CambridgeRecruiter Since 2001
the smart solution for Cambridge jobs

Senior Manager, Governance, Risk & Compliance (GRC)

Company: BeiGene, Ltd.
Location: Cambridge
Posted on: November 23, 2022

Job Description:

BeiGene continues to grow at a rapid pace with challenging and exciting opportunities for experienced professionals. When considering candidates, we look for scientific and business professionals who are highly motivated, collaborative, and most importantly, share our passionate interest in fighting cancer.General Description: BeiGene is seeking a Senior Manager of IT GRC to build, enable and transform its risk management, compliance and security capabilities and resources in NA&LATAM region. The IT GRC Senior Manager is a critical position within the organization and has GRC responsibilities from a technology and security perspective across the organization. Working closely with the Associate Director of Global IT GRC, this position will be responsible for building and enhancing the GRC portfolio of efforts to raise the overall security and compliance posture for BeiGene. This position will also be directly responsible for implementing, maintaining and improving policies, procedures and internal controls to assure compliance with applicable regulatory and legal requirements as well as best practices.The IT GRC Senior Manager will drive risk analysis for internal and external third-party risk assessments by designing controls and implementing industry best practice processes for teams and technologies utilized across the organization. The role will work across multiple frameworks and regulatory standards including, but not limited to SOX, GxP, ISO, NIST CSF, and other relevant data security & privacy laws and regulations, etc. This position will liaise with all business groups including but not limited to Finance, Legal, Compliance, Clinical, Quality and other stakeholders in NA&LATAM region to implement new solutions and processes as well as document and remediate outstanding issues. This role will also have responsibility for the implementation and ownership of a GRC system that will be used to further the automation of the program.Essential Functions of the job:

  • Responsible for leading internal IT, Cybersecurity, and third-party information security risk management activities for various information services systems and processes including IT SOX and GxP compliance.
  • Responsible for implementation of controls to build and enhance the GRC program.
  • Responsible for monitoring, remediation, and reporting of controls gaps in the IT and Cybersecurity program areas. Provide management level status update and risk profile dashboards including current and desired future state of control maturity.
  • Collaborate with IT and business stakeholders to understand risks to critical infrastructure by defining potential business impacts.
  • Assess, report and mature the compliance posture for internal policies and guidelines as well as regulatory requirements based on frameworks including ISO, NIST CSF, other relevant oriented data security & privacy laws and regulations, etc.
  • Maintain, improve, and enforce BeiGene security policies and IT security standards along with security exception processes.
  • Effectively engage IT, stakeholders, business partners, and vendors to maintain an understanding of current risks, new systems, and changes to the environment.
  • Lead efforts including but not limited to: Policy Management, IT Compliance Management, Training & Awareness Management, IT Risk Management and Vendor Security Risk Management..
  • Support regulatory compliance audits relating to SOX and GxP.Qualifications:
    • 8+ years experience of GRC implementation, processes, and practices
    • Experience working with and implementing GRC tools and processes.
    • Experience building and developing successful risk management programs.
    • Experience with vendor management and conducting third-party risk assessments.
    • Experience creating and maintaining security policy, standard, guideline and procedure documents
    • Extensive knowledge and experience in security and compliance frameworks such as NIST, ISO, etc.Preferred:
      • Experience leading regulatory compliance, such as GxP, SOX
      • Experience in facilitating and performing third-party vendor risk assessments with the ability to provide guidance on secure design and operation.
      • Advanced understanding of information security concepts including: cloud security and compliance, encryption, access controls, intrusion detection and prevention, disaster recovery, network security, security operations, security architect.
      • Experience working in a global enterprise environment.
      • Relevant and current industry certification(s): CRISC, CISSP, CISM, CISASupervisory Responsibilities: -
        • Oversees and manages the NA&LATAM IT GRC functionEducation Required: Bachelor's Degree or equivalent experienceCompetencies:Ethics - Treats people with respect; Inspires the trust of others; Works with integrity and ethically; Upholds organizational values.Planning/Organizing - Prioritizes and plans work activities; Uses time efficiently. - Completes administrative tasks correctly and on time. - Follows instructions and responds to management direction.Communication - Listens and gets clarification; Responds well to questions; Speaks clearly and persuasively in positive or negative situations. - Writes clearly and informatively. - Able to read and interpret written information.Teamwork - Balances team and individual responsibilities; Gives and welcomes feedback; Contributes to building a positive team spirit; Puts success of team above own interests; Supports everyone's efforts to succeed. - Contributes to building a positive team spirit; Shares expertise with others.Adaptability - Able to adapt to changes in the work environment. - Manages competing demands. - Changes approach or method to best fit the situation. - Able to deal with frequent change, delays, or unexpected events.Technical Skills - Assesses own strengths and development areas; Pursues training and opportunities for growth; Strives to continuously build knowledge and skills; Shares expertise with others.Dependability - Follows instructions, responds to management direction; Takes responsibility for own actions; Keeps commitments; Commits to long hours of work when necessary to reach goals; Completes tasks on time or notifies appropriate person with an alternate plan.Quality - Demonstrates accuracy and thoroughness; Looks for ways to improve and promote quality; Applies feedback to improve performance; Monitors own work to ensure quality.Analytical - Synthesizes complex or diverse information; Collects and researches data; Uses intuition and experience to complement data.Problem Solving - Identifies and resolves problems in a timely manner; Gathers and analyzes information skillfully.Project Management - Communicates changes and progress; Completes projects on time and budget.We are proud to be an equal opportunity employer and we value diversity. BeiGene does not discriminate on the basis of race, religion, color, sex, gender identity, sexual orientation, age, disability, national origin, veteran status or any other basis covered by appropriate law. All employment is decided on the basis of qualifications, merit, and business need.

Keywords: BeiGene, Ltd., Cambridge , Senior Manager, Governance, Risk & Compliance (GRC), Executive , Cambridge, Massachusetts

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category
within


Log In or Create An Account

Get the latest Massachusetts jobs by following @recnetMA on Twitter!

Cambridge RSS job feeds