virology, women’s health and gastroenterology, in addition to products and services across its Allergan Aesthetics portfolio. For more information about AbbVie, please visit us at www.abbvie.com. Follow @abbvie on Twitter, Facebook, Instagram, YouTube and LinkedIn.
AbbVie is looking for a strategic leader with excellent stakeholder management skills, who can create and deliver a holistic and compelling approach to risk governance.
Director, IT GRC Strategy & Risk Governance will build, oversee, and manage AbbVie’s new IT GRC Strategy, Risk & Governance group.
The IT GRC Strategy & Risk Governance group will be responsible for managing the strategic direction of the IT GRC organization and its director will be an active member of the IT GRC Leadership team, participate in designing the strategic roadmap of IT GRC, support implementing that roadmap, and will be responsible for the continuous improvement of their group and the wider IT GRC organization. They will ensure AbbVie’s BTS leadership has the information needed to make strategic risk-based decisions enabling the achievement of business objectives globally. You will build, mentor, and scale the team, which deploys common governance and risk processes. This role will report into the Senior Director GRC.
The ideal candidate will:
- Drive: Design, deploy, and lead the operations of a multi-year roadmap for the BTS Risk Management program that ensures proper assessment, management, and documentation of AbbVie’s BTS compliance and risk posture.
- Connect: Inspire trust and build strong, authentic, productive relationships within the organization and with key stakeholders. Effectively engage and collaborate with leadership across the organization to develop, define and build on innovative ideas and business priorities
- Develop: Create an environment of continual improvement both inside and outside of direct team
- Re-imagine: Bring new ideas, methods, and approaches to the team. Leverage their own expertise to challenge the status quo and drive decisions and actions necessary to improve our business processes and related technology
- Inspire: Demonstrate an unyielding passion for the employee experience, AbbVie culture, and ISRM mission and vision. Lead by example and inspire others to follow
- Oversees and is accountable for the delivery of the IT GRC Strategy & Risk Governance services including: BTS Operational and Cyber Risk Management, SDLC Policy & Procedure management and maintenance, continuous improvement activities, risk insights
- Manages and runs a regular reporting and meeting cadence across BTS and IT GRC leadership to share consolidated compliance risk insights reports and to facilitate continuous improvement opportunities
- Continuously monitors the status and performance of each of the services
- Works with IT leadership and IT GRC Strategy & Governance to identify areas of improvement with service delivery and/or how IT practitioners can improve how they manage risk:
- Ability to conduct market research and comparative studies
- Ability to communicate clearly to various levels of management (including executive management), across various business functions (including engineering, product, and sales)
- Solid understanding of Security Controls; experience with audit, advisory, or consulting is beneficial
- Previous experience and/or familiarity with related compliance frameworks (i.e. ISO27001, SOC2, HITRUST, PCI, FedRAMP) is beneficial
- The ability to work in a fast-paced tech environment, managing multiple large-scale projects simultaneously is crucial
- Bachelors degree with 15 years of experience or equivalent experience
- You have significant experience in developing a Risk Management program, including but not limited to, scope planning, defining control procedures based on requirements, policies and standards, control testing, and mapping issues to risks and socializing results.
- You have a proven experience and a strong ability to define, drive, and execute a program vision, strategy, approach, and milestones in alignment with organization priorities and initiatives all while assessing the big picture, connecting the dots, and influencing stakeholders.
- You have experience and can think strategically with respect to risk management and compliance frameworks, including related regulatory and IT compliance requirements (e.g., SOC 2, NIST 800-53, ISO 27001, HIPAA, PCI, etc.).
- Leading culture change in the IT risk management area including driving risk accountability into the business and successfully employing a risk register.
- You lead by example with honesty and integrity.
- You have prior experience hiring, building, and managing a team.
- You have excellent collaboration, communication, interpersonal, and issue resolution abilities.
- You have the ability to analyze the nature of controls and identify automation opportunities for increased monitoring and scaling coverage.
- You are execution oriented, results-driven, and a self-motivator.
Nice to Haves
- A mix of experiences at a Big Four (or similar) audit or consulting firm and at an in-house governance, risk, and compliance function
- You have an industry recognized certification in security (e.g., CISSP, CISA, CISM, CCSK, etc.)
- You have experience working in an international / global organization
Significant Work Activities
Continuous sitting for prolonged periods (more than 2 consecutive hours in an 8 hour day)
Yes, 50 % of the Time
Job Level Code
Equal Employment Opportunity
At AbbVie, we value bringing together individuals from diverse backgrounds to develop new and innovative solutions for patients. As an equal opportunity employer we do not discriminate on the basis of race, color, religion, national origin, age, sex (including pregnancy), physical or mental disability, medical condition, genetic information gender identity or expression, sexual orientation, marital status, protected veteran status, or any other legally protected characteristic.