Senior Manager - IT Risk Management - Governance/Risk & Compliance - Healthcare

IT Risk Management- GRC SR Manager

- The role is responsible for providing management and day to day support to the TSR - GRC Director for Governance, Risk & Compliance activities across the assigned business unit ensuring that Tech risks & controls from project inception to support within their business unit are identified, prioritized, effectively managed, and monitored. Additionally this role should work within the business unit to ensure Tech follows the required internal and external compliance standards and delivers a reduction in the overall risk profile for our customers

- The role may or may not have a number of TSR GRC Managers or TSR GRC Specialists reporting into it, as well as multiple matrix relationships across Tech, other business functions and the external supplier base.

- This role description forms a generic outline of the TSR GRC Manager role. Particular roles could encompass some, but not all elements and may focus on particular areas, eg, Programme rather than Operations. The TSR GRC Manager may support one or more Tech Business Units

The role encompasses the following 5 responsibillities :

- Risk Management

- Quality & Compliance (including Operations, Programme/Product and Project support)

- IBM/MM monitoring

- Audit Support

- Information Policy Formation

- GRC Consulting

Note : This Job Definition is generic and applicable for all TSR GRC Managers providing services in Programmes/Products, Projects and Business as usual to Technology teams.

Risk Management :

- Contribute to identification and initiation of Risk mitigation projects to address significant risks impacting a Business unit, using Smart Controls assessments

- Facilitate risk identification and risk discussions within the business unit, both operational risk, product/project and strategic risk

- Assist Tech Business Unit management to make risk informed decisions through a comprehensive Risk Dashboard

- Raise and approve(where necessary) Policy Exceptions and significant Risks through RMS/Archer

- Input into, review and enforce compliance within Tech Policies and Standards as required within Business Unit

- Ensure emerging risks are identified and escalated appropriately and in a timely manner

- Perform GRC requirements within third party framework

- Support Product owners in the management of their project risks, ensuring risk identification process is embedded and operational

- Ensure awareness of Computer Security Incident Response (CSIR) process and report suspected security breach

- Partner with other TSR GRC and Security staff to deliver a continuous training and education programme to ensure ongoing awareness on new and updated Policies and Standards within their Business Unit.

Governance Risk & Compliance :

- Contribute to maintenance of the Business Unit delivery and operational frameworks (Activities, deliverables, roles and responsibilties) and ensure alignment to ITMS

- Monitor deliverable quality, ensure quality standards are being met for products/ projects, programmes or operations within their remit, following a risk based approach, according to ITMS, Smart Controls assessments, local SOPs and projects PQPs

- Contribute to providing Project Quality assurance oversight depending on the specific project risk profile, including specific assurance reviews as requested by stakeholders

- Ensure Business Unit activities align with Regulatory requirements and liaise with Business Quality Groups to contribute to the overall GxP validation or Sox status of the business facing application systems or services

- Contribute to ensuring Business Unit is keeping up with regulatory and legal requirements through a pro-active knowledge management programme

- Contribute to ensuring Sarbanes-Oxley compliance of Business Unit systems and applicable processes

- Quality assurance over the system change control within the Business Unit

- Supporting Product teams to maximise their velocity by right sizing their governance approach

Management Monitoring/Independent Business monitoring (MM/IBM)

- Execute relevant self-inspection programmes within remit through Management monitoring and Independent Business monitoring where required

- Support implementation of relevant Management monitoring programmes in Business Unit for processes not owned by TSR GRC

- Partner with other TSR GRC staff to design a management monitoring and independent business controls monitoring schedule. Work with TSR IBM team to Plan, execute, report agreed IBM controls monitoring, including controls in-scope for Sarbanes-Oxley, independently from Process owners

- Provide interpretation and results updates at Business Unit RMCB

Audit Support :

- Contribute to ensuring Business Unit is ready to host external inspections from regulatory bodies (FDA, EMEA, tax authorities, external (Deloitte) and internal auditors (A&A, GCV,CSQA))

- Support management of overall Business Unit inspection readiness activities and CAPAs in liaison with the business

- Report status on CAPA's to Business Unit RMCB

Information Policy Formation :

- Work with the TSR GRC GxP lead/Controls owners and ITMS team to review and approve the policy, standards, procedures, guidance and training for compliance with relevant legislation and GSK Requirements.

- Support reviews of the information systems for compliance with legislation and specifies any required changes within their Business Unit

- Support the TSR GRC Director to implement policies, standards and procedures with aligned Tech Business

GRC Consulting : Support various GRC planned or remedation activities consulting with Tech BU staff to deliver