Grc Analyst

Bausch & Lomb Poland is part of the international pharmaceutical company Bausch + Lomb, which is considered to be one best well known and respected ophthalmic brands in the world. We offer a wide range of eye care products, including contact lenses and lens care products, medications, intraocular lenses, and other eye surgery products.

Using the latest technologies and materials, the company is dedicated exclusively to protecting and enhancing the gift of sight for millions of people around the world - from birth to every stage of life.

Our innovative products help ophthalmologists around the world solve difficult vision problems of patients to help people see better and live better.

Primary Responsibilities

Provide comprehensive support to the organization’s IT Governance, Risk Management & Compliance (GRC) program.

Lead and facilitate Change Control and Change Advisory Board (CAB) review meetings.

Review IT Change Requests from validation to closure to ensure changes are processed as defined in organizational IT change management (CM) standard operating procedures (SOP).

Identify areas of improvement in CM SOPs and update as required aligned to organizational policies.

Support coordination of internal/external audits with IT process owners and other key stakeholders, including facilitating evidence collection and other requests from audit teams (ex., IT SOX, SSAE 18 (SOC), GDPR, and HIPAA)

Manage IT compliance activities, including testing of IT controls.

Facilitating requests and addressing issues raised by the internal/external auditors

Work with the various functional departments to implement control improvement plans for any gaps identified, changes in process, and compliance requirements.

Maintain IT compliance across the organization by providing the expertise in implementing and defending appropriate controls applicable to compliance requirements, including SOX, CCPA, PII, PCI, HIPPA, and GDPR.

Ensure and monitor effective implementations of policies and procedures

Identify improvement opportunities and provide recommendations to mature existing IT processes and controls further to align with best practices, including automation and optimization.

Prepare ongoing reports with metrics/key performance indicators related to compliance activities, remediation plans, and other compliance efforts and present them to IT and executive management.

Assist in designing continuous controls monitoring program utilizing GRC solution, dashboards, analytics, automation, and other supporting tools.

Assist in educating and training individuals across the organization, including change and process owners, related to compliance concepts, requirements, and responsibilities and establish awareness regarding the role of the overall compliance function.

Other duties as assigned.

Education and Experience

Bachelor’s or master’s degree in Computer Science, Information Technology, Information Security or similar.

3-5 years of progressive experience, ideally within the Life Sciences industry in one or more of the following areas: IT Compliance, IT Audit, and IT Risk Management

Understanding of network environments, hardware, databases, servers, and firewall rules

Familiar with Kintana, ServiceNow and other GRC tools (preferred)

Knowledge and experience with regulatory frameworks and compliance standards such as SOX, SSAE 18 (SOC), COBIT, NIST, ISO, HIPAA, Cloud Security standards, etc.

Experience with performing technical risk assessments, analyzing risk, and providing recommendations on risk mitigation strategies as it pertains to IT Risk Management and Compliance

Experience with the monitoring and evaluation of technology processes and controls, including design and operating effectiveness testing and reporting on results and recommendations

Experience with creating and maintaining high-quality documentation related to IT processes, including flow charts and data flow diagrams preferred

One or more of the following professional designations preferred: CISA, CISSP, CRISC

Additional Requirements

Ability to adjust the interpersonal approach to individuals and situations as needed to work with others effectively

Leadership and organizational skills with demonstrated ability to complete assignments timely and effectively

Persistence and the ability to discover and eliminate complexity and ambiguity in change control processes

Ability to grasp sophisticated technical concepts and can quickly learn about new technologies and solutions to identify potential weaknesses and risks

Able to develop assessment plans for new technologies and processes without previous guidance or templates

Maintain and develop relationships within the organization and team