Associate Director, Global Technology Solutions, Governance, Risk, & Compliance, NA & LATAM

BeOne continues to grow at a rapid pace with challenging and exciting opportunities for experienced professionals. When considering candidates, we look for scientific and business professionals who are highly motivated, collaborative, and most importantly, share our passionate interest in fighting cancer.

General Description:

BeOne is seeking an Associate Director of GTS Governance, Risk, & Compliance (GRC) to build, enable and transform its risk management, compliance and security capabilities and resources in North America & LATAM regions. The GTS GRC Associate Director is a critical position within the organization and has GRC responsibilities from a technology and security perspective across the organization. Working closely with the Director of Global GTS GRC, this position will be responsible for building and enhancing the GRC portfolio of efforts to raise the overall security and compliance posture for BeOne. This position will also be directly responsible for implementing, maintaining and improving policies, procedures and internal controls to ensure compliance with applicable regulatory and legal requirements as well as best practices.

The GTS GRC Associate Director will drive and enforce third party risk management through streamlined third-party risk assessments and third party threat intelligence by designing controls and implementing industry best practice processes across the organization.

This role will lead an end-to-end risk management process to drive in-time risk mitigation and resolution within the region. This role will work across multiple frameworks and regulatory standards including, but not limited to SOX, US DoJ Data Rule, GxP, ISO, NIST CSF, and other relevant data security & privacy laws and regulations, etc. This position will liaise with all business groups including but not limited to Finance, Internal Control, Internal Audit, Legal, Compliance, TechOps, R&D, HR, Quality and other stakeholders in NA&LATAM region to implement new solutions and processes as well as document and remediate outstanding issues.

This role will drive the establishment of policy, standards and procedures for specific functional domains as well as regional SOPs under global Information Security Management System. Lead and manage training and awareness enhancement through policy and cyber hygiene training. This role will also be responsible for the implementation and ownership of a GRC system that will be used to further automation of the program.

Essential Functions of the job:

• Responsible for implementation of controls to build and enhance the GRC program.
• Responsible for monitoring, remediation, and reporting of controls gaps in the IT and Cybersecurity program areas. Provide management level status update and risk profile dashboards including current and desired future state of control maturity.
• Responsible for leading internal IT, Cybersecurity, and third-party information security risk management activities for various information services systems and processes.
• Collaborate with IT and business stakeholders to understand risks to critical infrastructure by defining potential business impacts.
• Assess, report and mature the compliance posture for internal policies and guidelines as well as regulatory requirements based on frameworks including SOX, US DoJ Data Rule, GxP, ISO, NIST CSF, other relevant oriented data security & privacy laws and regulations, etc.
• Maintain, improve, and enforce BeOne security policies and IT security standards along with security exception processes.
• Effectively engage IT, stakeholders, business partners, and vendors to maintain an understanding of current risks, new systems, and changes to the environment.
• Lead efforts including but not limited to: IT Policy Management, IT Compliance Management, Training & Awareness Management, IT Risk Management and Third Party Security Risk Management.

Education Required:

• Bachelor’s Degree or equivalent experience

Required Qualifications:

• Bachelors Degree with 8+ years’ experience of GRC implementation, processes, and practices.
• Experience working with and implementing GRC tools and processes.
• Experience building and developing successful risk management programs.
• Experience with third party risk management and conducting third-party risk assessments.
• Experience in creating and maintaining security policy, standard, guideline and procedure documents
• Experience leading GRC functions and playing role of people manager with effective people coaching capabilities.
• Extensive knowledge and experience in security and compliance frameworks such as SOX, US DoJ Data Rule, GxP, NIST, ISO, etc.

Preferred Qualifications:

• Strong leadership, accountability and ownership of responsibilities
• Strong soft skills of communication with different business functions and stakeholder functions (e.g. Internal Audit, Internal Control, Legal & Compliance, External Audit, etc).
• Strong experience leading regulatory compliance effort for SOX, US DoJ Data Rule.
• Experience in facilitating and performing third-party vendor risk assessments with the ability to provide guidance on secure design and operation.
• Advanced understanding of information security concepts including: cloud security and compliance, encryption, access controls, intrusion detection and prevention, disaster recovery, network security, security operations, security architect.
• Experience working in a global enterprise environment.
• Relevant and current industry certification(s): CRISC, CISSP, CISM, CISA

Global Competencies

When we exhibit our values of Patients First, Driving Excellence, Bold Ingenuity and Collaborative Spirit, through our twelve global competencies below, we help get more affordable medicines to more patients around the world.

• Fosters Teamwork
• Provides and Solicits Honest and Actionable Feedback
• Self-Awareness
• Acts Inclusively
• Demonstrates Initiative
• Entrepreneurial Mindset
• Continuous Learning
• Embraces Change
• Results-Oriented
• Analytical Thinking/Data Analysis
• Financial Excellence
• Communicates with Clarity

BeOne is committed to fair and equitable compensation practices. Actual compensation packages are determined by several factors that are unique to each candidate, including but not limited to job-related skills, depth of experience, certifications, relevant education or training, and specific work location. Packages may vary by location due to differences in the cost of labor. The recruiter can share more about the specific salary range for a preferred location during the hiring process.  Please note that the listed range reflects the base salary or hourly range only. Non-Commercial roles are eligible to participate in the annual bonus plan, and Commercial roles are eligible to participate in an incentive compensation plan. All Company employees have the opportunity to own shares of BeOne Medicines Ltd. stock because all employees are eligible for discretionary equity awards and to voluntarily participate in the Employee Stock Purchase Plan. The Company has a comprehensive benefits package that includes Medical, Dental, Vision, 401(k), FSA/HSA, Life Insurance, Paid Time Off, and Wellness.

We are proud to be an equal opportunity employer. BeOne does not discriminate on the basis of race, religion, color, sex, gender identity, sexual orientation, age, disability, national origin, veteran status or any other basis covered by appropriate law. All employment is decided on the basis of qualifications, merit, and business need. In order to ensure reasonable accommodation for individuals protected by Section 503 of the Rehabilitation Act of 1973, the Vietnam Era Veterans’ Readjustment Assistance Act of 1974, Title I of the Americans with Disabilities Act of 1990, and any other applicable federal, state or local laws, applicants who require reasonable accommodation in the job application process may contact [email protected].