Reporting directly to the WBA Global Chief Information Officer, the Senior Director, WBA Digital Responsibility & IT Governance Risk and Compliance (ITGRC) oversees the management and coordination of all IT governance, risk and compliance activities across WBA, with an emphasis on collaboration with the WBA digital initiatives. Accountable for implementing, facilitating, and improving governance mechanisms over IT Policy, IT Risk and IT Compliance matters across the global enterprise. Sets IT compliance and control requirements via global IT policies and implements strategies to verify policy compliance. This role has a dotted reporting line to the Senior Director, Enterprise Risk Management to ensure that all relevant IT GRC processes are aligned with the WBA Governance, Risk & Compliance standards. Defines and maintains frameworks and processes to facilitate the identification, assessment, escalation, and management of risk across IT, with business executives, and to the Company’s Board of Directors. Maintains IT compliance programs and technology and defines the strategy and approach to help ensure compliance with IT-related legal and regulatory requirements, Health Information Portability and Accountability Act (HIPAA), and Payment Card Industry Data Security Standards (PCI-DSS). The incumbent will serve as the IT GRC representative in the relevant IT leadership forums.
- Build and maintain a central IT control framework mapped to industry best practices and regulatory requirements that defines the key IT controls that are performed across IT globally.
- Conduct ongoing control assessments to validate compliance with policy, controls framework, and compliance with regulations and standards.
- Work with the Senior Director, Enterprise Risk Management to align on the strategic roadmap, implementation, and ongoing maintenance of Archer, the enterprise Governance Risk and Compliance platform.
- Work with IT leadership to ensure the appropriate ITGRC engagement in major system implementations or modifications and consult with the governance and project teams to help ensure they are properly understood, implemented and that any risks are reported.
- Produces regular reporting for ITGRC activities for all divisions across the company.
- Establishes, maintains, and promotes awareness of all IT policies for the Company
- Maintains methodologies and frameworks to help facilitate the identification and assessment of IT risk across the divisions in order to help prioritize the top risks to the Company.
- Accountable for implementing, facilitating, and improving governance mechanisms over IT Security, IT Risk and IT Compliance matters across all facets of the global enterprise.
- In partnership with Enterprise Risk Management, develops and maintains frameworks and processes to identify, assess, manage and report on all aspects of IT risk, including oversight of project/program risk, disaster recovery and business continuity planning, and asset classifications, ensuring consistencies with WBA standards.
- Coordinates the WBA Data Security Event Plan process, including coordination of call and communications and active engagement in all relevant events
- Serves as the liaison between Internal Audit and the IT Organization to assist coordinate audits, reviewing scope, reviewing reports and assisting in determine appropriate and relevant agreed actions.
- Partners with Insurable Risk to ensure that appropriate information and documentation is provided for the cyber insurance renewal process.
- Cultivates and maintains relationships with the company’s senior leadership and business personnel. Builds the trust and confidence needed to effectively deal with highly sensitive issues and situations.
- Oversees and directs the work of ITGRC team members, obtaining the appropriate resources to meet operating plans. Develops and mentors staff, and drives and manages performance.
- Plans, develops, manages and has full budgetary responsibility for all departmental expense and capital budgets, including management budget, unified management systems, and 3rd party contractors.
- Works with supporting functions (e.g. finance) to establish and implement the right supporting tools and processes to optimize delivery of services and projects
Walgreens (walgreens.com), one of the nation's largest drugstore chains, is included in the Retail Pharmacy USA Division of Walgreens Boots Alliance, Inc. (Nasdaq: WBA), a global leader in retail and wholesale pharmacy. Walgreens is proud to be a neighborhood health, beauty and retail destination supporting communities across the country, and was named to FORTUNE* magazine’s 2019 Companies that Change the World list. Approximately 8 million customers interact with Walgreens in stores and online each day. As of August 31, 2019, Walgreens operates 9,277 drugstores with a presence in all 50 states, the District of Columbia, Puerto Rico and the U.S. Virgin Islands, along with its omnichannel business, Walgreens.com. Walgreens also provides specialty pharmacy and mail services and offers in-store clinics and other health care services throughout the United States, most of which are operated by our health care strategic partners.
- A Bachelor’s degree and at least 8 years of experience in IT security, policy risk and/or compliance OR a High School Diploma/GED and at least 11 years of experience in IT security, policy risk and/or compliance.
- At least 8 years of experience in digitalization and/or cloud migration
- At least 8 years of experience working in IT or similar function at a senior level.
- Experience collaborating with internal and external resources to develop strategies that meet department goals within budget and established timelines and working with all facets of IT infrastructure and IT operations.
- Change management experience though process engineering and leading large-scale IT change / transformation programs
- Stakeholder management experience in a large matrix organization
- Experience managing teams of employees and contractors across wide geographies
- International business experience
- Fluent in English
- Experience with IT process, risk and control frameworks, such as COBIT, ISO 27001, NIST, ITIL, Risk IT, etc.
- At least 5 years of experience planning, developing, and managing departmental expense and capital budgets.
- At least 5 years of experience directly managing people, including hiring, developing, motivating, and directing people as they work
- Willing to travel up to 30% of the time for business purposes.
- Graduate OR Post Graduate degree
- At least 12 years of relevant experience in information technology with relevant experience in digitalization and/or cloud migration
- At least 10 years of experience working in IT or similar function at a senior level
- CISA (Certified Information Systems Auditor) OR CRISC (Certified in Risk and Information System Control) OR CGEIT (Certified in Governance of Enterprise IT) as granted by ISACA
- Knowledge of at least one other European language other than English
- Experience working and/or living in at least two countries