This role is office based in Poznan, Poland, and requires 2/3 days a week presence on site.

As the Director of Governance, Risk and Compliance Services, you will be responsible for providing management and day to day support to the assigned business unit ensuring that Tech risks & controls are identified, prioritized, effectively managed, and monitored. You will also be responsible for providing leadership and management of the Disaster Recovery, Software Asset Management, and Internal Controls Assurance services. You will lead ABAC and Sanctions & Export risk control monitoring for GSK Digital & Tech. Additionally, this role will serve as the Poznan site lead and play an active role in managing site-specific activities and HR related processes for GRC staff based in Poznan, Poland.

Key Responsibilities

This role will provide YOU the opportunity to lead key activities to progress YOUR career. The role encompasses the following responsibilities:

• Risk and Compliance Consultancy on strategic programs
• Facilitate and approve Risk and Compliance Assessments
• Support Internal / External audits – including Audit Readiness activities
• Lead Disaster Recovery Service
• Lead Software Asset Management Service
• Lead Internal Controls Assurance Service
• Anti-Bribery & Corruption tech risk control monitoring
• Sanctions & Export tech risk control monitoring
• Act as Poznan Site Lead

Disaster Recovery Service

• DR Service is focused on testing if disaster recovery plans proposed can ensure the disaster recovery (continuity) compliance and recovery readiness of GSK business critical applications.
• Schedule and execute disaster recovery testing.
• Manage the tracking and execution of DR testing in accordance with applicable DR Procedures.
• You will oversee a team of full-time and/or contingent workers dedicated to the service.

Software Asset Management Service

• SAM Service is focused on mitigating and minimizing risk of Digital & Tech license non-compliance to GSK. Support GSK Businesses to make decisions on license models when purchasing new software.
• Collect inventory and licensing data from Product Owners as well as from the Enterprise Software Asset Management tools.
• Reconcile license position based on provided information.
• Reporting of identified risks, communicating with Tech LT members and senior Tech Leaders responsible for key software products. Escalations of non-compliance will be made with the appropriate Tech LT member.
• You will oversee a team of full-time and/or contingent workers dedicated to the service.

Internal Controls Assurance Service (ICA)

• ICA Service is focused on ensuring that Digital & Tech are operating in compliance with applicable Policies, Standards and Procedures (DTMS).
• Proactively identifying and managing risks which could result in service loss, business disruption and reduced customer satisfaction.
• Monitoring key controls and indicators to ensure they are operating as intended.
• Develop and publish monthly ICA KPIs and Metrics to be shared with Tech Senior Leaders.
• Leveraging opportunities for adopting AI, Automation and industry innovation and good practices.
• You will oversee a team of full-time and/or contingent workers dedicated to the service.

Anti-Bribery & Anti-Corruption (ABAC) Tech Risk Control Monitoring Lead

• On behalf of Digital & Tech, ensure ABAC risk is in control with appropriate mitigation plans in place and executed.
• Monitor ABAC reporting by Digital & Tech.
• Track and monitor the compliance with ABAC training for Digital & Tech employees.
• Represent Digital & Tech on the ABAC Centre of Excellence.
• Contribute to the annual GLT Confirmation in certifying that the ABAC risk is being effectively managed by Digital & Tech.

Sanctions & Export tech risk control monitoring lead

• On behalf of Digital & Tech, ensure Sanctions and Exports risk proportionate controls for Tech are in place and are aligned with the requirements of the Sanctions Policy.
• Monitor Sanctions reporting by Digital & Tech.
• Contribute and participate in the Sanctions & Exports Centre of Excellence as the representative for Digital & Tech.

Poznan Site Lead

• Represent GRC leadership as the site lead for Poland-based staff.
• Sit on Poland Global Hub external leadership team to represent the needs of the Poland based GRC staff and those specifically based at the Poznan site.
• Ensure Poland HR policies are adhered to (e.g., performance with choice adherence).
• Coordinate GRC team events and leadership Poznan site visits.
• Must be located at Poznan site and support Poland based staff.

Why you?

Basic Qualifications:

We are looking for professionals with these required skills to achieve our goals:

• University Degree or relevant experience plus Risk and Compliance, Disaster Recovery Planning, Business Continuity or Information Security Certification.
• Ability to provide leadership and motivation to direct reports and all other Poland-based staff.
• Good understanding of Risk and Compliance, Disaster Recovery Planning, Business Continuity and Information Security principles.
• Demonstrated experience of leading a large sized team.
• Demonstrates an understanding of service definition and process improvement methodologies.
• Can demonstrate stakeholder management skills having the ability to drive outcomes & manage expectations.
• Good understanding of business area strategic goals, processes and workflow.
• Has the ability to make appropriate technical decisions, initiating action to resolve operational issues.
• Working location tied to Poznan site with adherence to Poland Performance with Choice requirements.

Preferred Qualifications:

If you have the following characteristics, it would be a plus:

• Industry standard awareness, training, or certification.  For example, CRISC, CISM, CISA or CISSP certification

APPLICATION CLOSING DATE – 15 January 2025

Please take a copy of the Job Description, as this will not be available post closure of the advert. When applying for this role, please use the ‘cover letter’ of the online application or your CV to describe how you meet the competencies for this role. 

Why GSK?

Uniting science, technology and talent to get ahead of disease together.

GSK is a global biopharma company with a special purpose – to unite science, technology and talent to get ahead of disease together – so we can positively impact the health of billions of people and deliver stronger, more sustainable shareholder returns – as an organisation where people can thrive. We prevent and treat disease with vaccines, specialty and general medicines. We focus on the science of the immune system and the use of new platform and data technologies, investing in four core therapeutic areas (infectious diseases, HIV, respiratory/ immunology and oncology).

Our success absolutely depends on our people. While getting ahead of disease together is about our ambition for patients and shareholders, it’s also about making GSK a place where people can thrive. We want GSK to be a place where people feel inspired, encouraged and challenged to be the best they can be. A place where they can be themselves – feeling welcome, valued, and included. Where they can keep growing and look after their wellbeing. So, if you share our ambition, join us at this exciting moment in our journey to get Ahead Together.

GSK is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive equal consideration for employment without regard to race, color, national origin, religion, sex, pregnancy, marital status, sexual orientation, gender identity/expression, age, disability, genetic information, military service, covered/protected veteran status or any other federal, state or local protected class.

Important notice to Employment businesses/ Agencies

GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.

Please note that if you are a US Licensed Healthcare Professional or Healthcare Professional as defined by the laws of the state issuing your license, GSK may be required to capture and report expenses GSK incurs, on your behalf, in the event you are afforded an interview for employment. This capture of applicable transfers of value is necessary to ensure GSK’s compliance to all federal and state US Transparency requirements. For more information, please visit GSK’s Transparency Reporting For the Record site.