Lausanne, Switzerland





Job ID


We’ve built the world’s most successful cigarette company, with the world’s most popular and iconic brands. Now we’ve made a dramatic decision. We will be far more than a leading cigarette company. We’re building PMI’s future on smoke-free products that are a much better choice than cigarette smoking. Be part of the biggest transformation in the history of our company. We have an opportunity for a Head of Governance, Risk & Compliance (GRC)Office in our offices in Lausanne, Switzerland. With PMI’s journey towards a smoke-free future and a consumer-centric organization, the company faces new opportunities and risks. To safeguard the company’s business objectives, ensure its delivery against strategic opportunities, and protect the company against emerging uncertainties, a highly professional and industry-leading risk management and internal controls practice is required. The Risk & Controls (R&C) function within PMI defines, leads, monitors the risk management and internal controls practices and drives the various activities surrounding it. The Head of Governance, Risk & Compliance (GRC) Office is responsible for: 1. defining and maintaining the GRC environment and more specifically the underlying enterprise risk management framework components including: governance; policies and standards aligned with regulations and best practices; threat, risk, and control libraries; risk scenarios; risk assessment methodology; tools; and risk reporting and KRIs. 2. ensuring the GRC environment and more specifically the enterprise risk management framework is understood and applied across the “Three Lines” in order to facilitate robust risk management and empower the business to reliably meet its objectives. 3. analyzing data across the enterprise to identify and drive (facilitate and oversee) the mitigation of risks, which is owned by the “First Line” business functions. 4. seeking and implementing opportunities to increase the added business value perceived by senior stakeholders (both within, but moreover, outside of R&C) from the overall R&C activities deployed through implementing and refining the company’s GRC strategy.   Key responsibilities: The Head of GRC Office has the primary objective to implement, drive and operate the company’s GRC strategy and vision as defined by its senior (risk management) stakeholders within the boundaries of the established governance model. This includes the following key accountabilities: Accountability 1 – Governance, Risk & Compliance (GRC) / Process • Defines, implements, and maintains the GRC environment based on the principles set out in the company’s GRC strategy to be applied across the “Three Lines” to integrate governance, risk and compliance and overall manage risks across the enterprise. • Maintains an understanding of the businesses of the company and how they work as well as the risks, controls, industry standards, and best practices to effectively maintain a risk management framework that is appropriate, implementable, scalable, and relevant. • Drives governance including defining, implementing, and maintaining policies, procedures, standards, tools, and reporting / KRIs. Delivers KRI reporting as appropriate. • Defines, implements, and maintains risk assessment criteria, tools, and methodologies, including periodic enterprise-wide risk assessments and the company’s Risk Control Self-Assessment (RCSA) program. Enables the analysis of risk data to identify common themes to enable consistent and compliant mitigation solutions that reduce risk. • Defines, implements, and maintains a risk and control library including the effectiveness of the control environment. Drives the “First Line” to identify owners and document procedures for each. • Leverages industry and technical expertise to assist management to address more effectively risks associated with their business. • Addresses and aligns regulatory and legal/compliance requirements in regard to risk management governance, policies, standards, methods, and reporting. • Ensures a clear enterprise-wide understanding of roles and responsibilities across the “Three Lines” as they pertain to the framework including policies, methods, standards, high-level process, reporting, and overall governance. • Prepares, coordinates, facilitates interaction with senior level risk committees and other business risk subject matter experts as part of the various (risk) governance bodies. Accountability 2 – Governance, Risk & Compliance (GRC) / Technology • Sets up and drives the overall (business) change management activities in relation to the enterprise wide GRC platform. • Identifies, governs and further enhances the technology requirements in support of the GRC technology platform (IBM OpenPages) and drives the necessary updates through the governance framework (GRC Technology Design Authority). • Identifies, defines and develops/configures any relevant risk analytics and GRC reporting requirements. • Possesses proven knowledge, expertise and experience with GRC tools, especially with IBM OpenPages • Develops and operationalizes the GRC service delivery model by leveraging from offshore (internal or external) resources depending on the type of GRC-related activities. In addition to these main accountabilities the Head of GRC Office possess significant knowledge and experience in governance, risk management, internal controls, and general assurance provisioning activities, is supporting the Director Risk & Controls Global Functions to increase the business added value of risk management and internal control activities and is a contributor in achieving continuous improvement within the risk function. The Head of GRC Office works in close collaboration with other “Second Line” and “Third Line” stakeholders, including Corporate Audit (CAD), Information Security, Data Privacy and Compliance. Given that “Risk & Controls” represents the lead risk management function with the company, the Head of GRC Office is expected be comfortable and lead discussions with other “First Line”, “Second Line” and “Third Line” stakeholders in terms of communicating the added value of GRC and (enterprise) risk management in general. He/she has the courage to ‘step up’ and provide full and frank information and challenge the ‘status quo’ of risk management practices within the company. The Head of GRC Office identifies, drives and manages a (virtual) team of Risk & Controls team members including assigning and managing work, monitoring performance, and conducting performance reviews. He/she ensures all committed deliverables and associated timeframes are met. Given the dynamics within the risk management environment and high pace of change, the Head of GRC Office understands his/her own (and the team’s) workload in order to easily flex with the changing internal and external environments in which we work. Given the consultative and in certain cases ‘groundbreaking’ nature of the activities, the Head of GRC Office is demonstrate strong problem solving and program execution skills and is expected to deliver at all times high quality deliverables, prepared in regular Microsoft Office tools suite (e.g. PowerPoint, Word, etc.). Deliverables need to be prepared in a structured way by applying professional judgement, global and business acumen. The Head of GRC Office should ensure that such deliverables are of business relevance, added value having the interests in mind of the individual business stakeholders, the Director Risk & Controls Global Functions and the Global Head of Risk & Controls. Experience, skills, and personality traits that will help in excelling in this role: Education • University degree (MSc) level education (e.g. Economics, Informatics, etc.) • One (1) or more ‘post university’ professional certification / education: GSEC, GRCP, CISSP, CISM, CISA, CRISC, CGEIT, CPA (PMP preferred, but not required) Work Experience • 12 - 15 years of proven experience in GRC (implementation and/or operation), (Enterprise) Risk Management, Internal Controls, Audit, Accounting, Finance or any (relevant) combination of these. • Relevant experience in: o ‘Big Four’ and/or other public accounting / audit / consulting o Risk Management, Internal Controls, Governance, Compliance o Fast Moving Consumer Goods (FMGC) o Digitization, agile (SCRUM) transformation projects o Optional / preferred: multi-year international / global assignments o Optional / preferred: tobacco, cigarettes industry experience Other skills The Head of GRC Office possesses fluent written and verbal English business professional language skills and is able to present with impact, clarity by leveraging from materials prepared within the default suite of office tools (Microsoft Office Suite, including PowerPoint, Teams, SharePoint, Word, Excel, etc.). Experience with GRC technology solutions (i.e. IBM OpenPages) is a must. Please note that only on-line applications will be taken into consideration. Philip Morris International: Building a Smoke-Free Future Philip Morris International (PMI) is leading a transformation in the tobacco industry to create a smoke-free future and ultimately replace cigarettes to the benefit of adults who would otherwise continue to smoke, society, the company, and its shareholders. PMI is a leading international tobacco company engaged in the manufacture and sale of cigarettes, smoke-free products, and associated electronic devices and accessories. Other nicotine containing products in markets outside the U.S. PMI is building a future on a new category of smoke-free products that, while not risk-free, are a much better choice than continuing to smoke. Through multidisciplinary capabilities in product development, state-of-the-art facilities and scientific substantiation, PMI aims to ensure that its smoke-free products meet adult consumer preferences and rigorous regulatory requirements. PMI's smoke-free IQOS product portfolio includes heated tobacco and nicotine-containing vapor products. As of September 30, 2018, PMI estimates that approximately 5.9 million adult smokers around the world have already stopped smoking and switched to PMI's heated tobacco product, which is currently available for sale in 43 markets in key cities or nationwide under the IQOS brand. For more information, see our PMI and PMIScience websites. PMI is an Equal Opportunity Employer #LI