GRC Platform Business Administrator

Do you want to join Philip Morris? We’re looking for a : Your mission
With PMI’s journey towards a smoke-free future and a consumer-centric organization, the company faces new opportunities and risks. To safeguard the company’s business objectives, ensure its delivery against strategic opportunities, and protect the company against emerging uncertainties, a highly professional and industry-leading risk management and internal controls practice is required. The Risk & Controls (R&C) function within PMI defines, leads, monitors the risk management and internal controls practices and drives the various activities surrounding it.

The GRC Platform Administration & Reporting Lead is responsible for:

1. Ensuring effective and efficient functioning of OneGRC platform as a key component of the PMIs GRC environment, in order to facilitate robust risk management, enable implementation of “Three Lines” model within PMI and empower the business to reliably meet its objectives.
2. Providing relevant and insightful GRC reporting to support analyzing data across the enterprise to identify and drive (facilitate and oversee) the mitigation of risks, which is owned by the “First Line” business functions.
3. Seeking and implementing opportunities to increase the added business value perceived by senior stakeholders (both within, but moreover, outside of R&C) from the overall R&C activities deployed through operating the OneGRC platform and GRC reporting. Principal Accountabilities The GRC Platform Administration & Reporting Lead is primarily responsible to support the operation of the PMI’s GRC platform (OneGRC) and deliver insightful GRC reporting and execute tasks within key GRC processes within his/her key areas of accountability. This includes the following key accountabilities: Your profile

Accountability 1. OneGRC Platform Governance • Maintains data model, master data (e.g. risk, control, organizational hierarchy etc.), and user roles and supports regular fit-for-purpose assessments. • Reviews user access requests, noting segregation of duties requirements and supports regular user access reviews. • Ensures that the contents of OneGRC platform is compliant with PMI Records Information Management / record retention policies and business needs. • Blocks and unblocks system for inputs, opens and closes reporting periods and performs other technical and scheduling tasks as needed for orchestration of control walkthroughs and testing, RCSA, enterprise risk assessment, reporting etc. • Coordinates change management activities for new functional design requirements / business specifications, including collecting requirements, obtaining sign-off & maintaining change log. • Leads user acceptance testing (UAT), prioritizes feedback, tracks issues through to resolution. • Defines requirements for change reports/audit log of critical changes and performs monitoring. Ensures bridge documents are kept, and changes are executed within agreed timeframes, back up procedures are in place by IT in the event of incidents (e.g. loss of data/functionality). • Communicates on new functionalities / features / releases / upgrades to the relevant user group including developing user guides and training materials when necessary. • Handles queries and escalations from R&C community, control owners and other stakeholders as relate to One GRC platform and reports. • Provides support and inputs to PMI IT organization and provider of OneGRC platform on incidents, configuration & security, new releases & upgrades, and interfaces; supports change impact assessment and ensures adequate change control (i.e. action plans and timely remediation). • Maintains support model, including RACI between GRC Office, Solution Manager, HelpDesk and provider of the OneGRC platform. • Possesses proven knowledge, expertise, experience with GRC tools, especially IBM OpenPages. Accountability
2. GRC Reporting • Maintains a repository of GRC reporting (individual metrics and reports to stakeholders) and via ad-hoc and periodic testing, ensures proper functioning of reporting (both in OneGRC and in PowerBI dashboards). • Supports (re)-definition of GRC process metrics, including data sources, formulas, interfaces, and reporting formats. • Tests and validates accuracy of metrics calculation and report preparation. • Supports definition of audiences for and frequencies of preparation of metrics and reports. • Automates (whenever possible), the preparation (e.g. via live dashboards / PowerBI) and sharing (e.g. via system notifications) of GRC metrics and reports. • Drives change management for GRC reporting. • Handles queries and escalations from R&C community, control owners and other stakeholders as relate to GRC metrics and reports. • Possesses proven knowledge, expertise and experience with data analytics, reporting and visualization tools, especially Microsoft PowerBI.

In addition to these main accountabilities the GRC Platform Administration & Reporting Lead possess relevant knowledge and experience in system governance, data analytics, risk management, internal controls, and general assurance provisioning activities, and supports the Head Risk & Controls Corporate Functions to increase the business added value of risk management and internal control activities and is an active contributor in achieving continuous improvement within the risk function. As necessary, he/she supports the Head of GRC Office in discharging their responsibilities regarding maintenance and implementation of the GRC technology and processes. The GRC Platform Administration & Reporting Lead works in close collaboration with GRC Office team members and PMI Information Technology colleagues, including OneGRC Solution Manager for escalations and PMI’s IT HelpDesk for service requests. Given the dynamics within the risk management environment and high pace of change, the GRC Platform Administration & Reporting Lead understands his/her own workload in order to easily flex with the changing internal and external environments in which we work. He/she ensures all committed deliverables and associated timeframes are met. The GRC Platform Administration & Reporting Lead must demonstrate strong problem solving and execution skills and is expected to produce at all times high quality deliverables, prepared in regular Microsoft Office tools suite (e.g. PowerPoint, Word, etc.). Deliverables need to be prepared in a structured way by applying professional judgement and business acumen.

The GRC Platform Administration & Reporting Lead should ensure that such deliverables are of business relevance, added value having the interests in mind of the individual business stakeholders, the Head of GRC Office and the Director Risk & Controls Global Functions.

Interested?
Don’t hesitate to apply.