Sr. Manager, RM&C TPRM & Compliance Governance
Zoetis is a global animal health company dedicated to supporting customers and their businesses in ever better ways. Building on 60 years of experience, we deliver quality medicines and vaccines, complemented by diagnostic products and genetic tests and supported by a range of services. We are working every day to better understand and address the real-world challenges faced by those who raise and care for animals in ways they find truly relevant.Our name, Zoetis (z-EH-tis), has its root in zo, familiar in words such as zoo and zoology and derived from zoetic, meaning “pertaining to life.” It signals our company”s dedication to supporting the veterinarians and livestock producers everywhere who raise and care for the farm and companion animals on which we all depend on.Zoetis is committed to equal opportunity in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, disability or veteran status or any other protected classification. Disabled individuals are given an equal opportunity to use our online application system. Zoetis also complies with all applicable national, state and local laws governing nondiscrimination in employment as well as employment eligibility verification requirements of the Immigration and Nationality Act. All applicants must possess or obtain authorization to work in the US for Zoetis. Zoetis retains sole and exclusive discretion to pursue sponsorship for the acquisition or maintenance of nonimmigrant status and employment eligibility, considering factors such as availability of qualified US workers. Individuals requiring sponsorship must disclose this fact.Please note that Zoetis seeks information related to job applications from candidates for jobs in the U.S. solely via the following: (1) our company website at www.Zoetis.com/careers site, or (2) via email to/from addresses using only the Zoetis domain of “@zoetis.com”. In addition, Zoetis does not use Google Hangout for any recruitment related activities. Any solicitation or request for information related to job applications with Zoetis via any other means and/or utilizing email addresses with any other domain should be disregarded. In addition, Zoetis will never ask candidates to make any type of personal financial investment related to gaining employment with Zoetis.Position Summary: * Expert in principles, theories, and concepts of regulatory compliance, security standards, and of pharmaceutical regulations; including industry knowledge of implementing controls within processes and tools.
* Provide direct support and serve as a key stakeholder in the development of Third-Party Risk Management program and Data Governance initiatives. * Create, communicate, and collaborate on the TPRM framework to Zoetis business. * Develop and execute 3rd party risk management continuous improvement plans based upon analysis of operations data, threat trends, and threat actors against Zoetis * Manage lifecycle and make recommendations on latest security technologies for the company * Work both independently and in a team-oriented, collaborative environment * Adapt to changing requirements and constraints Responsibilities:Third Party Risk Management * Provide uptake of TRPM (Third-Party Risk Management Framework) program to the organization * Training and Communication strategy to ITS and Business on TPRM capabilities * Build and implementing TRPM Governance * Operationalize Third-Party Risk Management Framework (services and delivery aspect) * Approval of Third-Party Risk Profiles * Review and Approval of Third-Party Assessments * Review and Approval of Findings * Periodic Monitoring and Attestation of third parties * Collaborate with Procurement in rationalization of Third Parties for Zoetis and developing a framework for preferred third-party inventory * Identify risk and propose recommendations to management * Quarterly reporting metric and scorecard to ITS leadership on high risk third parties (with respect to operational deficiencies or business risk) * Perform periodic monitoring and attestation of Third-Party providers * ITS Third-Party risk assessments (including SOC reports), resulting findings and control recommendations * Assist the Legal and Procurement teams with periodic updates to the IT contract templates and IT review and monitoring of controls Data Governance * Provide uptake of ITS Data Classification program to the organization * Training and Communication strategy to ITS and Business on Data Classification * Build and implement ITS Data Governance forum * Operationalize ITS Data Classification Framework (execution aspect) * Conduct periodic attestation of ITS Data Classification Assessments and disseminates the results to downstream processes Resources Managed: * Routine line management and leadership of staff within the US Risk Management & Compliance * Guide and mentor resources to deliver on Risk Management & Compliance commitments * Proactively develop resources Qualifications:Education & Training * Bachelor”s degree in Computer Science, Engineering, or a related field; Master”s degree is preferred * Advanced security certifications are desirable such as a CISSP, CCSP, CISM, and SANS accreditation * 10+ years of continuous work in the IT and information security or risk management field, either inside a corporate environment or as part of a security firm or government agency * Active participation in information security industry forums or other information security leadership organizations Experience * 10+ years of progressively increasing responsibility in an information technology environment * High level of integrity and strong ethical values * Experience managing medium to large scale, global IT projects * Experience developing or implementing security services and incident response processes * Ability to independently develop alternatives to address problems and select appropriate solutions, keeping management appropriately informed * Ability to work autonomously and under direction, in some cases under extreme duress * Strong group skills with proven ability to facilitate cross-functional teams * Able to assess and analyze complex problems (advanced problem-solving skills are requirement) * Adept at understanding customer requirements, navigating from problem to resolution and communicating process and resolution effectively both verbally and in writing. Ability to quickly communicate customer satisfaction / concerns to management, escalate issues as necessary, but does so with positive recommended approaches to addressing any concerns * Ability to interpret and explain complex IT issues in very simple non-IT terminology * Effective meeting facilitation skills, presentation skills, and action item tracking skills * Ability to build strong working relationships within an organization and between organizations * Ability to provide concise and “to the point” informative reports * Comfortable working both as an individual and as part of a team
* Track record of meeting stated objectives Technical Skills * Deep understanding of Information Security, Cloud Technologies, distillation of government regulations worldwide, Event and Incident Management Systems, Intelligence feeds and the threat actor landscape germane to the Animal Health industry * Senior level experience and understanding of relevant regulations, laws and policies across multiple IT compliance domains (SOX, GxP, Privacy, InfoSec, etc.) gained from career experience * Proven abi