The Business Domain Risk, Security & Compliance Lead role is accountable for facilitation of IT risk management processes. Collaborates cross-functionally to help mature and execute the IT Risk Security and Compliance processes which include; governance, risk assessment, risk analysis, risk metrics, risk reporting, supplier monitoring, internal / external audit support and technology enablement. Provides leadership for the creation of a Compliance Strategy, project execution and improvement initiatives for IT. Creates strategies and processes related to all areas of Governance, Risk Management and Compliance. Also, coordinates the efforts of several groups to ensure compliance with SOX, Personal Identifiable Health Information, PCI, as well as other federal and industry regulations and requirements.
* Responsible for compliance with applicable Corporate and Divisional Policies and procedures * Ensure that all applicable AbbVie IT policies and procedures are followed. Reviews and provides input to improve procedures as applicable. * Establish and oversee formal risk analysis and risk-assessment programs for various Information Services systems and processes. * Ensure and monitor compliance with SOX, Personal Identifiable Health Information, PCI, as well as other federal and industry regulations and requirements. * Liaise with Internal Audit, Corporate Compliance, Office of General Counsel and Risk Management to remediate new and outstanding issues; track security-related issues. * Participate in the overall creation and maintenance of AbbVie's risk, security & compliance policies, standards, guidelines and baselines. * Promote and monitor our corporate wide IS Security awareness program. * Develop, promote and monitor AbbVie's Electronic Records Retention program. Work with business units to ensure data is properly classified. * Maintain expertise on governance, risk, security & compliance trends through training, research and development in order to mitigate potential security exposures.
* Ensure that contingency and / or business continuity technology services are compliant with technology policies and other regulatory requirements.
* Bachelor's Degree Information Technology, Computer Science or Computer Engineering * 5 -10 years of experience with IT compliance, IT risk, and/or IT audit
* In-depth understanding with all aspects of regulatory and contractual compliance, especially Payment Card Industry (PCI), Sarbanes Oxley, and Health Information Portability and Accountability Act (HIPAA) requirements * Experience communicating and presenting both verbally and in writing to various audiences, including committees, large groups, senior management, and executive leadership. * Experience with IT process, risk and control frameworks, such as COBIT, ISO 27001, ITIL, Risk IT. * Advanced knowledge of risk assessment design and delivery preferred.
* Experience with Software Development Lifecycle (SDLC) methodologies preferred. * Professional security management certification: CISSP or CISA preferred. * Requires knowledge of outsourcing methodologies and operating models, and working with professional services firms. * Requires experience overseeing geographically distributed and culturally diverse work-groups.
* Significant Work Activities and Conditions: Continuous sitting for prolonged periods (more than 2 consecutive hours in an 8 hour day) * Travel: Yes, 10 % of the Time * Job Type: Experienced * Schedule: Full-time
AbbVie is a pharmaceutical company that discovers, develops, and markets both biopharmaceuticals and small molecule drugs.