Job description Posted 14 August 2020

GRC Manager: Risk, Quality & Compliance, SOX, CRISC/CISA

The role is responsible for providing management and day to day support to the TSR - GRC Director for Governance, Risk & Compliance activities across the assigned business unit ensuring that Tech risks & controls from project inception to support within their business unit are identified, prioritized, effectively managed, and monitored. Additionally this role should work within the business unit to ensure Tech follows the required internal and external compliance standards and delivers a reduction in the overall risk profile for our customers

The role may or may not have a number of TSR GRC Managers or TSR GRC Specialists reporting into it, as well as multiple matrix relationships across Tech, other business functions and the external supplier base.

This role description forms a generic outline of the TSR GRC Manager role. Particular roles could encompass some, but not all elements and may focus on particular areas, eg, Programme rather than Operations. The TSR GRC Manager may support one or more Tech Business Units

Required Skills

  • Computer science, Information Management, Pharma industry
  • Key Skills
  • CISA (Certified Information Systems AudTechor) / CRISC (Certified in Risk and Information Systems Control) / CGEIT (Governance of Enterprise IT) CPA (certified Public Accountant) /Information Security CISP CISM
  • Minimum of 5 years experience in a combination of Risk Management, Quality Assurance and Compliance function in a Pharmaceutical environment
  • Demonstrable experience of successfully managing Assurance or operational activities within a Business Unit
  • Current knowledge of how ERP solutions support business processes to that business unit
  • Strong understanding of the regulatory trends in the Pharmaceutical industry is foundational to success in this role
  • Proven management experience of cross functional teams located globally
  • hese positions can be accountable for Financial and pharmaceutical Compliance of GRC Tech function globally, this is a niche area and poses real challenges in term of external talent acquisition.
  • Proven line management experience in prior roles, if role requires line management
  • Awareness of the regulatory trends within the Pharmaceutical industry
  • Understanding of ITMS, Smart Controls and how a business unit deploys this methodology
  • Experience of operating in an international environment with tact, diplomacy and cultural sensitivity
  • Experience in interpreting policies, procedures and processes for ensuring compliance with risk management programs
  • Knowledge of Tech Support processes, such as ITIL
  • Good knowledge of Software Qualty Assurance
  • Knowledge of Information security standards (e.g. ISO27001) and Privacy Regulations
  • Understanding of Agile, Kanban and Scrum basics
  • Learning agility, including participating in #godigital learning and ensuring they keep up to date with GRC and Security trainings
  • Good understanding of emerging technology risks eg cloud (SAAS, PAAS and IAAS), Automation etc

The role encompasses the following 5 responsibilities:

  • Risk Management
  • Quality & Compliance (including Operations, Programme/Product and Project support)
  • IBM/MM monitoring
  • Audit Support
  • Information Policy Formation
  • Security Awareness and Training

Risk Management

  • Contribute to identification and initiation of Risk mitigation projects to address significant risks impacting a Business unit, using Smart Controls assessments
  • Facilitate risk identification and risk discussions within the business unit, both operational risk, product/project and strategic risk
  • Assist Business Unit management to make risk informed decisions through a comprehensive Risk Dashboard
  • Raise and approve(where necessary) Policy Exceptions and significant Risks through RMS
  • Input into, review and enforce compliance within Tech Policies and Standards as required within Business Unit
  • Ensure emerging risks are identified and escalated appropriately and in a timely manner
  • Perform GRC requirements within third party framework
  • Support Product owners in the management of their project risks, ensuring risk identification process is embedded and operational
  • Ensure awareness of Computer Security Incident Response (CSIR) process and report suspected security breach
  • Partner with other TSR GRC and Security staff to deliver a continuous training and education programme to ensure ongoing awareness on new and updated Policies and Standards within their Business Unit.

Governance Risk & Compliance:

  • Contribute to maintenance of the Business Unit delivery and operational frameworks (Activities, deliverables, roles and responsibilties) and ensure alignment to ITMS
  • Monitor deliverable quality, ensure quality standards are being met for products/ projects, programmes or operations within their remit, following a risk based approach, according to ITMS, Smart Controls assessments, local SOPs and projects PQPs
  • Contribute to providing Project Quality assurance oversight depending on the specific project risk profile, including specific assurance reviews as requested by stakeholders
  • Ensure Business Unit activities align with Regulatory requirements and liaise with Business Quality Groups to contribute to the overall GxP validation or Sox status of the business facing application systems or services
  • Contribute to ensuring Business Unit is keeping up with regulatory and legal requirements through a pro-active knowledge management programme
  • Contribute to ensuring Sarbanes-Oxley compliance of Business Unit systems and applicable processes
  • Quality assurance over the system change control within the Business Unit
  • Supporting Product teams to maximise their velocity by right sizing their governance approach

Management Monitoring/Independent Business monitoring (MM/IBM)

  • Execute relevant self-inspection programmes within remit through Management monitoring and Independent Business monitoring where required
  • Support implementation of relevant Management monitoring programmes in Business Unit for processes not owned by TSR GRC
  • Partner with other TSR GRC staff to design a management monitoring and independent business controls monitoring schedule. Work with TSR IBM team to Plan, execute, report agreed IBM controls monitoring, including controls in-scope for Sarbanes-Oxley, independently from Process owners
  • Provide interpretation and results updates at Business Unit RMCB

Audit Support

  • Contribute to ensuring Business Unit is ready to host external inspections from regulatory bodies (FDA, EMEA, tax authorities, external (Deloitte) and internal auditors (A&A, GCV,CSQA))
  • Support management of overall Business Unit inspection readiness activities and CAPAs in liaison with the business
  • Report status on CAPA’s to Business Unit RMCB

Information Policy Formation

  • Work with the TSR GRC GxP lead/Controls owners and ITMS team to review and approve the policy, standards, procedures, guidance and training for compliance with relevant legislation and GSK Requirements.
  • Support reviews of the information systems for compliance wTechh legislation and specifies any required changes wTechhin their Business UnTech
  • Support the TSR GRC Director to implement policies, standards and procedures with aligned Tech Business

Security Awareness and Training

  • Support the development of Security awareness with their aligned Tech Business Unit
  • Ensure they undertake relevant TSR training initiatives

Role is working from Home

Additional information about the process

Join GSK’s vision to do more, feel better and live longer:

Who will I be working with?