- Manage and own major GRC-focused projects from beginning to end with minimal supervision.
- Provide leadership, guidance, and oversight to ensure the implementation and consistent operation of an information security governance, security risk management and compliance program.
- Overall ownership and maintenance of all Global IT policies including updates and ensuring alignment with industry standards.
- Perform compliance assessments to decide if business systems are aligned with regulatory requirements, industry standards, polices and best practices
- Plan and perform annual IT risk assessments across company departments, business units and operational locations.
- Collaborate with key stakeholders at all levels of the organization to confirm, verify and address audit findings, control deficiencies and remediation plans
- Document, keep, report and articulate audit - related information (i.e., scope, findings, recommendations, corrective action plans, and status) to appropriate leadership
- Coordinate all aspects of regulatory audits (i.e., pre - site deliverables, audits/assessments, on - site visits and planning, written responses to audit reports)
- Participate on Segregation of Duties committee, sit as a member chair as part of the policy working group and provide security guidance and best practices
- Is leader of a global team of SAP Security analysts across Europe and America.
- Occasional travel required for global audits and other responsibilities
Major Challenges & Complexities
- Introduce / reinforce standardised work i.e. develop and deploy standard processes, KPIs, governance
- Complex business environment i.e. with regular changes to the scope (Mergers & Acquisitions), different stakeholder goals, global and local approaches
- Distributed team with different skill sets and customer culture / approach
- Multi-tasking and setting priorities i.e. ensuring the priorities are aligned and respected across the BU
- Proven leadership experience in similar roles
- Bachelor’s degree in IT or related field required
- 5 - 10 years’ experience in related field
- CISSP, CISA, CISM, or other relevant certifications are a plus but not required
- Knowledge of control frameworks such as ISO 27001, COSO, COBIT and ITIL
- Knowledge of regulatory requirements such as SOX, HIPPAA, FDA CFR Part 11