Senior Director WBA IT Governance Risk & ComplianceJob ID 370870BR Location 304 WILMOT RD , DEERFIELD, IL
Walgreens has always excelled at innovating, whether it was inventing the world’s first chocolate malt or revolutionizing pharmacies with drive-through service and satellite technology. Today, innovative ideas are no longer “icing on the cake” – they’re critical to the success of our business. Which is why, at Walgreens, we have developed a culture and strategic IT framework to ensure that we are winning with our people, operating efficiently, leading in innovation, delivering solid results and establishing a truly global presence.
Our employees know what it takes to stay ahead of current trends and help patients be well every day. The following attributes are critical to your success in this role. Additional, related traits are also listed below.
- Results Driven
- Detail Oriented
- Problem Solver
- Technologically Savvy
Walgreens is a trusted wellness provider with care being at the heart of our business. From our retail stores to our distribution centers and our support center to our pharmacies, our team members have an opportunity to excel in their careers in a welcoming and inclusive environment.
IT CAREERS OVERVIEW
Get your career to the cutting edge of healthcare. Learn more about IT careers at Walgreens.Learn More
“Our team members, which are pharmacy techs and pharmacists need our system to be able to fill prescriptions for patients. So we know we’ve done a good job when that system is working well and they can get that patient back out the door quickly.”– Suzzette, Senior Director, Information Technology: Store Systems-Pharmacy Delivery
Walgreens to implement voice-powered AI technology in storesLearn more
Paid Time Off
Reporting directly to the WBA Global Chief Information Officer, the Senior Director, WBA Digital Responsibility & IT Governance Risk and Compliance (ITGRC) oversees the management and coordination of all IT governance, risk and compliance activities across WBA, with an emphasis on collaboration with the WBA digital initiatives. Accountable for implementing, facilitating, and improving governance mechanisms over IT Policy, IT Risk and IT Compliance matters across the global enterprise. Sets IT compliance and control requirements via global IT policies and implements strategies to verify policy compliance. This role has a dotted reporting line to the Senior Director, Enterprise Risk Management to ensure that all relevant IT GRC processes are aligned with the WBA Governance, Risk & Compliance standards. Defines and maintains frameworks and processes to facilitate the identification, assessment, escalation, and management of risk across IT, with business executives, and to the Company’s Board of Directors. Maintains IT compliance programs and technology and defines the strategy and approach to help ensure compliance with IT-related legal and regulatory requirements, Health Information Portability and Accountability Act (HIPAA), and Payment Card Industry Data Security Standards (PCI-DSS). The incumbent will serve as the IT GRC representative in the relevant IT leadership forums.
- Build and maintain a central IT control framework mapped to industry best practices and regulatory requirements that defines the key IT controls that are performed across IT globally.
- Conduct ongoing control assessments to validate compliance with policy, controls framework, and compliance with regulations and standards.
- Work with the Senior Director, Enterprise Risk Management to align on the strategic roadmap, implementation, and ongoing maintenance of Archer, the enterprise Governance Risk and Compliance platform.
- Work with IT leadership to ensure the appropriate ITGRC engagement in major system implementations or modifications and consult with the governance and project teams to help ensure they are properly understood, implemented and that any risks are reported.
- Produces regular reporting for ITGRC activities for all divisions across the company.
- Establishes, maintains, and promotes awareness of all IT policies for the Company
- Maintains methodologies and frameworks to help facilitate the identification and assessment of IT risk across the divisions in order to help prioritize the top risks to the Company.
- Accountable for implementing, facilitating, and improving governance mechanisms over IT Security, IT Risk and IT Compliance matters across all facets of the global enterprise.
- In partnership with Enterprise Risk Management, develops and maintains frameworks and processes to identify, assess, manage and report on all aspects of IT risk, including oversight of project/program risk, disaster recovery and business continuity planning, and asset classifications, ensuring consistencies with WBA standards.
- Coordinates the WBA Data Security Event Plan process, including coordination of call and communications and active engagement in all relevant events
- Serves as the liaison between Internal Audit and the IT Organization to assist coordinate audits, reviewing scope, reviewing reports and assisting in determine appropriate and relevant agreed actions.
- Partners with Insurable Risk to ensure that appropriate information and documentation is provided for the cyber insurance renewal process.
- Cultivates and maintains relationships with the company’s senior leadership and business personnel. Builds the trust and confidence needed to effectively deal with highly sensitive issues and situations.
- Oversees and directs the work of ITGRC team members, obtaining the appropriate resources to meet operating plans. Develops and mentors staff, and drives and manages performance.
- Plans, develops, manages and has full budgetary responsibility for all departmental expense and capital budgets, including management budget, unified management systems, and 3rd party contractors.
- Works with supporting functions (e.g. finance) to establish and implement the right supporting tools and processes to optimize delivery of services and projects
- A Bachelor’s degree and at least 8 years of experience in IT security, policy risk and/or compliance OR a High School Diploma/GED and at least 11 years of experience in IT security, policy risk and/or compliance.
- At least 8 years of experience in digitalization and/or cloud migration
- At least 8 years of experience working in IT or similar function at a senior level.
- Experience collaborating with internal and external resources to develop strategies that meet department goals within budget and established timelines and working with all facets of IT infrastructure and IT operations.
- Change management experience though process engineering and leading large-scale IT change / transformation programs
- Stakeholder management experience in a large matrix organization
- Experience managing teams of employees and contractors across wide geographies
- International business experience
- Fluent in English
- Experience with IT process, risk and control frameworks, such as COBIT, ISO 27001, NIST, ITIL, Risk IT, etc.
- At least 5 years of experience planning, developing, and managing departmental expense and capital budgets.
- At least 5 years of experience directly managing people, including hiring, developing, motivating, and directing people as they work
- Willing to travel up to 30% of the time for business purposes.
- Graduate OR Post Graduate degree
- At least 12 years of relevant experience in information technology with relevant experience in digitalization and/or cloud migration
- At least 10 years of experience working in IT or similar function at a senior level
- CISA (Certified Information Systems Auditor) OR CRISC (Certified in Risk and Information System Control) OR CGEIT (Certified in Governance of Enterprise IT) as granted by ISACA
- Knowledge of at least one other European language other than English
- Experience working and/or living in at least two countries
No saved jobs