Smith & Nephew is a global advanced medical technology business. We support healthcare professionals in more than 100 countries to improve the quality of life for their patients. Since 1856, when our founder T.J. Smith developed a new method for refining cod liver oil, and in World War One when his nephew led the supply of wound care products, to the present day, Smith & Nephew continues to pioneer health solutions.
Through our market leadership positions in Sports Medicine, Trauma, Orthopaedic Reconstruction and Advanced Wound Management, our 16,000 employees continue to improve outcomes and expand access, constantly striving to create value for healthcare professionals, patients, payers and shareholders.
IT Policy and Governance Specialist
The IT Policy and Governance Specialist works in the Information Technology Group and reports to the IT Director of Governance Risk and Compliance (GRC). The role is responsible for delivering and managing the ongoing maintenance of the IT governance framework of policies and procedures for the scope of services offered by IT. In addition the role will ensure IT personnel are trained in those relevant to their function. You will work closely with different IT functions to make sure that our processes are aligned and colleagues understand how the framework will help us provide a better service to the business.
You will be a dynamic, self-starter able to work independently and skilled in IT Governance frameworks including the authoring, review and approval of Policies and Procedures using electronic document management systems. Additionally you will understand training and monitoring approaches to ensure the framework is effectively applied and followed.
- Manage the IT Governance Framework working closely with IT functional leads to ensure it is defined, documented and trained out in alignment with IT management expectations.
- Monitor the on-going effectiveness of the framework by reporting management metrics and support in identifying and resolving Policy exceptions and/or violations.
- Maintain knowledge and expertise in latest IT Governance management approaches and apply to the organisation.
- Support and adhere to all IT policies, procedures and standards, including but not limited to, IT Guiding Principles, Project Management, Change Management, Internal and External Compliance such as Health & Safety, Quality, Regulatory and Finance, and support of Internal and External Audits.
- Bachelor’s degree in a Computer, Science, Engineering or related field, or an equivalent combination of training and experience.
- Must be fluent in English, reading, writing, speaking and listening.
licenses / certifications
- Certifications related to IT Governance, Information Security and Risk Management e.g. CISA, CRISC, CGEIT, CISSP
- At least 7 years in Information Technology with at least 3 years of that in supporting and/or managing IT Governance frameworks.
- Significant experience of IT Governance in the following environments; Cloud, outsourced operations, Agile and DevOps ideally with Healthcare/Life science experience.
- Experience of IT controls/frameworks such as Sarbanes Oxley IT General Controls, ISO27000 series.
- Experience of using electronic document management systems and Integrated Risk Management tools.
- Knowledge of regulations/requirements such as HIPAA, FDA 21 CFR Part 820, FDA 21 CFR Part 11, PCI DSS, Data Privacy including EU GDPR and China would be an advantage.
- Significant experience of COBIT 5 and/or COBIT 2019 would be a distinct advantage.
competences and skills expected
- Decision Making - Obtains information and identifies key issues and relationships relevant to specific goals; commits to a course of action to accomplish goals after developing alternatives based on logical assumptions, facts, available resources, constraints, and organizational values. Escalates decisions to next level where resolution cannot be found.
- Building Working Relationships - Developing and using collaborative relationships to facilitate the accomplishment of work goals. Consultative in approach.
- Improvement Focused - Thinks creatively outside the usual boundaries; questions the status quo; initiatives, drives and manages new ideas to achieve the IT vision and goals.
- Gaining Commitment - Using appropriate interpersonal styles and techniques to gain acceptance of ideas or plans; modifying one’s own behaviour to accommodate tasks, situations, and individuals involved.
- Successful Team member - Supports and works effectively with others, internally and externally, to achieve common goals and objectives. Using appropriate methods and a flexible interpersonal style to help with the completion of team goals.
- Customer Focus - Making customers and their needs a primary focus of one’s actions; developing and sustaining productive customer relationships. Passionate about service delivery and meeting the demands of the customer.
- Planning and Organizing - Establishing courses of action for self and others (where appropriate) to ensure work is completed efficiently.
- Conducts formal reviews of activities, processes, products or services. Collects, collates and examines records as part of specified testing strategies for evidence of compliance with management directives, or the identification of abnormal occurrences. Analyses evidence collated and drafts part or all of formal reports commenting on the conformance found to exist in the reviewed part of an information systems environment.
- Advises on the application of appropriate quality management techniques and standards. Ensures that projects, teams and functions have appropriate practices in place and are meeting required organisational quality levels. Determines areas where existing processes should change from analysing audit findings. Takes responsibility for controlling updating and distributing organisational standards. Facilitates improvements to processes by changing approaches and working practices, typically using recognised models.
- Contributes to the development and maintenance of a catalogue of learning and development resources. Books and organises learning events. Updates and controls training records, including attainment of certificates and accreditations.
- Actively maintains recognised expert level knowledge in one or more identifiable specialisms. Provides definitive and expert advice in their specialist area(s). Oversees the provision of specialist advice by others, consolidates expertise from multiple sources, including third party experts, to provide coherent advice to further organisational objectives. Supports and promotes the development and sharing of specialist knowledge within the organisation.
- Reviews current and proposed information systems for compliance with the organisation's obligations (including legislation, regulatory, contractual and agreed standards/policies) and adherence to overall strategy. Provides specialist advice to those accountable for governance to correct compliance issues.
- Develops corporate Information assurance policy, standards and guidelines. Contributes to the development of organisational strategies that address the evolving business risk and information control requirements. Drives adoption of and adherence to policies and standards through the provision of expert advice and guidance in order to ensure architectural principles are applied, requirements are defined and rigorous security testing is applied. Monitors environmental and market trends and pro-actively assesses impact on business strategies, benefits and risks.
travel requirements up to 10%
for this position we offer
- Private health care | multisport card | life insurance
- Subsidies for trainings | postgraduate studies
- Annual bonus | sharesave plan | going extra miles program
- Subsidized meals and fruits | integration parties
- Possibility of working remotely | flexible working hours
- Possibility of growth in the life sciences start-up company
- Caring, collaborative and courageous business environment
- Relaxation zones in the modern workplace
- Company car