Expertise and Competencies to be Successful:
- Experience in IT internal controls, governance frameworks (e.g. ITIL, COBIT, NIST), audit, risk and compliance management, strongly preferable in pharma industry
- Knowledge of GxP, health authority regulations, computer systems validation, infrastructure qualification and ITIL processes
- Self-starter and ability to work independently
- Strong project management and analytical skills
- Strong communication and stakeholder management skills
- The Subject Matter Expert regarding any IT Governance, Risk and Compliance matters within IT
- Support IT assessments, internal and external audit and other assurance work
Governance
- Support development, implementation and maintenance of strong governance framework, risk & compliance processes
- Support implementation of IT Service Management and IT Operations processes according to ITIL/ITSM methodology
- Continuously improve the IT methodologies, standards, and internal control
- Govern and report on findings, track status, and ensure corrective actions are complete and sustainable
- Sustain purpose-driven engagement and effective interaction with Auditors, Regulators, and compliance partners.
Risk and Compliance
- Develop policies and procedures for IT Units that reflects: Legal regulations and legislations (e.g. FDA, RODO, SOX, etc.), standards and Good practices (GxP, GAMP), to ensure IT environment is fully compliant
- Support risk identification & assessments, response & mitigation, control monitoring &reporting
- Gather and evaluate information, including to support Auditors, Regulators, and compliance partners
- Develop and perform tests, to evaluate the design and effectiveness of key controls as is necessary for compliance
- Review test findings, identify control weaknesses, present results, and recommend actions to remediate issues.
- Support Computerized Systems Validation process in projects of implementation of IT solutions
- Support workforce security activities including culture, awareness and training
Other:
- IT infrastructure qualification – create qualification plan and drive retrospective qualification for existing IT infrastructure. Develop an overall strategy, standards, processes or/and procedures describing approach for qualification of newly arrived IT infrastructure components, for both local and cloud-based solutions.
- Support establishing system classification process for computerised systems