"Alerted.org

General Description:

BeOne is seeking an Associate Director of GTS Governance, Risk, & Compliance (GRC) to build, enable and transform its risk management, compliance and security capabilities and resources in North America & LATAM regions. The GTS GRC Associate Director is a critical position within the organization and has GRC responsibilities from a technology and security perspective across the organization. Working closely with the Director of Global GTS GRC, this position will be responsible for building and enhancing the GRC portfolio of efforts to raise the overall security and compliance posture for BeOne. This position will also be directly responsible for implementing, maintaining and improving policies, procedures and internal controls to ensure compliance with applicable regulatory and legal requirements as well as best practices.

The GTS GRC Associate Director will drive and enforce third party risk management through streamlined third-party risk assessments and third party threat intelligence by designing controls and implementing industry best practice processes across the organization.

This role will lead an end-to-end risk management process to drive in-time risk mitigation and resolution within the region. This role will work across multiple frameworks and regulatory standards including, but not limited to SOX, US DoJ Data Rule, GxP, ISO, NIST CSF, and other relevant data security & privacy laws and regulations, etc. This position will liaise with all business groups including but not limited to Finance, Internal Control, Internal Audit, Legal, Compliance, TechOps, R&D, HR, Quality and other stakeholders in NA&LATAM region to implement new solutions and processes as well as document and remediate outstanding issues.

This role will drive the establishment of policy, standards and procedures for specific functional domains as well as regional SOPs under global Information Security Management System. Lead and manage training and awareness enhancement through policy and cyber hygiene training. This role will also be responsible for the implementation and ownership of a GRC system that will be used to further automation of the program.

**Essential Functions of the job** :

+ Responsible for implementation of controls to build and enhance the GRC program.

+ Responsible for monitoring, remediation, and reporting of controls gaps in the IT and Cybersecurity program areas. Provide management level status update and risk profile dashboards including current and desired future state of control maturity.

+ Responsible for leading internal IT, Cybersecurity, and third-party information security risk management activities for various information services systems and processes.

+ Collaborate with IT and business stakeholders to understand risks to critical infrastructure by defining potential business impacts.

+ Assess, report and mature the compliance posture for internal policies and guidelines as well as regulatory requirements based on frameworks including SOX, US DoJ Data Rule, GxP, ISO, NIST CSF, other relevant oriented data security & privacy laws and regulations, etc.

+ Maintain, improve, and enforce BeOne security policies and IT security standards along with security exception processes.

+ Effectively engage IT, stakeholders, business partners, and vendors to maintain an understanding of current risks, new systems, and changes to the environment.

+ Lead efforts including but not limited to: IT Policy Management, IT Compliance Management, Training & Awareness Management, IT Risk Management and Third Party Security Risk Management.

Education Required:

+ Bachelor’s Degree or equivalent experience

Required Qualifications:

+ Bachelors Degree with 8+ years’ experience of GRC implementation, processes, and practices.

+ Experience working with and implementing GRC tools and processes.

+ Experience building and developing successful risk management programs.

+ Experience with third party risk management and conducting third-party risk assessments.

+ Experience in creating and maintaining security policy, standard, guideline and procedure documents

+ Experience leading GRC functions and playing role of people manager with effective people coaching capabilities.

+ Extensive knowledge and experience in security and compliance frameworks such as SOX, US DoJ Data Rule, GxP, NIST, ISO, etc.

Preferred Qualifications:

+ Strong leadership, accountability and ownership of responsibilities

+ Strong soft skills of communication with different business functions and stakeholder functions (e.g. Internal Audit, Internal Control, Legal & Compliance, External Audit, etc).

+ Strong experience leading regulatory compliance effort for SOX, US DoJ Data Rule.

+ Experience in facilitating and performing third-party vendor risk assessments with the ability to provide guidance on secure design and operation.

+ Advanced understanding of information security concepts including: cloud security and compliance, encryption, access controls, intrusion detection and prevention, disaster recovery, network security, security operations, security architect.

+ Experience working in a global enterprise environment.

+ Relevant and current industry certification(s): CRISC, CISSP, CISM, CISA

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.