Compliance Control & Risk Lead at Pfizer

Position Purpose

• The Compliance, Controls, and Risk (CCR) Lead will be responsible for providing in-market risk, compliance and control guidance around Compliance Quality monitoring activities, remediation plans, and reporting.
• The current in-scope areas for CCR function are Internal Control Over Financial Reporting (“ICOFR”), Sarbanes-Oxley Act (“SOX”), Healthcare Law Compliance (My Anti-Corruption Policy and Procedures (“MAPP”)), and Foreign Corrupt Practices Act (“FCPA”)
• The scope of role may change to align with commercial restructuring.

Primary Responsibilities
Operational Responsibilities:

• Support Finance Director and GRCC Regional Colleague to develop and maintain a strong and practical risk awareness, compliance and control culture and environment
• Provide in-market support, guidance, and consultation in collaboration with Finance Director, Business Process Owners, and Legal to:
  • With market leadership, ensure process and internal control changes resulting from new or changing Corporate Financial Reporting Policies and Procedures and Corporate/ Divisional FCPA/ MAPP/ Policies and Procedures are documented in local standard operating procedures (SOPs)
  • Develop and maintain a central repository for local SOPs and a maintain a change management process for local SOPs based on centralized GRCC guidance and Corporate Policy #506, "Records and Information Requirements"
  • Streamline and harmonize local policies, including removal of local/ divisional policies where they can be leveraged from Corporate Policies and Procedures
  • Support execution and coordination of annual ICOFR/ SOX and FCPA/ MAPP risk assessment in market using centralized tools/ methodologies developed by GRCC Leadership and Regional Colleagues; analyze and summarize results of risk assessments and report results
  • Provide local consultation and support with consistent guidance on ICOFR/ SOX and FCPA/ MAPP controls, best practices, monitoring and Corporate Audit trends, which includes guidance and instructions on FCPA/ MAPP/ and ICOFR/ SOX documentation and guidance/ questions related to the enabling technology requirements for FCPA/ MAPP
  • Provide support and guidance to business process owners in the development, execution, and documentation of remedial actions for any deficiencies in ICOFR/ SOX or FCPA/ MAPP design or operating effectiveness or process enhancements identified through day-to-day compliance and control activities, control self-assessments, Corporate Audits, or Compliance Quality monitoring activities
  • Document the ICOFR RCMs, including types of controls (key vs. secondary, preventive vs. detective, manual vs. automated) using the guidance provided by GRCC Leadership and Regional Colleagues (to the extent the BPOs and control owners need assistance)
  • Organize and manage any locally required SAS70 reports (or equivalent)
• Support other risk and compliance management activities such as:
  • Gathering data and performing financial reporting related to Healthcare Professional (HCP) Payment Disclosure process from Corporate
  • Gathering data related to Financial Disclosure requests from Corporate Data Strategy and Reconciliation Team for “Payments of Other Sorts Search”
  • Gathering data related to Financial Disclosure requests from Corporate Data Strategy and Reconciliation Team for “Data Monitoring Committee Payment Searches”
  • Support the monitoring of the design and effectiveness of the remediation activity and report on its progress
• Execute Compliance Quality monitoring activities using guidance, tools, and templates provided by GRCC Leadership. Activities include:
  • Coordinating and executing market internal control self assessment and certifications
  • Coordinating and executing SOX 302 and 404 certifications, where applicable
  • Executing analytical reviews used to identify and investigate red flags in the areas of ICOFR, FCPA/ MAPP, and T&E, which may include the identification of Key Risk Indicators ("KRIs”) and/ or Key Performance Indicators ("KPIs") that align with defined risk appetite and tolerance that can serve as dashboard mechanisms assisting with Compliance Quality monitoring and reporting, and which will ultimately allow for measurements of performance; may also include the monitoring of exceptions stemming from Oversight T&E tool
  • Performing walkthroughs of key controls
  • Performing sample based testing in the areas of ICOFR/ SOX, FCPA/ MAPP, and T&E to identify control deficiencies or exceptions or other red flags requiring investigation and/ or remediation
• Assist Regional Finance Leaders, Finance Directors, and Regional Colleagues with coordination and preparation of the audit process, by serving as the main point of contact with the external/ internal auditors for scheduling and logistics; communicate the list of requirements to Finance Directors, Regional Colleagues, and BPOs and inform them of any non-compliance
• Responsible for preparing annual FCPA Trend Analysis and certification. Responsible for preparing annual MAPP Trend Analysis and certification.
• Report results of Compliance Quality monitoring activities using guidance, tools, and templates provided by GRCC Leadership and Regional Colleagues, which will also be presented to local and regional management
• Execute escalation protocols designed by GRCC Leadership and Regional Colleagues for deficiencies or issues identified as a result of the execution of Compliance Quality monitoring activities
• Partner with GRCC Regional Colleague and other key stakeholders (e.g., Legal, Divisional Controllers) to facilitate the development of periodic training materials related to ICOFR/ SOX, FCPA/ MAPP Compliance Quality activities
• Perform periodic training in the market on ICOFR/ SOX, FCPA/ MAPP Compliance Quality activities, and the deployment of GRCC tools and reporting requirements
• Support the Control Automation and Continuous Control Monitoring efforts driven by the GRCC Leader and CoE
• Support global and regional compliance and control projects as appropriate
• Support other in-market activities and compliance work as appropriate
• Attend training as required

Qualifications (i.e., Preferred Education, Experience, Attributes)

• Approximately 4 - 9 years of working experience in a risk management/ control environment, including experience with risk identification, measurement and assessment, risk monitoring, reporting and escalation
• Experience working in a Internal Control Manager, Controller, Compliance and/ or Audit role
• Experience in ICOFR, SOX, FCPA
• Experience navigating a large, complex organization and managing stakeholders interests using a matrixed organization
• Strong project management skills
• Experience influencing and executing complex solutions involving multiple groups
• Experience in developing and executing training at all levels of the organization
• Bachelor's Degree from an accredited college or university; MBA / CPA preferred or other equivalent education/ certification (e.g., Chartered Accountant)
• Excellent analytical skills with a demonstrated ability in risk identification, measurement and assessment, risk monitoring, reporting and escalation
• Ability to work in a fast-paced and demanding environment
• Strong organization and planning skills
• Ability to communicate well within all levels of Pfizer
• Ability to identify business issues/ opportunities and to frame business questions
• Ability to interact with business and finance leaders across Pfizer Inc.
• Savvy with industry and Pfizer financial systems and financial reporting processes.

Technical Skills/Knowledge Requirements:

• Strong understanding of key risk areas in scope
• Knowledge of risk management, compliance and control frameworks (e.g., COSO) and concepts (e.g., risk and control identification, risk assessments, monitoring and reporting)
• Strong knowledge of Pfizer’s markets globally; strong understanding of FCPA IT systems (e.g., ACM)