Director, IT Risk & Compliance Strategy, Governance & Reporting

Are you ready to shape a global IT risk strategy that protects our ability to deliver life-changing medicines? Could you guide the evolution of enterprise risk processes and turn complex data into decisive action for senior leaders? This role puts you at the center of how we govern and report on technology risk, connecting strategy to outcomes that matter for patients and the business.

As Director for IT Risk & Compliance Strategy, Governance & Reporting, you will set the vision and operating rhythm for how we identify, assess and manage IT risks across the enterprise. You will bridge core technology functions with enterprise risk, finance and strategic priorities, ensuring our leaders have the insight to make confident decisions. Your work will enable scale, speed and simplicity—keeping our digital ambitions on track and resilient in a complex, fast-moving environment.

Accountabilities:

Strategy Leadership: Lead the design and development of the IT Risk & Compliance strategy and define the roadmap that uplifts all service lines. Establish and run internal governance to track milestones, drive delivery and ensure collaboration across the IT R&C towers. Serve as the culture and engagement lead for IT R&C, supporting initiatives and communicating key messages such as Pulse survey insights.

Risk Process Ownership: Own and continuously improve the IT risk process to remain fit-for-purpose for AstraZeneca’s key IT risks. Design escalation pathways and integration with existing or new governance, working closely with Risk Business Partners (BTG and C4E). Integrate related risk processes across data, exceptions, S4/HANA (Axial), MTP and Enterprise Architecture, partnering with Risk Operations to analyse information in BAU. Lead the relationship with the Enterprise team on OneGRC and define IT risk requirements within the tool. Own the IT2030 risk process and coordinate with SPQ and Risk Business Partners.

Risk Governance and Reporting: Design and evolve risk reporting and insights for key stakeholders and governance forums, leveraging the Risk Operations team to implement your vision. Lead delivery of risk governance outputs for IT and Enterprise forums (including ITLT Governance and Audit Committee), ensuring timely, relevant input from IT R&C leads. Act as strategic project lead for initiatives aligned to the IT R&C strategy, such as automated assurance and data-driven risk.

Enterprise Representation and Assurance: Represent IT risk at strategic governance forums across and outside of technology. Provide assurance and guidance to high-profile projects and programmes, ensuring risk considerations inform scope, delivery and value. Maintain oversight of all aspects of IT risk to engage confidently with Enterprise Risk and other forums, and prepare comprehensive IT risk input for Audit Committee reporting. Act as deputy to the Senior Director, IT Risk & Compliance when required.

Essential Skills/Experience:

• BA/BSc and extensive experience in IT risk management and/or compliance application in large IT organisations
• Experience of defining and delivering the strategy for IT Risk & Compliance and influencing senior stakeholders
• Experience of operating at senior levels across functions and geographies in large, complex and sometimes uncertain IT environments
• Excellent consulting and business engagement experience
• Experience of analysing complex data and turning this into meaningful and actionable insights
• Experience of developing and implementing IT risk and controls frameworks in large IT organisations
• Proven challenge, negotiation & influencing capabilities
• Strong change management leadership
• Strong collaboration and relationship building skill
• Ability to make pragmatic decisions by analysing highly complex situations, assessing risks and balancing strategic and tactical compliance/quality requirements
• Strong presentation, communication & facilitation skills

When we put unexpected teams in the same room, we unleash bold thinking with the power to inspire life-changing medicines. In-person working gives us the platform we need to connect, work at pace and challenge perceptions. That's why we work, on average, a minimum of three days per week from the office. But that doesn't mean we're not flexible. We balance the expectation of being in the office while respecting individual flexibility. Join us in our unique and ambitious world.

Why AstraZeneca?
Here your expertise in risk and governance accelerates real-world impact. You will work in inclusive, cross-functional teams that pair cutting-edge technology with a scientific mindset, building partnerships inside and outside the company to drive scale and simplicity. We’re investing to become a data-led enterprise, empowering you to experiment, learn and lead—whether through modern platforms, collaborative sprints or bold initiatives that transform how we deliver for patients. We value kindness alongside ambition, and we back you with the support to take ownership, grow and shape how risk enables our digital future.

If you’re ready to lead a global risk strategy that strengthens our digital ambitions and enables life-changing impact, step forward and help us build what’s next!

Date Posted

10-Dec-2025

Closing Date

24-Dec-2025

Our mission is to build an inclusive and equitable environment. We want people to feel they belong at AstraZeneca and Alexion, starting with our recruitment process. We welcome and consider applications from all qualified candidates, regardless of characteristics. We offer reasonable adjustments/accommodations to help all candidates to perform at their best. If you have a need for any adjustments/accommodations, please complete the section in the application form.

AstraZeneca embraces diversity and equality of opportunity. We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills. We believe that the more inclusive we are, the better our work will be. We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics. We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorisation and employment eligibility verification requirements.