Director Technology Governance Risk and Compliance
Bengaluru Luxor North Tower, India
GSK
At GSK, we unite science, technology and talent to get ahead of disease togetherReady to help shape the future of healthcare?
GSK is a global biopharma company with a special purpose – to unite science, technology and talent to get ahead of disease together – so we can positively impact the health of billions of people and deliver stronger, more sustainable shareholder returns – as an organization where people can thrive. Getting ahead means preventing disease as well as treating it, and we aim to impact the health of 2.5 billion people around the world over 10 years. Our success absolutely depends on our people. While getting ahead of disease together is about our ambition for patients and shareholders, it’s also about making GSK a place where people can thrive. We want GSK to be a place where people feel inspired, encouraged and challenged to be the best they can be. A place where they can be themselves – feeling welcome, valued and included. Where they can keep growing and look after their wellbeing. So, if you share our ambition, join us at this exciting moment in our journey to get Ahead Together.
Key Responsibilities
As a Director, R&D Tech Governance Risk and Compliance, you will be responsible for providing management and day to day support to the Senior Director for Governance, Risk & Compliance activities across the assigned business unit ensuring that Tech risks & controls from project inception to support within their business unit are identified, prioritized, effectively managed, and monitored. This role should work within the business unit to ensure Tech follows the required internal and external compliance standards and delivers a reduction in the overall risk profile for our customers. The primary responsibility of this position will be supporting R&D Tech. Additionally, this role will serve as the Bangalore site lead and play an active role in managing site-specific activities and HR related processes for GRC staff based in Bangalore GCC office.
This role will provide YOU the opportunity to lead key activities to progress YOUR career. The role encompasses the following responsibilities:
- Risk and Compliance Consultancy on strategic programs
- Facilitate and approve Risk & Compliance Assessments
- Management and monitoring of CAPAs, Risks, Exceptions, ABAC, and Findings
- Contribute to the facilitation of functional Risk Management and Compliance Boards (RMCB)
- Partner with Business Quality Assurance teams for GxP compliance
- Support Internal / External audits – including Audit Readiness activities
- Provide GRC support and oversight during application development and maintenance
- Software Change Management Oversight for GxP regulated applications
- Authorize systems releases
- Lead and motivate team of GRC manager and specialists
Risk Management
- Contribute to identification and initiation of Risk mitigation projects to address significant risks impacting a Business unit, using Risk and Compliance assessments
- Facilitate risk identification and risk discussions within the business unit, both operational risk, product/project and strategic risk
- Assist Tech Business Unit management to make risk informed decisions through a comprehensive Risk Dashboard
- Raise and approve (where necessary) Policy Exceptions and significant Risks through the GSK integrated risk management tool (i.e., Archer).
- Input into, review and enforce compliance within Tech Policies and Standards as required within Business Unit
- Ensure emerging risks are identified and escalated appropriately and in a timely manner
- Support Product owners in the management of their project risks, ensuring risk identification process is embedded and operational
- Ensure awareness of security incident response process and report suspected security breach
- Partner with other GRC and Security staff to deliver a continuous training and education program to ensure ongoing awareness on new and updated Policies and Standards within their Business Unit.
Governance & Compliance:
- Contribute to maintenance of the Business Unit delivery and operational frameworks (Activities, deliverables, roles and responsibilities) and ensure alignment to DTMS
- Monitor deliverable quality, ensure quality standards are being met for products/ projects, programs or operations within their remit, following a risk based approach, according to DTMS, risk and compliance assessments, and local SOPs.
- Contribute to providing Project Quality assurance oversight depending on the specific project risk profile, including specific assurance reviews as requested by stakeholders
- Ensure Business Unit activities align with Regulatory requirements and liaise with Business Quality Groups to contribute to the overall GxP validation status of the business facing application systems or services
- Contribute to ensuring Business Unit is keeping up with regulatory and legal requirements through a pro-active knowledge management program
- Quality assurance over the system change control within the Business Unit
- Supporting Product teams to maximize their velocity by right sizing their governance approach
Audit Support
- Contribute to ensuring Business Unit is ready to host external inspections from regulatory bodies (i.e., FDA, EMEA, tax authorities) as well as external and internal auditors.
- Support management of overall Business Unit inspection readiness activities and CAPAs in liaison with the business
- Report status on CAPA’s to Business Unit RMCB
Information Policy Formation
- Work with the GRC GxP lead/Controls owners and DTMS team to review and approve the policy, standards, procedures, guidance and training for compliance with relevant legislation and GSK Requirements.
- Support reviews of the information systems for compliance with legislation and specifies any required changes within their Business Unit
- Support the GRC Director to implement policies, standards and procedures with aligned Tech Business
GRC Consulting
- Support various GRC planned or remediation activities consulting with BU Tech staff to deliver
- Support implementation of relevant Management monitoring programs in Business Unit for processes not owned by GRC
Bangalore Site Lead
- Represent GRC leadership as the site lead for Bangalore-based staff.
- Sit on Bangalore Global Hub external leadership team to represent the needs of the India based GRC staff and those specifically based at the Bangalore site.
- Ensure Bangalore site HR policies are adhered to (e.g., performance with choice adherence)
- Coordinate GRC team events and leadership site visits
- Support India based staff
Why You?
Basic Qualifications
We are looking for professionals with these required skills to achieve our goals:
- University Degree or relevant experience plus Risk and Compliance or Information Security Certification
- Ability to provide leadership and motivation to direct reports and all other India-based staff.
- Good understanding of Risk and Compliance, Business Continuity and Information Security principles
- Demonstrated experience of leading a large sized team
- Demonstrates an understanding of service definition and process improvement methodologies
- Can demonstrate stakeholder management skills having the ability to drive outcomes & manage expectations
- Good understanding of business area strategic goals, processes and workflow
- Has the ability to make appropriate technical decisions, initiating action to resolve operational issues
- Working location tied to Bangalore site with adherence to Bangalore GCC Performance with Choice requirements.
- 7+ years’ experience in Risk Management/Analysis, Quality Assurance and Compliance – preferably in a pharmaceutical environment
- 18+ years’ professional working experience
Preferred Qualifications
If you have the following characteristics, it would be a plus:
- Industry standard awareness, training, or certification. For example, CRISC, CISM, CISA or CISSP certification
At GSK we value diversity (Gender, LGBTQ +, PwD etc.) and treat all candidates equally. We aim to create an inclusive workplace where all employees feel engaged, supportive of one another, and know their work makes an important contribution.
#LI-GSK
Why GSK?
Uniting science, technology and talent to get ahead of disease together.
GSK is a global biopharma company with a special purpose – to unite science, technology and talent to get ahead of disease together – so we can positively impact the health of billions of people and deliver stronger, more sustainable shareholder returns – as an organisation where people can thrive. We prevent and treat disease with vaccines, specialty and general medicines. We focus on the science of the immune system and the use of new platform and data technologies, investing in four core therapeutic areas (infectious diseases, HIV, respiratory/ immunology and oncology).
Our success absolutely depends on our people. While getting ahead of disease together is about our ambition for patients and shareholders, it’s also about making GSK a place where people can thrive. We want GSK to be a place where people feel inspired, encouraged and challenged to be the best they can be. A place where they can be themselves – feeling welcome, valued, and included. Where they can keep growing and look after their wellbeing. So, if you share our ambition, join us at this exciting moment in our journey to get Ahead Together.
Important notice to Employment businesses/ Agencies
GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.
It has come to our attention that the names of GlaxoSmithKline or GSK or our group companies are being used in connection with bogus job advertisements or through unsolicited emails asking candidates to make some payments for recruitment opportunities and interview. Please be advised that such advertisements and emails are not connected with the GlaxoSmithKline group in any way.
GlaxoSmithKline does not charge any fee whatsoever for recruitment process. Please do not make payments to any individuals / entities in connection with recruitment with any GlaxoSmithKline (or GSK) group company at any worldwide location. Even if they claim that the money is refundable.
If you come across unsolicited email from email addresses not ending in gsk.com or job advertisements which state that you should contact an email address that does not end in “gsk.com”, you should disregard the same and inform us by emailing askus@gsk.com, so that we can confirm to you if the job is genuine.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits CISA CISM CISSP Compliance CRISC Governance Incident response Monitoring R&D Risk management
Perks/benefits: Career development Team events
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.