-
Individuals within the IT Compliance Lead Analyst role are responsible for ensuring that the organization in accomplishing its objectives by bringing a systematic, disciplined approach to evaluating and improving the effectiveness of IT risk management, IT control and governance processes.
-
Persons in this role will be a primary resource for driving adherence to compliance and regulatory IT controls. Will assist development of continuous monitoring controls to assess the IT control environment and its effectiveness against the IT Corporate Compliance Standards. Partner with the Corporate Compliance team to provide guidance and enhancements of control adjustments based on industry or corporate standards.
- Members of this role need to understand software development life cycles, Sarbanes-Oxley (SOX) Controls, security principals, process design, and a strong knowledge of compliance management. They must be able to understand business requirements, technical specifications, and change management documentation to audit work products against standards.
- They must also be highly skilled communicators. The associate in this role will work on multiple projects as a compliance team leader or advisor. They will work on projects that have system-wide impact, integrating across the organization and involving multiple technical environments and disciplines.
PRIMARY DUTIES AND RESPONSIBILITIES:
- Leads in identification and documentation of Cencora/Pharmalex IT General Controls (ITGC).
- Performs risk assessment procedures and presents findings to leadership verbally or via written reports.
- Provides controls guidance to IT and the business to facilitate operational effectiveness and ensures compliance requirements are met.
- Utilizes sound judgment to identify and assess risk, materiality, and adequacy of audit evidence, compensating controls, and significance of findings.
- Collaborates effectively and on an ongoing basis with all constituents involved in IT General Controls.
- Reviews progress toward the ITGC plan regularly with IT leaders, control owners and auditors to make modifications, as necessary.
- Assists internal and external auditors in compliance reviews.
- Assists external compliance initiatives that may include Sarbanes-Oxley (SOX), EU GDP, GDPR, and other compliance programs, including the coordination of auditors interfacing with IT staff, guidance for appropriate remediation actions for findings, communication, and escalation of remediation.
- Builds trusted working relationships with the enterprise Finance, Legal, Audit and Corporate Compliance groups to support Internal and External Audits, and to ensure the understanding and acceptance of audit issues in connection with business risks.
- Stays current with latest changes in external compliance initiatives that may affect the organization s compliance with external requirements.
- Manages discussions with external auditors as part of required reviews of our IT Compliance Controls. Must be able to accurately communicate our IT Controls strategy and how IT controls operate.
- Prepares clear, detailed, and accurate compliance documentation, including narratives, control descriptions, risk control matrices, test programs, and performance metrics.
- Establishes and communicates timelines, requirements, and issues with management in a professional and timely manner.
- Escalates key control risks and issues, in a professional manner to management.
- Evaluates and makes compliance recommendations on standards within enterprise-wide processes such as change and release management.
- Leads evaluation of Control Frameworks, Regulations, and certifications, provides analysis based on findings.
- Participates in evaluation of acquired solutions and provides findings on control risks.
EXPERIENCE AND EDUCATIONAL REQUIREMENTS:
bachelors degree in computer science, Information Systems, Business Administration, or other related field or equivalent work experience. Minimum of eight (8) years IT compliance or audit experience , including supervisory experience working for a large company. Professional certification is preferred (CISA, CIA, CPA, CRISC, CISSP, or similar). Must have experience in auditing large ERP systems.
MINIMUM SKILLS, KNOWLEDGE, AND ABILITY REQUIREMENTS:
- Direct experience in auditing Microsoft Dynamics365 or an equivalent ERP system
- Experience in working remotely and autonomously
- Ability to work within a team environment
- Skilled at interacting with internal and external personnel
- Strong interpersonal and analytical skills
- Strong organizational and oral/written communication skills
- High degree of literacy with system processes and internal controls
- Comfortable working with management, and ability to work independently on projects and supervising of assigned staff
- Extensive exposure to IT related operations, including system development project management methodologies and practices; IT Operations, IT planning, management and organization, and other typical application specific control principles and risk
- Working knowledge of Sarbanes-Oxley requirements
EXPERIENCE AND EDUCATIONAL REQUIREMENTS:
bachelors degree in computer science, Information Systems, Business Administration, or other related field or equivalent work experience. Minimum of Eight (8) years IT compliance or audit experience, including supervisory experience working for a large company. Professional certification is preferred (CISA, CIA, CPA, CRISC, CISSP, or similar). Must have experience in auditing large ERP systems.
MINIMUM SKILLS, KNOWLEDGE, AND ABILITY REQUIREMENTS:
- Direct experience in auditing Microsoft Dynamics365 or an equivalent ERP system
- Experience in working remotely and autonomously
- Ability to work within a team environment
- Skilled at interacting with internal and external personnel
- Strong interpersonal and analytical skills
- Strong organizational and oral/written communication skills
- High degree of literacy with system processes and internal controls
- Comfortable working with management, and ability to work independently on projects and supervising of assigned staff
- Extensive exposure to IT related operations, including system development project management methodologies and practices; IT Operations, IT planning, management and organization, and other typical application specific control principles and risk
- Working knowledge of Sarbanes-Oxley requirements
