GRC Tool Strategy & Product Management Lead
Welcome to Haleon. We’re a purpose-driven, world-class consumer company putting everyday health in the hands of millions. In just three years since our launch, we’ve grown, evolved and are now entering an exciting new chapter – one filled with bold ambitions and enormous opportunity.
Our trusted portfolio of brands – including Sensodyne®, Panadol®, Advil®, Voltaren®, Theraflu®, Otrivin®, and Centrum® – lead in resilient and growing categories. What sets us apart is our unique blend of deep human understanding and trusted science.
Now it’s time to fully realise the full potential of our business and our people. We do this through our Win as One strategy. It puts our purpose – to deliver better everyday health with humanity – at the heart of everything we do. It unites us, inspires us, and challenges us to be better every day, driven by our agile, performance-focused culture.
About the role
The GRC Tool Strategy & Product Management Lead leads a critical service that manages the enterprise GRC platform (Archer GRC) and supporting tools to enable the effective maintenance and execution of risk and compliance processes across Digital & Technology (D&T).
This service drives standardization, optimization, and transparency of risk and compliance activities by leveraging workflows, automation, and integrated reporting capabilities. Acting as the functional custodian of the GRC product, the Lead defines the platform strategy, ensures data integrity, and delivers solutions that support SOx and GxP operations, internal control testing, and third-party risk management.
This role combines strategic product ownership with hands-on project management. The role is pivotal in aligning stakeholder demand across 1st and 2nd lines of defense, enabling consistent and scalable compliance practices that strengthen the D&T’s control environment and operational resilience.
Role Responsibilities
Platform vision and strategy: define and execute the product roadmap for the GRC platform, aligning with business objectives and stakeholder needs.
Data governance: establish robust data governance processes ensuring data quality, accuracy, and consistency across the platform.
Stakeholder management: manage stakeholder demand from risk and compliance teams, prioritizing and aligning execution across multiple functions.
Actively extend the usage and capabilities of the GRC platform to ensure best-in-class utilization, driving innovation and continuous improvement. Monitor industry trends and best practices to enhance the platform’s capabilities and user experience.
Design GRC dashboards to align with new compliance and operational metrics, improving visibility and decision-making.
Enable SOx control operations and internal control testing through the GRC platform ensuring timely and accurate execution.
Business Expertise:
GRC platform expertise: deep knowledge of Archer, including latest capabilities such as Archer Evolv, and ability to leverage platform for automation and integration.
Risk & compliance frameworks: strong understanding of SOx,GxP, ITGC, and internal control frameworks.
Data governance: expertise in managing master data quality and reporting accuracy.
Stakeholder management: ability to influence and align diverse risk and compliance stakeholders across 1st and 2nd lines of defense.
Strategic vision: capability to define and execute platform strategy aligned with D&T risk and compliance objectives.
Problem Solving:
Workflow optimization: designing and implementing automated workflows within the GRC platform to replace manual, error-prone processes. This involves identifying bottlenecks in risk and compliance operations and configuring Archer to streamline approvals, testing, and reporting.
Integrated reporting challenges: developing dashboards and reporting solutions that consolidate data from multiple sources, ensuring accuracy and timeliness. The Lead must address issues such as inconsistent master data and fragmented reporting by leveraging Archer’s integrated capabilities.
Data quality and governance: solving problems related to incomplete or inaccurate risk and control data. This requires implementing data validation rules, cleansing strategies, and governance processes within the platform to maintain integrity and reliability.
Stakeholder alignment: balancing competing priorities from diverse risk and compliance stakeholders (1st and 2nd lines of defense) while ensuring platform enhancements meet regulatory and operational needs. The Lead must negotiate trade-offs between customization and standardization.
Continuous improvement: identifying opportunities to extend platform usage and capabilities, such as integrating third-party risk management workflows or enabling advanced analytics, to deliver best-in-class utilization and operational efficiency.
Innovation under constraints: addressing challenges where compliance requirements could slow down technology delivery. The role must craft solutions that embed compliance into automated processes without creating friction, ensuring agility and scalability.
Nature & Area of Impact
As the Functional Owner of Archer and supporting tools, this role determines how risk and compliance processes are digitized, automated, and integrated across D&T. Effective execution ensures a scalable, standardized control environment that supports global operations.
The leadership in platform strategy and capability extension underpins SOx and GxP readiness, internal control testing, and third-party risk management. Failure to deliver could result in audit deficiencies, financial penalties, and reputational damage.
By leveraging workflows, automation, and integrated reporting, this role transforms manual, fragmented compliance activities into streamlined, data-driven processes. This improves accuracy, reduces cycle times, and enhances visibility for senior leadership.
The role impacts multiple business units and functions by aligning risk and compliance tooling with organizational priorities. It ensures that compliance is not a barrier but an enabler of agility and innovation.
Through advanced dashboards and analytics, the Lead provides actionable insights that inform governance decisions, risk prioritization, and investment in compliance capabilities.
By actively extending platform usage and capabilities, the role drives best-in-class utilization, ensuring Haleon remains ahead of regulatory and technological trends.
Interactions / Interpersonal Skills
Engages extensively with risk and compliance stakeholders across 1st and 2nd lines of defines, including First line of defence Risk & Compliance Operations teams, SOx control owners, internal audit teams, and operational leads, to align platform capabilities with business needs.
Works closely with technology teams, data governance specialists, and integration architects to design and implement workflows, automation, and reporting solutions that resolve operational pain points.
Interfaces with senior leaders to prioritize platform enhancements and manage competing requirements, ensuring strategic alignment and timely delivery.
Drives adoption of standardized processes and automated solutions within Archer, overcoming resistance to change by articulating benefits such as efficiency, transparency, and improved compliance outcomes.
Collaborates with external auditors and regulatory bodies during audits and inspections, leveraging platform capabilities to demonstrate compliance readiness and operational integrity.
Collaborates closely with the Risk Oversight & Management Director, Risk & Compliance Framework Director, Control Assurance & Advisory Director, and Independent Assessment and Monitoring Director to manage and automate risk and compliance activities.
Provides clear guidance and training to platform users, promoting best practices and ensuring consistent utilization of advanced features such as integrated dashboards and workflow automation.
Why you?
Basic Qualifications:
Bachelor’s degree
Significant experience in designing, building and expanding GRC platforms.
10+ years’ experience delivering GRC frameworks and Archer implementations in global organizations.
Effective in managing GRC platform rollouts with comprehensive project management capabilities.
Deep knowledge of Archer features and product roadmap.
Expertise in deploying highly automated GRC platform.
Mastery in Agile/Waterfall methodologies and tools such as MS Project, Jira, and Power BI.
Preferred Qualifications:
- GRC Archer qualifications.
Job Posting End Date
2026-06-30
Equal Opportunities
Haleon are committed to mobilising our purpose in a way that represents the diverse consumers and communities who rely on our brands every day. It guides us in creating an inclusive culture, where different backgrounds and views are valued and respected – all in support of understanding and best serving the needs of our consumers and unleashing the full potential of our people. It’s important to us that Haleon is a place where all our employees feel they truly belong.
During the application process, we may ask you to share some personal information, which is entirely voluntary. This information ensures we meet certain regulatory and reporting obligations and supports the development, refinement, and execution of our inclusion and belonging programmes that are open to all Haleon employees.
The personal information you provide will be kept confidential, used only for legitimate business purposes, and will never be used in making any employment decisions, including hiring decisions.
Adjustment or Accommodations Request
If you require a reasonable adjustment or accommodation or other assistance to apply for a job at Haleon at any stage of the application process, please let your recruiter know by providing them with a description of specific adjustments you are requesting. We’ll provide all reasonable adjustments to support you throughout the recruitment process and treat all information you provide us in confidence.
Note to candidates
The Haleon recruitment team will contact you using a Haleon email account (@haleon.com). If you are not sure whether the email you received is from Haleon, please get in touch.