IT Risk and Compliance Sr Analyst - Híbrido en AstraZeneca

The IT Risk & Compliance Senior Analyst (C4E Partnering and Assurance) will support the oversight and challenge of IT-related risks in business as usual activity, projects and other initiatives. The role will engage in a range of specific risk management tasks across different areas of IT. 

The role is responsible for proactive IT stakeholder and business engagement focussing on our IT Centres for Excellence (C4E), partnering to ensure IT Risk & Compliance processes are adhered to and are aligned with regulatory requirements, customer expectations and IT strategy and meet the needs of AZ. In addition, the role will be responsible for providing assurance against top level IT risks and IT policies and standards.

The role can represent AstraZeneca at external industry forums and bring best practice into AZ.

Typical Accountabilities

• Facilitate the risk management process within IT and the risk register, ensure risks are identified, recorded, appropriately scored, owned and where necessary escalated.
• Run risk workshops for risk identification and disseminate key IT R&C information across the IT risk network.
• Develop and deliver process to provide independent assurance on key risk mitigation activities and help drive mitigation to reduce risk exposure.
• Develop and deliver a portfolio of reviews to provide line 2 assurance over specific IT risks, standards, major programmes and GIA audit areas.
• Provide independent partnering of Group Internal Audit interactions with IT, including audits and risk reviews.

• Contribute to the development, communication, delivery and implementation of the IT Risk & Compliance strategy in line with the overall AstraZeneca business and IT strategies.
• Ensure effective IT Risk & Compliance requirements are defined and embedded in IT processes.
• Contribute to the implementation and communication of data driven risk reporting, leveraging data and metrics to create, track, maintain and disseminate Key Risk Indicators
• Assure IT is compliant throughout its lifecycle with relevant external regulations and company Policies, Standards and Procedures by leading and delivering assurance activities.
• Ensure Policies and Standards are updated and reflect latest external regulatory requirements.
• Using a risk-based approach, drive the identification and implementation of innovative IT Risk & Compliance risk management solutions to address business needs, identifying opportunities for and driving cross functional working to drive improvement, achieve efficiencies and add value.
• Support and training in IT Risk & Compliance management.

Education, Qualifications, and Experience

Essential

• Technical or business degree and/or relevant proven experience
• Technical or business degree and/or relevant proven experience in IT risk management and/or compliance application in large IT organisations
• Experience of operating across functions and geographies in large, complex and sometimes uncertain IT environments
• Excellent consulting and business engagement experience
• Engaging and influencing senior stakeholders
• Experience in delivering audits and/or assurance activities across various IT areas
• Present information to sr leadership, analize information.
• Assurance, evidence, follow up. Engage with IT to understand risk.
• CRISC or equivalent.

Desirable

• Experience in delivering IT Risk & Compliance strategies
• Experience in using data analytics tools  (e.g. PowerBI) and analysing complex data - turning this into meaningful and actionable insights
• Broad IT management experience including project or service management
• Familiarity with technical concepts in infrastructure, applications and security
• Strong working knowledge of industry good practice and standards such as ISO 9000, ISO 27002, CMMI, GAMP, GxP, ITIL, S404 Sarbanes Oxley, NIST
• External qualifications such as ISACA CISA, CRISC or ISPE PCC CPIP
• Experience of the pharmaceutical industry

Skills and Capabilities

Essential

• Strong collaboration and relationship building skills
• Ability to make pragmatic decisions by analysing highly complex situations, assessing risks and balancing strategic and tactical compliance/quality requirements
• Ability to work well in diverse, multinational teams and proven ability to influence others to achieve positive outcomes
• Strong presentation, communication & facilitation skills
• Strong analytical skills
• Able to operate effectively with little supervision
• High levels of drive, energy, resilience and a desire for professional excellence