Posted in

SAP GRC SOX Compliance Analyst

SAP GRC SOX Compliance Analyst

CompanyAmgen
LocationLos Angeles, CA, USA, Tampa, FL, USA, Jacksonville, FL, USA
Salary$96684 – $121404
TypeFull-Time
DegreesBachelor’s, Master’s, Associate’s
Experience LevelMid Level, Senior

Requirements

  • Master’s degree
  • OR Bachelor’s degree and 2 years of Information Systems experience
  • OR Associate’s degree and 6 years of Information Systems experience
  • OR High school diploma / GED and 8 years of Information Systems experience

Responsibilities

  • Support the SAP GRC Controls Management and Compliance function
  • Demonstrate a good working knowledge of the SAP GRC environment
  • Coordinate, collaborate, and communicate with IT personnel across the organization to ensure that our IS SOX process is followed as required by our organization
  • Ability to demonstrate solid sense of ownership, detail orientation, keen focus on quality and setting clear expectations
  • In charge of working with process owners, internal, and external auditors in support of our quarterly certification process
  • Collaborate and support any SOX evidence request efforts made by Internal and External Audit teams
  • Develop and promote educational mentorship resources that will help facilitate new owners understanding of the Sarbanes-Oxley Act and their responsibilities
  • Participate in walkthroughs with system, service, and process owners
  • Review and analyze SOX systems and applications showing in Configuration Management Database (CMDB) for SOX applicability and ensure all components are collected and accounted for
  • Deep understanding of IT infrastructure and hands on experience in Information Technology Infrastructure Library (ITIL) and System Development Life Cycle (SDLC)
  • Assess the risks of IT audit findings, identify mitigating controls and incorporate in IT process framework continual improvement
  • Map regulatory requirements across functions to identify compliance and audit response efficiencies while liaising with internal auditors and IT service owners to ensure information assurance processes are mature, and outcomes are effective by appropriately addressing and raising relevant risks to policy and regulatory compliance
  • Contribute to the strategic development of Information Governance (IG) program
  • Maintain awareness of changing technology environments, implementation methodologies and frameworks used to support responsible functions (e.g., AI, machine learning, Dev Ops, etc.)
  • Ensure quality of work and timeliness across different functional deliverables and take ownership of issues and coordinate through to completion
  • Align responsible functions with greater Information Systems strategy (e.g., City Planning, Cloud First, etc.)

Preferred Qualifications

  • 4+ years of IT audit, Information Technology / Security control assurance or enterprise IT compliance experience
  • Working knowledge of Information Governance principles and Information Security principles: confidentiality, integrity, and availability
  • Knowledge of international standards for Information Technology and Information Governance
  • Experience working with various technologies, IT frameworks and methodologies
  • Proven ability to understand the concepts of new cloud technologies and other paradigms such as emerging Big Data technologies, lean methodologies to propose appropriate controls and compliance mentorship
  • Strong written and verbal communication, including the ability to explain technical matters to a non-technical audience
  • Possess strong organizational and collaboration skills
  • Working in large / global corporate environments involving multiple businesses
  • 3+ years of experience within health, biotechnology/pharma or other regulated industries
  • Working experience with Governance, Risk and Compliance (GRC) tools
  • Exceptional teamwork encompassing cross-functional teams, peer relationships, informing, understanding and appreciating differences
  • Strong ability to convey and influence complex information compliance, risk and security issues in a manner that is easily understood and actionable
  • Ability to effectively facilitate and inspire change within the organization
  • Developing / delivering presentations to large audiences and at all levels within the organization
  • One or more industry recognized certifications, including but not limited to: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), SANS Global Information Assurance Certifications (GIAC)