The IT Risk & Compliance Senior Analyst (C4E Partnering and Assurance) will support the oversight and challenge of IT-related risks in business as usual activity, projects and other initiatives. The role will engage in a range of specific risk management tasks across different areas of IT. 

The role is responsible for proactive IT stakeholder and business engagement focussing on our IT Centres for Excellence (C4E), partnering to ensure IT Risk & Compliance processes are adhered to and are aligned with regulatory requirements, customer expectations and IT strategy and meet the needs of AZ. In addition, the role will be responsible for providing assurance against top level IT risks and IT policies and standards.

The role can represent AstraZeneca at external industry forums and bring best practice into AZ.

Typical Accountabilities

Facilitate the risk management process within IT and the risk register, ensure risks are identified, recorded, appropriately scored, owned and where necessary escalated.Run risk workshops for risk identification and disseminate key IT R&C information across the IT risk network.Develop and deliver process to provide independent assurance on key risk mitigation activities and help drive mitigation to reduce risk exposure.Develop and deliver a portfolio of reviews to provide line 2 assurance over specific IT risks, standards, major programmes and GIA audit areas.Provide independent partnering of Group Internal Audit interactions with IT, including audits and risk reviews.

Contribute to the development, communication, delivery and implementation of the IT Risk & Compliance strategy in line with the overall AstraZeneca business and IT strategies.Ensure effective IT Risk & Compliance requirements are defined and embedded in IT processes.Contribute to the implementation and communication of data driven risk reporting, leveraging data and metrics to create, track, maintain and disseminate Key Risk IndicatorsAssure IT is compliant throughout its lifecycle with relevant external regulations and company Policies, Standards and Procedures by leading and delivering assurance activities.Ensure Policies and Standards are updated and reflect latest external regulatory requirements.Using a risk-based approach, drive the identification and implementation of innovative IT Risk & Compliance risk management solutions to address business needs, identifying opportunities for and driving cross functional working to drive improvement, achieve efficiencies and add value.Support and training in IT Risk & Compliance management.

Education, Qualifications, and Experience

Essential

Technical or business degree and/or relevant proven experience in IT risk management and/or compliance application in large IT organisationsExperience of operating across functions and geographies in large, complex and sometimes uncertain IT environmentsExcellent consulting and business engagement experienceEngaging and influencing senior stakeholdersExperience in delivering audits and/or assurance activities across various IT areasPresent information to sr leadership, analize information.Assurance, evidence, follow up. Engage with IT to understand risk.CRISC or equivalent.

Desirable

Experience in delivering IT Risk & Compliance strategiesExperience in using data analytics tools  (e.g. PowerBI) and analysing complex data - turning this into meaningful and actionable insightsBroad IT management experience including project or service managementFamiliarity with technical concepts in infrastructure, applications and securityStrong working knowledge of industry good practice and standards such as ISO 9000, ISO 27002, CMMI, GAMP, GxP, ITIL, S404 Sarbanes Oxley, NISTExternal qualifications such as ISACA CISA, CRISC or ISPE PCC CPIPExperience of the pharmaceutical industry

Skills and Capabilities

Essential

Strong collaboration and relationship building skillsAbility to make pragmatic decisions by analysing highly complex situations, assessing risks and balancing strategic and tactical compliance/quality requirementsAbility to work well in diverse, multinational teams and proven ability to influence others to achieve positive outcomesStrong presentation, communication & facilitation skillsStrong analytical skillsAble to operate effectively with little supervisionHigh levels of drive, energy, resilience and a desire for professional excellence

*Expectation of working in the office 3 days a week statement
When we put unexpected teams in the same room, we ignite ambitious thinking with the power to inspire life-changing medicines. In-person working give us the platform we need to connect, work at pace and challenge perceptions. That’s why we work, on average, a minimum of three days per week from the office. But that doesn’t mean we’re not flexible. We balance the expectation of being in the office while respecting individual flexibility. Join us in our outstanding and bold world.

AstraZeneca is an equal opportunity employer. AstraZeneca will consider all qualified applicants for employment without discrimination on grounds of disability, sex or sexual orientation, pregnancy or maternity leave status, race or national or ethnic origin, age, religion or belief, gender identity or re-assignment, marital or civil partnership status, protected veteran status (if applicable) or any other characteristic protected by law.*

Date Posted

03-jul-2024

Closing Date

18-sept-2024

AstraZeneca embraces diversity and equality of opportunity.  We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills.  We believe that the more inclusive we are, the better our work will be.  We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics.  We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorization and employment eligibility verification requirements.