Associate Director, Global Technology Solutions, Governance, Risk, amp Compliance, NA amp LATAM

📋 Description

• • Own and evolve the GTS Governance, Risk & Compliance (GRC) program for North America & LATAM, translating global strategy into regional action plans that measurably raise BeOne’s security and compliance posture.
• • Design, implement and continuously improve a comprehensive set of controls covering SOX, US DoJ Data Rule, GxP, ISO 27001, NIST CSF, HIPAA, GDPR and other emerging data-security and privacy regulations—turning complex requirements into practical, auditable processes.
• • Build and automate a centralized GRC system that delivers real-time risk dashboards, exception tracking, policy attestation and evidence management; eliminate manual spreadsheets and email threads while giving executives clear line-of-sight into residual risk.
• • Lead end-to-end third-party risk management: create lightweight yet rigorous assessment playbooks, integrate threat-intelligence feeds, negotiate security addenda and track remediation through closure—protecting BeOne’s ecosystem of CROs, CMOs, cloud vendors and research partners.
• • Partner with Finance, Internal Audit, Legal, Compliance, TechOps, R&D, HR and Quality to embed security-by-design into every new system, acquisition and clinical trial; translate technical risk into business impact so stakeholders prioritize the right controls at the right cost.
• • Establish and maintain regional SOPs, policy suites and standards under BeOne’s global Information Security Management System; ensure version control, annual review cycles and evidence of management approval.
• • Deliver engaging cyber-hygiene and policy-training programs that move culture from “check-the-box” to “security is my job”; measure effectiveness through phishing simulations, knowledge checks and targeted re-training.
• • Provide crisp, executive-level reporting: monthly risk-profile dashboards, quarterly control-maturity heat maps, annual compliance scorecards and ad-hoc briefings for regulators, auditors and the Board.
• • Act as the primary GRC point of escalation for NA & LATAM incident response, ensuring root-cause analysis feeds back into policy and control updates within 30 days.
• • Mentor and coach a distributed team of analysts and specialists; set individual OKRs, conduct quarterly performance reviews and create succession paths that retain top talent in a competitive market.
• • Drive cross-functional projects such as cloud-migration risk assessments, ERP control rationalization, M&A security due-diligence and clinical-system validation—delivering on time, on budget and audit-ready.
• • Champion a risk-based, pragmatic mindset: quantify likelihood and impact, recommend cost-effective mitigations and document risk acceptance decisions with clear business rationale.
• • Stay ahead of the regulatory curve—monitor FDA, EMA, DOJ, SEC and local LATAM agencies for new guidance; brief leadership on strategic implications and required program adjustments.
• • Foster a “one-team” culture across six continents by embodying BeOne’s values: Patients First, Driving Excellence, Bold Ingenuity and Collaborative Spirit.