The Risk and Compliance Analyst has to demonstrate an understanding of McKesson Canada processes, internal IT controls and how they interact together. He understands and drives the IT Risk & Compliance Management program. He manages the IT vendor assurance program and evaluates and monitors risks with new vendors and existing vendors. He supports the various business units in responding to audits, customer requests and helps the business unit programs to evaluate compliance with corporate policies, regulations (SOX, PIPEDA, PCI, etc.).
Certain responsibilities associated with this role are included in Section B. Specific duties include, but are not limited to the following:
- Apply the Governance, Risk, and Compliance program framework. Coordinates operational risk control and assessment processes with internal stakeholders to ensure compliance with regulations, policies, and procedures.
- Evaluates the design and effectiveness internal controls across the organization to ensure risk levels are within accepted thresholds and limits.
- Works with internal and external auditors, regulators and clients to facilitate Governance, Risk, and Compliance activities and audit requirements.
- Reviews audit findings, assists in developing management action plans, and tracks audit finding remediation activities
- Coordinate risk remediation efforts related to Information Security, and help monitor remediation of other key risks.
- Act as a primary technology compliance representative on projects, to ensure that information security risks are managed and that risk assessment processes are followed.
- Support new business strategies including acquisitions and divestitures, and new product and service development.
- Report to management of critical technology compliance issues that may affect clients or internal personnel.
- Support he BU level Business Continuity and Disaster Recovery Planning.
- May lead a work group or project team consisting of support staff and technical staff.
- Seek to provide candid and timely feedback to improve performance; share information in an open manner; foster teamwork and innovation by involving team members in problem solving, decision-making and creative thinking.
- Ensure that requirements to internal and external customers are met in a timely and cost-effective manner; solicit feedback from customers to identify opportunities to improve products and/or services.
- Build internal and external relationships with key suppliers, customers and internal service providers, with emphasis on facilitating successful job/role responsibilities.
- Four years of risk management and/or internal controls.
- Knowledgeable about processes, risks and controls/controls design.
- Have, or willing to obtain, CISA and CISM qualifications (training will be provided if required).
- Result driven individual with experience leading controls and remediation implementation efforts and resolutions of any findings from internal or external assessments.
- Highly motivated individual capable of operating independently with minimal supervision to resolve complex enterprise level security issue.
- Ability to work effectively with technical and non-technical personnel in a cross-functional setting.