IS Governance Risk and Compliance Analyst

Your role and responsibilities (Mandatory)

In this role, you will Assist in monitoring IS Compliance performance, implementation and management of IS IT related regulatory and digital compliance in the Business Area. Establish, monitor and perform continuous compliance improvement in EL operational facilities.

Supports in establishing strategies and processes for the continuous monitoring of controls for implemented IS compliance frameworks and ensuring efficient and effective IT General controls performance on a continuous basis. Work with various stakeholders, EL Business area compliance lead, management audit and External audit teams and provide required information evidence and documentation in a quality and timely manner.

The work model for the role is: Hybrid
This role is contributing to the ABB ELIS.

This role is reporting to the Head of Compliance

• Assists in establishing and operating country compliance in line with GRC strategy addressing risks and ensuring compliance (regulatory and digital) in alignment with IS and EL Strategy and organizational risk appetite.
• Assists in contributing to the development and governance for IS risk and compliance and implementation of continuous compliance and resilience services for country.

• Supports EL IS risk and compliance with a focus to implement global and local initiated projects.
• Assists in developing, maintaining and communicating ITGC controls to ensure alignment with elements of Business policies and standards.
• Supports in Implementing global controls to ensure and monitor compliance.
• Ensure applicable regulation for IT, status reporting, metrics and benchmarks and overseeing support activities
• Conducts internal compliance assessments with business team, local and global IS teams and coaches project managers to produce reports and communicate the results and findings to respective teams.
• Performs risk-based application reviews.
• Investigates critical incidents/control failures/deficiencies and develop systematic mitigation plans, with actionable recommendations to relevant stakeholders.
• Identifies, assesses, and communicates associated governance, assurances, and risks.
• Engage and work with IS Governance lead for various initiatives
• Manage communication and newsletters, presentations and discussion for IS SRC team.
• Point of contact for IS compliance and risk management and collaborates with other IT functions & EL teams to ensure contribution and involvement.
• Engages with the business to implement a risk-based methodology for identifying and mitigating organizational compliance exposure by ensuring implementation of IT & SAP compliance standards, ITGC controls and processes and ensuring full compliance with all regulatory and audit requirements, standards and policies.
• Proactively evaluates compliance by conducting assessments ahead of audits or examinations, identifies and addresses gaps by defining remediation initiatives and managing the timely resolution.
• Supports in providing External Audit Support by preparing IS teams to be audited and participating in the audit or review process to continually improve the communication and relationships between parties, leading to a clearer understanding of control and compliance realities.
• Ensuring all stakeholders are updated on progress and IS compliance KPIS, SOD status and other compliance risks.
• Champions compliance and risk management provides education and training to application owners and managers as well as guidance on the correct determination of all EL implemented frameworks globally.

• Establishes the local process in IS to interface with EL central compliance team to achieve objective of framework compliance.
• Collaborate with stakeholders to ensure the implementation, running and continuous improvement of the IS Risk and Compliance framework and policies in IS (Business, GBS, Corporate).
• Contributes to the implementation and monitoring of Export and Trade Control processes on a global level, based on ABB guidelines and industry best practices as these relate to IS.
• Understand the requirement of Data privacy (GDPR) based on the ABB guidelines and work with business for implementation

• Develops productive relationships with leaders across the business, internal & external auditors and with external vendors to foster awareness towards IT, cyber and data security, compliance and the impact of a potential breach on the business.
• Establishes two-way communication procedures with stakeholders and business customers to ensure collaboration on change or project activities.

• Ensures work is compliant with all applicable ABB Regulations and ABB Group Guidelines.
• Ensures all internal controls related to IS and ITGC are diligently followed.
• Ensures (with HR Manager support) that the area of responsibility is properly organised, staffed, skilled and directed.
• Assists in admin activities including (but not restricted to) onboarding of employees, creating/updating Statement of work, raising IS tickets w.r.t. onboarding process, etc.

• Bachelor’s degree in commerce, Business Management, Computer Science, Software Engineering, or a related qualification.
• Awareness of Business Process will be an added advantage.
• High level of written and verbal communication skills.
• Good presentation skill is an added advantage.
• Able to work on Data Analytics and KPI monitoring solutions and develop dashboards.
• Interpersonal skills to accomplish objectives through the efforts of others and across a variety of cultural, business and functional areas.
• Critical thinking and problem-solving skills.
• Personal integrity, with the ability to handle confidential and sensitive matters with the appropriate level of judgement and maturity.

• IT is currently indicated as ABB’s highest risks and requires a focused approach to mitigate deficiencies by ensuring potential risks are identified, evaluated and EL business exposure is avoided or managed, through the implementation of mitigating actions.
• Failure to understand and ensure customer and/or regulatory compliance requirements as “license to operate”, may lead to loss of revenue or business and in severe cases attract significant financial penalties and loss of ABB reputation.)
• All EL IS employees’ understanding of the importance of Risk Management.

• Complexity of delivering IS compliance locally, developing operating models (business-driven, decentralization, etc) throughout the country, particularly where specific local business needs require tailored solution to ensure compliance with ABB IS standards, etc.
• Working across multiple teams, cultures, languages and local IT regulations for compliance.
• Ensuring integrated IS risk management framework, methodology and processes are implemented to establish a proactive risk management practice to avoid impact on operations.
• Anylow compliance of the IS organization, recorded in external audit outcomes, resulting in a high risk of material weakness.
• Scope of impacted organizational units of Country and users.

• All Countries - ABB – Revenue 15B$ USD
• Direct and indirect reports: No direct, some vendor/partners on case-to-case basis
• Impacts all Country EL employees ~ 10 K employees
• Relationship with all IS suppliers in Corp, GBS & Business

• Internal: GBS IS Domains, Country management team, Country IS Management & team, EL IS compliance team, Data Privacy Officer, Business Customers, Corporate IS, ARIC – Enterprise Risk Management.
• Peer roles: EL Information Services, Country Applications & Infrastructure teams, Operational Effectiveness team and Country IS teams, SOD team and Management testers.
• External: National Security Agencies, External Auditors, Customers and 3rd party contractors.