IT Governance, Risk Management and Compliance Analyst

Bausch + Lomb (NYSE/TSX: BLCO) is a leading global eye health company dedicated to protecting and enhancing the gift of sight for millions of people around the world—from the moment of birth through every phase of life. Our mission is simple, yet powerful: helping you see better, to live better.

Our comprehensive portfolio of over 400 products is fully integrated and built to serve our customers across the full spectrum of their eye health needs throughout their lives. Our iconic brand is built on the deep trust and loyalty of our customers established over our 170-year history. We have a significant global research, development, manufacturing and commercial footprint of approximately 13,000 employees  and a presence in approximately 100 countries , extending our reach to billions of potential customers across the globe. We have long been associated with many of the most significant advances in eye health, and we believe we are well positioned to continue leading the advancement of eye health in the future. 

IT Governance, Risk Management, and Compliance (GRC) Analyst

This position at Bausch and Lomb (B+L) provides risk management and compliance support within the IT Cybersecurity group reporting to the Manager, IT GRC. The primary responsibility of this role is to assist functional areas with risk management & compliance expertise throughout the technology organization. The analyst will lead and facilitate Change Advisory Board (CAB) and perform security risk assessments to identify, track, monitor, and report technology risks and vulnerabilities. The analyst is expected to remain current with compliance, privacy, and security capabilities trends and integrate them into an IT Governance, Risk Management, and Compliance strategy. Additionally, you'll work collaboratively with our Global Infrastructure team members to continuously improve existing IT policies, procedures, and processes by providing insights related to functional risk areas, mitigations, and control recommendations.

Primary Responsibilities
•    Provide comprehensive support to the organization’s IT Governance, Risk Management & Compliance (GRC) program.
•    Lead and facilitate Change Control and Change Advisory Board (CAB) review meetings.
•    Review IT Change Requests from validation to closure to ensure changes are processed as defined in organizational IT change management (CM) standard operating procedures (SOP).
•    Identify areas of improvement in CM SOPs and update as required aligned to organizational policies.
•    Support coordination of internal/external audits with IT process owners and other key stakeholders, including facilitating evidence collection and other requests from audit teams (ex., IT SOX, SSAE 18 (SOC), GDPR, and HIPAA)
•    Manage IT compliance activities, including testing of IT controls.
•    Facilitating requests and addressing issues raised by the internal/external auditors
•    Work with the various functional departments to implement control improvement plans for any gaps identified, changes in process, and compliance requirements.
•    Maintain IT compliance across the organization by providing the expertise in implementing and defending appropriate controls applicable to compliance requirements, including SOX, CCPA, PII, PCI, HIPPA, and GDPR.
•    Ensure and monitor effective implementations of policies and procedures
•    Identify improvement opportunities and provide recommendations to mature existing IT processes and controls further to align with best practices, including automation and optimization.
•    Serve as an IT risk management and compliance subject matter resource to assess compliance implications related to technical implementations and other IT projects and execute pre-implementation reviews.
•    Prepare ongoing reports with metrics/key performance indicators related to compliance activities, remediation plans, and other compliance efforts and present them to IT and executive management.
•    Assist in designing continuous controls monitoring program utilizing GRC solution, dashboards, analytics, automation, and other supporting tools.
•    Assist in educating and training individuals across the organization, including change and process owners, related to compliance concepts, requirements, and responsibilities and establish awareness regarding the role of the overall compliance function.
•    Other duties as assigned.

Education and Experience
•    Bachelor’s or master’s degree in Computer Science, Information Technology, Information Security or similar.
•    3-5 years of progressive experience, ideally within the Life Sciences industry in one or more of the following areas: IT Compliance, IT Audit, and IT Risk Management
•    Understanding of network environments, hardware, databases, servers, and firewall rules
•    Familiar with Kintana, ServiceNow and other GRC tools (preferred)
•    Knowledge and experience with regulatory frameworks and compliance standards such as SOX, SSAE 18 (SOC), COBIT, NIST, ISO, HIPAA, Cloud Security standards, etc.
•    Experience with performing technical risk assessments, analyzing risk, and providing recommendations on risk mitigation strategies as it pertains to IT Risk Management and Compliance
•    Experience working and collaborating effectively with technical subject matter experts and internal/external auditors in gathering information and demonstrating compliance with standards.
•    Experience with the monitoring and evaluation of technology processes and controls, including design and operating effectiveness testing and reporting on results and recommendations
•    Experience with creating and maintaining high-quality documentation related to IT processes, including flow charts and data flow diagrams preferred
•    One or more of the following professional designations preferred: CISA, CISSP, CRISC

This position may be available in the following location(s):