At Eisai, satisfying unmet medical needs and increasing the benefits healthcare provides to patients, their families, and caregivers is Eisai's human health care (hhc) mission. We're a growing pharmaceutical company that is breaking through in neurology and oncology, with a strong emphasis on research and development. Our history includes the development of many innovative medicines, notably the discovery of the world's most widely-used treatment for Alzheimer's disease. As we continue to expand, we are seeking highly-motivated individuals who want to work in a fast-paced environment and make a difference. If this is your profile, we want to hear from you.The Director, Global IT Governance, Risk & Controls Management Lead is responsible for overseeing the entire portfolio of IT Compliance responsibilities from both the strategic and execution perspectives for Eisai. Reporting directly to the Executive Director, IT Security, Compliance, & Architecture, s/he is the Global IT department's trusted leader and manager who assesses and provides objective risk assessments and guidance regarding Eisai's compliance with regulatory, organizational, and commercial requirements that govern the organization's technology systems and information assets.
Purpose of role:
- Oversee IT compliance initiatives (strategic and execution).
- Assess and guide on compliance with regulatory, organizational, and commercial requirements.
- Define and execute IT compliance processes (data privacy, GxP, JSOX).
- Manage Enterprise IT risks, dependencies, mitigation plans and execution.
- Collaborate globally and regionally to align IT policies, procedures, and controls.
- Develop and implement compliance policies, procedures, and controls.
- Ensure compliance with local, regional, and industry standards.
- Work with non-IT compliance staff (legal, audit, corporate compliance).
- Focus on compliance risks and define, implement and ensure (govern) appropriate controls.
- Develop strategies to manage compliance risk across IT portfolio.
- Communicate with IT business stakeholders on business continuity, governance, and audits.
- Manage global IT Risk Management Procedure and third-party risk assessments.
- Establish IT security risk assessment framework and compliance control framework.
- Oversee global IT compliance training programs.
- Support regional IT Security teams in implementing global security standards.
Key Responsibilities:
- IT Compliance Oversight: Assess and oversee IT compliance responsibilities, providing risk assessments.
- Policy Development: Develop and implement policies, procedures, and controls for compliance.
- Collaboration: Work with non-IT compliance staff to ensure organizational alignment and protection.
- Risk Assessment: Create and periodically assess a global IT compliance risk framework.
- Control Gaps: Identify and manage IT compliance control gaps.
- Monitoring Programs: Develop programs to manage IT compliance-related risks.
- Issue Management: Implement an IT compliance issue tracking and resolution process.
- Reporting: Report IT compliance risk levels and control effectiveness to stakeholders.
- Audit Coordination: Oversee audit readiness and resolution of findings.
- Training Programs: Create and manage IT compliance training and awareness programs.
- Business Continuity: Develop plans to mitigate business interruption risks.
- Change Management: Create a regulatory / non-regulatory change review and change management process.
- Team Leadership: Lead the global teams in the execution of Risk and Compliance initiatives and support professional growth.
- Risk Management: Develop and manage global risk management processes and standards.
- Supplier Security: Oversee the development of global standards and processes for supplier security assessments.
- Compliance Adherence and Assurance: Coordinate, participate and drive internal and external audits.
- Awareness Training: Promote IT compliance awareness training programs.
- Performance Monitoring: Define KPIs and monitor IT compliance metrics.
- Incident Response: Participate in global incident response and privacy/GDPR breach response teams.
- Collaboration on Security Initiatives: Work with global and regional teams on information security and protection, as well as data privacy initiatives.
- This role involves substantial global management across Tokyo, US, EMEA, China ALA regions.
- Degree in Computer Science, Information Systems or Information Systems Management required.
- Minimum of 10 years' experience in an Information Security, IT Governance or Risk and Compliance-based role.
- Experience managing global initiatives and matrixed resources, as well as direct reports.
- Expert knowledge of industry standard frameworks and best practices - ISO 9001:2015, ISO 27001: 2013, ISO 27002: 2013, ISO 27005:2018, ISO 31000, SANS, NIST and their practical application in a corporate environment to ensure all elements of integrity, availability and confidentiality.
- Experience implementing, managing, and maintaining compliance with ISO 27001: 2013 and other information security industry standards and best practices.
- Experience developing, implementing, managing, and maintaining Information Security policies, controls, standards, guidance, processes, procedures and auditing compliance.
- Experience of developing, implementing, managing, and maintaining risk management framework, policies, processes, and procedures.
- Knowledge and experience performing information security due diligence and risk assessments of third-party organizations based on IT control frameworks such as ISO 27001, ISO 31000, COBIT ITGC and NIST.
- Practical experience conducting gap analysis, testing information security processes, procedures, plans and leading audits to achieve compliance with Information Security standards.
- Experience implementing and managing effective ISMS tools and solutions to address Data Encryption, Data Loss Prevention (DLP) and Data Privacy concerns.
- Experience project managing Information Security, Data Protection & Compliance initiatives.
- Experience in developing and executing Information Security awareness training across multi-business units.
- Experience ensuring corporate compliance at the Global and regional level with data protection legislation such as DPA, GDPR and HIPAA.
- Stakeholder management experience at both a technical and non-technical to Executive level.
- Excellent Business/customer-facing experience.
- Strong knowledge of legal, technical and assurance principles relating to information security and global data protection laws or regulations, such as DPA, GDPR, HIPAA, China Cybersecurity Law and regional or local requirements regarding transborder data protection.
- Ability to identify, analyze, understand, and translate Information Security/Data Protection requirements into pragmatic solutions.
- Ability to simultaneously work on a range of compliance related initiatives and activities.
- Strong communication skills (written & verbal in English) including the ability to inform, influence and present at all levels of the organization.
- Excellent attention to detail.
- The job may be based in any of our headquarter offices in: Tokyo, Japan; Nutley, NJ, USA; or Hatfield, UK.
- Open plan office environment, on a hybrid basis.
Qualifications and Experience:- Advanced degree in Technology or Business highly desirable
- Certified Information System Manager (CISM) certification is essential. Additional Certified Information Systems Auditor certification is advantageous.
- ISO 27001:2013 Lead Implementer / Auditor certification.
- Practical experience managing compliance, privacy or security incidents and breaches.
- Experience working with external service providers within an IT Compliance and Risk Management practitioner role.
- Good knowledge of a broad range of IT technology platforms, products, services.
- Ability to assimilate complex information quickly, perform analysis, develop, and articulate appropriate solution/strategy clearly and concisely in both verbal and written format.
- Excellent documentation and reporting skills to meet legislative, regulatory, and corporate requirements.
- Systematic, disciplined, and analytical approach to problem solving.
- Ability to work under pressure in a fast-paced environment with changing business priorities.
- Proven ability to drive change effectively, using a flexible, consultative, and supportive approach.
- Proactive attitude with drive to achieve objectives and individual tasks within agreed deadlines to agreed quality.
- Ability to establish and maintain good working relationships with colleagues, business partners & third-party vendors.
- Proven track record of working both in a team and independently. Good team player and self-starter, ability to work under own initiative.
- Good planning and organizational skills.
Eisai is an equal opportunity employer and as such, is committed in policy and in practice to recruit, hire, train, and promote in all job qualifications without regard to race, color, religion, gender, age, national origin, citizenship status, marital status, sexual orientation, gender identity, disability or veteran status. Similarly, considering the need for reasonable accommodations, Eisai prohibits discrimination against persons because of disability, including disabled veterans.Eisai Inc. participates in E-Verify. E-Verify is an Internet based system operated by the Department of Homeland Security in partnership with the Social Security Administration that allows participating employers to electronically verify the employment eligibility of all new hires in the United States. Please click on the following link for more information:Right To WorkE-Verify Participation