Associate Director - Technology Governance Risk and Compliance

Ready to help shape the future of healthcare?

GSK is a global biopharma company with a special purpose – to unite science, technology and talent to get ahead of disease together – so we can positively impact the health of billions of people and deliver stronger, more sustainable shareholder returns – as an organization where people can thrive. Getting ahead means preventing disease as well as treating it, and we aim to impact the health of 2.5 billion people around the world over 10 years. Our success absolutely depends on our people. While getting ahead of disease together is about our ambition for patients and shareholders, it’s also about making GSK a place where people can thrive. We want GSK to be a place where people feel inspired, encouraged and challenged to be the best they can be. A place where they can be themselves – feeling welcome, valued and included. Where they can keep growing and look after their wellbeing. So, if you share our ambition, join us at this exciting moment in our journey to get Ahead Together

Key Responsibilities

As an Associate Director, Technology Governance Risk and Compliance (GRC), you provide Tech risk and compliance leadership for Tech functions in GSK. This role is responsible for providing oversight and day-to-day Tech Governance, Risk & Compliance across Commercial, Medical Affairs, and Supply Chain Tech, ensuring that Tech risks & controls within their business unit are identified, prioritized, effectively managed, and monitored. Additionally, this role should work within the business unit to ensure Tech follows the required internal and external risk management and compliance standards and reduces the overall risk profile for our business partners.

This role is for a skilled and results-oriented Tech GRC leader who is a change agent for AI adoption and acceleration and prepared to actively contribute to the success of the team, to be ambitious for patients!  

 The role encompasses the following responsibilities:

• Provide risk and compliance oversight and advisory on strategic technology programs.
• Support Governance, risk, and compliance for Artificial Intelligence and Machine Learning implementations.
• Facilitate and approve risk and compliance assessments for technology risk and compliance control.
• Manage and monitor audit corrective and preventive actions (CAPA), risks, exceptions, ABAC, and findings.
• Contribute to the facilitation of functional risk management and compliance boards (RMCB).
• Collaborate with privacy and legal teams for systems involving personal identification information (PII) and healthcare compliance.
• Partner with business quality assurance teams for GxP compliance.
• Support internal and external audits, including audit readiness activities.
• Provide governance, risk, and compliance support and oversight during application development and maintenance.
• Oversee software change management for GxP regulated applications.
• Authorize system releases.
• Lead and motivate a team of GRC engineers and specialists to maximize their potential and deliver for the business.

Risk Management

• Contribute to the identification and initiation of risk mitigation projects aimed at addressing significant technological risks impacting a business unit, utilizing risk and compliance assessments.
• Facilitate risk identification and discussions within the business unit, encompassing operational risk, product/project risk, and strategic risk.
• Assist Tech Business Unit management in making risk-informed decisions through a comprehensive Risk Dashboard.
• Raise and approve (where necessary) policy exceptions and significant risks through the GSK integrated risk management tool (i.e., ServiceNow).
• Input into, review, and enforce compliance with Tech Policies and Standards as required within the Business Unit.
• Ensure emerging risks are identified and escalated appropriately and in a timely manner.
• Support Product Owners in managing their project risks, ensuring the risk identification process is embedded and operational.
• Ensure awareness of the security incident response process and report any suspected security breaches.
• Partner with other GRC and Security staff to deliver a continuous training and education program to ensure ongoing awareness of new and updated Policies and Standards within their Business Unit.

Governance & Compliance:

• Contribute to the maintenance of the Business Unit's technology delivery and operational frameworks, including activities, deliverables, roles, and responsibilities, ensuring alignment with the Digital Tech Management System (DTMS).
• Lead and facilitate AI/ML governance, risk, and compliance activities.
• Monitor the quality of deliverables and ensure compliance standards are met for products, projects, programs, or operations within your remit. This should follow a risk-based approach and be in alignment with DTMS, risk and compliance assessments, and local Standard Operating Procedures (SOPs).
• Ensure Business Unit activities comply with regulatory requirements and collaborate with Business Quality Groups to support the overall GxP validation or Sarbanes-Oxley (SOX) status of business-facing application systems or services.
• Contribute to keeping the Business Unit updated with regulatory and legal requirements through a proactive knowledge management program.
• Provide control assurance over system change control within the Business Unit.
• Support Tech Product teams in maximizing their velocity by appropriately sizing their governance approach.

Audit Support

• Facilitate and perform 2nd line of defence role in internal audit and assurance within the Tech Business Unit.
• Contribute to ensuring Business Unit is ready to host external inspections from regulatory bodies (i.e., FDA, EMEA, tax authorities) as well as external and internal auditors.
• Support management of overall Business Unit inspection readiness activities and CAPAs in liaison with the business
• Report status on CAPA’s to Business Unit RMCB

Information Policy Formation

• When required, able to work with the GRC GxP lead/Control owners and DTMS team to review and approve the policy, standards, procedures, guidance and training for compliance with relevant legislation and GSK Requirements.
• Support reviews of the information systems for compliance with legislation and specify any required changes within their Business Unit

GRC Consulting

• Aid with various GRC planned or remediation activities, in consultation with BU Tech staff.
• Support the implementation of relevant management monitoring programs in the Business Unit for processes not owned by GRC.

Why You?

Basic Qualifications

We are looking for professionals with the required skills to achieve our goals:

• Overall 15+ years of experience with bachelor’s degree in computer science, Information Technology, Information Security, or related disciplines.
• Over 7 years of experience in Technology Risk Management/Analysis, Control Assurance, Health Care Compliance, and GxP Compliance within the pharmaceutical industry.
• Proficient in AI/ML risk and compliance.
• Capable of providing leadership and motivation to junior team members and direct reports.
• Based at the Bangalore site.

Preferred Qualifications
 

If you have the following characteristics, it would be a plus:

• Master’s degree in computer science, Information Technology, Information Security or associated disciplines.
• Certifications in CISA, CISM, CISSP, CRISC
• Experience with GXP, SOX, Health Care Compliance, Data Governance and Data Privacy Regulations

At GSK we value diversity (Gender, LGBTQ +, PwD etc.) and treat all candidates equally. We aim to create an inclusive workplace where all employees feel engaged, supportive of one another, and know their work makes an important contribution.

#LI-GSK

Why GSK?

Uniting science, technology and talent to get ahead of disease together.

GSK is a global biopharma company with a special purpose – to unite science, technology and talent to get ahead of disease together – so we can positively impact the health of billions of people and deliver stronger, more sustainable shareholder returns – as an organisation where people can thrive. We prevent and treat disease with vaccines, specialty and general medicines. We focus on the science of the immune system and the use of new platform and data technologies, investing in four core therapeutic areas (infectious diseases, HIV, respiratory/ immunology and oncology).

Our success absolutely depends on our people. While getting ahead of disease together is about our ambition for patients and shareholders, it’s also about making GSK a place where people can thrive. We want GSK to be a place where people feel inspired, encouraged and challenged to be the best they can be. A place where they can be themselves – feeling welcome, valued, and included. Where they can keep growing and look after their wellbeing. So, if you share our ambition, join us at this exciting moment in our journey to get Ahead Together.

  
Important notice to Employment businesses/ Agencies

GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.

It has come to our attention that the names of GlaxoSmithKline or GSK or our group companies are being used in connection with bogus job advertisements or through unsolicited emails asking candidates to make some payments for recruitment opportunities and interview. Please be advised that such advertisements and emails are not connected with the GlaxoSmithKline group in any way.

GlaxoSmithKline does not charge any fee whatsoever for recruitment process. Please do not make payments to any individuals / entities in connection with recruitment with any GlaxoSmithKline (or GSK) group company at any worldwide location. Even if they claim that the money is refundable.

If you come across unsolicited email from email addresses not ending in gsk.com or job advertisements which state that you should contact an email address that does not end in “gsk.com”, you should disregard the same and inform us by emailing askus@gsk.com, so that we can confirm to you if the job is genuine.