About this role
Welcome to Haleon. We’re a purpose-driven, world-class consumer company putting everyday health in the hands of millions. In just three years since our launch, we’ve grown, evolved and are now entering an exciting new chapter – one filled with bold ambitions and enormous opportunity.
Our trusted portfolio of brands – including Sensodyne®, Panadol®, Advil®, Voltaren®, Theraflu®, Otrivin®, and Centrum® – lead in resilient and growing categories. What sets us apart is our unique blend of deep human understanding and trusted science.
Now it’s time to fully realise the full potential of our business and our people. We do this through our Win as One strategy. It puts our purpose – to deliver better everyday health with humanity – at the heart of everything we do. It unites us, inspires us, and challenges us to be better every day, driven by our agile, performance-focused culture.
Role purpose
The Control Assurance Manager plays a critical role in embedding “security and compliance by design” across all Tech Business Units (Tech BU). This position provides leadership and day-to-day support to first line of defense teams, ensuring that risks and controls are identified, prioritised, and effectively managed throughout the project lifecycle, from inception to BAU transition. Working closely within the product tower, the role ensures adherence to internal and external compliance standards, drives inspection readiness, and contributes to reducing the overall risk profile when delivering projects.
The role combines risk consulting, assurance, and governance expertise to strengthen delivery frameworks, monitor quality, and support audits and regulatory inspections. It acts as a trusted advisor for risk assessments, control design, and compliance queries, enabling Haleon to operate with confidence and resilience.
By embedding risk and control practices into delivery processes, the Control Assurance Manager enables secure, compliant, and high-quality technology solutions for our customers.
Key accountabilities
Risk Management and Assurance:
· Contribute to identification and initiation of risk mitigation projects addressing significant risks impacting the product tower, leveraging D&T Risk Assessments (DTRA).
· Facilitate risk identification and discussions within the business unit, covering operational, product/project, and strategic risks.
· Conduct Digital & Tech Risk Assessments for new tech products, End User Developed (EUD) solutions, and RPA bots, including approvals.
· Provide ad-hoc controls consultancy, support RFP activities for new Tech products, and review DTRA documentation deliverables.
· Approve findings and remediation plans, ensuring timely closure and effective risk reduction.
Quality & Compliance Monitoring:
· Monitor deliverable quality and ensure standards are met for products, projects, programmes, and operations within remit, following a risk-based approach aligned with ITMS, D&T Risk Assessments, local SOPs, and project PQPs.
· Execute self-inspection programmes through management monitoring and independent business monitoring, when required.
· Support implementation of management monitoring programmes for processes not owned by GRC.
Operational Governance and Audit Readiness:
· Contribute to maintenance of product tower delivery and operational frameworks (activities, deliverables, roles, and responsibilities) ensuring alignment with the Digital & Tech Management System (DTMS).
· Support readiness for external inspections (FDA, EMEA, tax authorities), external audits, and internal audits.
· Manage inspection readiness activities and Corrective and Preventative Actions (CAPAs) in liaison with the business.
Architectural Governance:
· Attend and actively support Architect Review Board sessions for relevant projects, ensuring that architectural decisions align with security, compliance, and risk management principles.
· Participate in Cyber Risk Assessment meetings, providing expert input on risk identification, mitigation strategies, and control design.
Compliance Documentation & Evidence Management:
· Ensure robust documentation and evidence is maintained to demonstrate compliance with internal standards (D&T Written Standards, DTMS) and external regulatory requirements (FDA, EMEA, tax authorities).
· Validate that project deliverables meet quality and compliance expectations, supporting audit readiness and inspection preparedness.
Process Simplification & Standardization:
· Lead initiatives to simplify and streamline key risk and compliance processes, including D&T Risk Assessments, control requirements, and compliance workflows.
· Reduce complexity and duplication across frameworks, ensuring processes are efficient, user-friendly, tech-enabled via the Enterprise GRC platform, and aligned with governance standards.
· Champion standardization and automation opportunities to improve consistency, accelerate delivery, and enhance overall risk management effectiveness
Qualifications & experience
Essential
· Experience as a Solution Architect in enterprise Digital/Technology environments.
· Minimum of 10 years’ experience in a combination of Risk Management, Quality Assurance and Compliance function in a Pharmaceutical/Consumer Healthcare environment Strong understanding of integration patterns, APIs, and data flows.
· Awareness of the regulatory trends within the Consumer Health industry including: Cyber – NIST, CSA, Information security standards (e.g. ISO27001), GxP – FDA, Code of Federal Regulations Title 21 Part 210 (Current Good Manufacturing Practice in Manufacturing Processing, packing, or Holding of Drugs) & 211 (Current Good Manufacturing Practice for Finished Pharmaceuticals) and MHRA - rules and guidance for pharmaceutical distributors, Sox – Sarbanes Oxley Act of 2002, Privacy – EDPB guidelines (Data Protection by Design and by Default), GDPR
Preferred
· Certifications such as CISA (Certified Information Systems Auditor), CRISC (Certified in Risk and Information Systems Control), CGEIT (Governance of Enterprise IT), CPA (Certified Public Accountant), Information Security CISSP, CISM (Certified in Information Security Management). Experience working in environments aligned to strategic enterprise platforms and standards‑first approaches.
Job Posting End Date
2026-06-18
Equal Opportunities
Haleon are committed to mobilising our purpose in a way that represents the diverse consumers and communities who rely on our brands every day. It guides us in creating an inclusive culture, where different backgrounds and views are valued and respected – all in support of understanding and best serving the needs of our consumers and unleashing the full potential of our people. It’s important to us that Haleon is a place where all our employees feel they truly belong.
During the application process, we may ask you to share some personal information, which is entirely voluntary. This information ensures we meet certain regulatory and reporting obligations and supports the development, refinement, and execution of our inclusion and belonging programmes that are open to all Haleon employees.
The personal information you provide will be kept confidential, used only for legitimate business purposes, and will never be used in making any employment decisions, including hiring decisions.
Adjustment or Accommodations Request
If you require a reasonable adjustment or accommodation or other assistance to apply for a job at Haleon at any stage of the application process, please let your recruiter know by providing them with a description of specific adjustments you are requesting. We’ll provide all reasonable adjustments to support you throughout the recruitment process and treat all information you provide us in confidence.
Note to candidates
The Haleon recruitment team will contact you using a Haleon email account (@haleon.com). If you are not sure whether the email you received is from Haleon, please get in touch.
About Haleon
Consumer healthcare company spun off from GSK, making brands like Sensodyne, Advil, and Centrum. Based in Weybridge, UK.
Similar jobs you might like
