Senior Manager, IT Governance Risk and Compliance
百济神州(北京)生物科技有限公司
- 公司规模:5000-10000人
- 公司性质:外资(欧美)
- 公司行业:制药/生物工程
职位信息
- 发布日期:2019-09-19
- 工作地点:上海
- 招聘人数:1人
- 工作经验:无工作经验
- 学历要求:招1人
- 语言要求:不限
- 职位类别:其他
职位描述
BeiGene is seeking a (Senior) Manager of GRC to build, enable and transform its risk management, compliance and security capabilities and resources. The GRC Manager is a critical position within the organization and has GRC responsibilities from a technology and security perspective across the organization globally. Working closely with the Director of Global Information Security, this position will be responsible for building and enhancing the GRC portfolio of efforts to raise the overall security and compliance posture for BeiGene. This position will also be directly responsible for implementing, maintaining and improving policies, procedures and internal controls to assure compliance with applicable regulatory and legal requirements as well as best practices.
The GRC Manager will drive risk analysis for internal and external third-party risk assessments by designing controls and implementing industry best practice processes for teams and technologies utilized across the organization. The role will work across multiple frameworks and regulatory standards including, but not limited to, NIST CSF, ISO, GDPR, SOX, etc. This position will liaise with all business groups including but not limited to Finance, Legal, Compliance, Quality and other stakeholders globally to implement new solutions and processes as well as document and remediate outstanding issues. This role will also have responsibility for the implementation and ownership of a GRC system that will be used to further the automation of the program.
-Responsible for leading internal IT, Cybersecurity, and third-party information security risk management activities for various information services systems and processes including IT SOX compliance.
-Responsible for implementation of controls to build and enhance the GRC program.
-Responsible for monitoring, remediation, and reporting of controls gaps in the IT and Cybersecurity program areas. Provide management level status update and risk profile dashboards including current and desired future state of control maturity.
-Collaborate with IT and business stakeholders to understand risks to critical infrastructure by defining potential business impacts.
-Assess, report and mature the compliance posture for internal policies and guidelines as well as regulatory requirements based on frameworks including NIST CSF, ISO, GDPR, SOX, etc.
-Maintain, improve, and enforce BeiGene security policies and IT security standards along with security exception processes.
-Effectively engage IT, stakeholders, business partners, and vendors to maintain an understanding of current risks, new systems, and changes to the environment.
-Lead efforts including but not limited to: Incident Management, Change Management, Identity and Access Management, and Vendor Security Risk Management.
-Conduct and support BeiGene vendor security assessments.
-Support regulatory compliance audits relating to SOX and GxP
职位要求:
-5+ years experience of GRC implementation, processes, and practices
-Experience working with and implementing GRC tools and processes.
-Experience building and developing successful risk management programs.
-Experience with vendor management and conducting third-party risk assessments.
-Experience creating and maintaining security policy, standard, guideline and procedure documents
-Extensive knowledge and experience in security and compliance frameworks such as NIST, ISO, SOX, GxP etc.
-Experience in facilitating and performing third-party vendor risk assessments with the ability to provide guidance on secure design and operation.
-Advanced understanding of information security concepts including: cloud security and compliance, encryption, access controls, intrusion detection and prevention, disaster recovery, network security, security operations, security architect.
-Experience working in a global enterprise environment.
-Preferred: relevant and current industry certification(s): CRISC, CISSP, CISM, CISA
The GRC Manager will drive risk analysis for internal and external third-party risk assessments by designing controls and implementing industry best practice processes for teams and technologies utilized across the organization. The role will work across multiple frameworks and regulatory standards including, but not limited to, NIST CSF, ISO, GDPR, SOX, etc. This position will liaise with all business groups including but not limited to Finance, Legal, Compliance, Quality and other stakeholders globally to implement new solutions and processes as well as document and remediate outstanding issues. This role will also have responsibility for the implementation and ownership of a GRC system that will be used to further the automation of the program.
-Responsible for leading internal IT, Cybersecurity, and third-party information security risk management activities for various information services systems and processes including IT SOX compliance.
-Responsible for implementation of controls to build and enhance the GRC program.
-Responsible for monitoring, remediation, and reporting of controls gaps in the IT and Cybersecurity program areas. Provide management level status update and risk profile dashboards including current and desired future state of control maturity.
-Collaborate with IT and business stakeholders to understand risks to critical infrastructure by defining potential business impacts.
-Assess, report and mature the compliance posture for internal policies and guidelines as well as regulatory requirements based on frameworks including NIST CSF, ISO, GDPR, SOX, etc.
-Maintain, improve, and enforce BeiGene security policies and IT security standards along with security exception processes.
-Effectively engage IT, stakeholders, business partners, and vendors to maintain an understanding of current risks, new systems, and changes to the environment.
-Lead efforts including but not limited to: Incident Management, Change Management, Identity and Access Management, and Vendor Security Risk Management.
-Conduct and support BeiGene vendor security assessments.
-Support regulatory compliance audits relating to SOX and GxP
职位要求:
-5+ years experience of GRC implementation, processes, and practices
-Experience working with and implementing GRC tools and processes.
-Experience building and developing successful risk management programs.
-Experience with vendor management and conducting third-party risk assessments.
-Experience creating and maintaining security policy, standard, guideline and procedure documents
-Extensive knowledge and experience in security and compliance frameworks such as NIST, ISO, SOX, GxP etc.
-Experience in facilitating and performing third-party vendor risk assessments with the ability to provide guidance on secure design and operation.
-Advanced understanding of information security concepts including: cloud security and compliance, encryption, access controls, intrusion detection and prevention, disaster recovery, network security, security operations, security architect.
-Experience working in a global enterprise environment.
-Preferred: relevant and current industry certification(s): CRISC, CISSP, CISM, CISA
职能类别:其他
公司介绍
百济神州是一家立足于科学的全球性生物科技公司,专注于开发创新、可负担的药物,旨在为全球患者改善治疗效果,提高药物可及性。目前公司广泛的药物组合包括40多款临床候选药物。公司通过加强自主研发能力和合作,加速推进多元、创新的药物管线开发。我们致力于在2030年前为全球20多亿人全面改善药物可及性。百济神州在全球五大洲打造了一支超过8,000人的团队。
联系方式
- Email:shan.liu@beigene.com
- 公司地址:昌平区生命科学园 (邮编:102206)