Global [h1.location_city]

Associate Director Of Gts Governance, Risk, & Compliance (Grc)

BeOne continues to grow at a rapid pace with challenging and exciting opportunities for experienced professionals. When considering candidates, we look for scientific and business professionals who are highly motivated, collaborative, and most importantly, share our passionate interest in fighting cancer.

BeOne is seeking an Associate Director of GTS Governance, Risk, & Compliance (GRC) to build, enable and transform its risk management, compliance and security capabilities and resources in North America & LATAM regions. The GTS GRC Associate Director is a critical position within the organization and has GRC responsibilities from a technology and security perspective across the organization. Working closely with the Director of Global GTS GRC, this position will be responsible for building and enhancing the GRC portfolio of efforts to raise the overall security and compliance posture for BeOne. This position will also be directly responsible for implementing, maintaining and improving policies, procedures and internal controls to ensure compliance with applicable regulatory and legal requirements as well as best practices.

The GTS GRC Associate Director will drive and enforce third party risk management through streamlined third-party risk assessments and third party threat intelligence by designing controls and implementing industry best practice processes across the organization.

This role will lead an end-to-end risk management process to drive in-time risk mitigation and resolution within the region. This role will work across multiple frameworks and regulatory standards including, but not limited to SOX, US DoJ Data Rule, GxP, ISO, NIST CSF, and other relevant data security & privacy laws and regulations, etc. This position will liaise with all business groups including but not limited to Finance, Internal Control, Internal Audit, Legal, Compliance, TechOps, R&D, HR, Quality and other stakeholders in NA&LATAM region to implement new solutions and processes as well as document and remediate outstanding issues.

This role will drive the establishment of policy, standards and procedures for specific functional domains as well as regional SOPs under global Information Security Management System. Lead and manage training and awareness enhancement through policy and cyber hygiene training. This role will also be responsible for the implementation and ownership of a GRC system that will be used to further automation of the program.

Essential functions of the job :

• Responsible for implementation of controls to build and enhance the GRC program.
• Responsible for monitoring, remediation, and reporting of controls gaps in the IT and Cybersecurity program areas. Provide management level status update and risk profile dashboards including current and desired future state of control maturity.
• Responsible for leading internal IT, Cybersecurity, and third-party information security risk management activities for various information services systems and processes.
• Collaborate with IT and business stakeholders to understand risks to critical infrastructure by defining potential business impacts.
• Assess, report and mature the compliance posture for internal policies and guidelines as well as regulatory requirements based on frameworks including SOX, US DoJ Data Rule, GxP, ISO, NIST CSF, other relevant oriented data security & privacy laws and regulations, etc.
• Maintain, improve, and enforce BeOne security policies and IT security standards along with security exception processes.
• Effectively engage IT, stakeholders, business partners, and vendors to maintain an understanding of current risks, new systems, and changes to the environment.
• Lead efforts including but not limited to : IT Policy Management, IT Compliance Management, Training & Awareness Management, IT Risk Management and Third Party Security Risk Management.

Education required :

Required qualifications :

Preferred qualifications :

Global Competencies :

Salary Range : $148,200.00 - $198,200.00 annually

BeOne is committed to fair and equitable compensation practices. Actual compensation packages are determined by several factors that are unique to each candidate, including but not limited to job-related skills, depth of experience, certifications, relevant education or training, and specific work location. Packages may vary by location due to differences in the cost of labor. The recruiter can share more about the specific salary range for a preferred location during the hiring process. Please note that the listed range reflects the base salary or hourly range only. Non-Commercial roles are eligible to participate in the annual bonus plan, and Commercial roles are eligible to participate in an incentive compensation plan. All Company employees have the opportunity to own shares of BeOne Medicines Ltd. stock because all employees are eligible for discretionary equity awards and to voluntarily participate in the Employee Stock Purchase Plan. The Company has a comprehensive benefits package that includes Medical, Dental, Vision, 401(k), FSA / HSA, Life Insurance, Paid Time Off, and Wellness.

We are proud to be an equal opportunity employer. BeOne does not discriminate on the basis of race, religion, color, sex, gender identity, sexual orientation, age, disability, national origin, veteran status or any other basis covered by appropriate law. All employment is decided on the basis of qualifications, merit, and business need. In order to ensure reasonable accommodation for individuals protected by Section 503 of the Rehabilitation Act of 1973, the Vietnam Era Veterans' Readjustment Assistance Act of 1974, Title I of the Americans with Disabilities Act of 1990, and any other applicable federal, state or local laws, applicants who require reasonable accommodation in the job application process may contact accommodationsus@beonemed.com.