| Main Responsibilities: |
• Identify stakeholder concerns and facilitate discussion on process consultations, identify problems and communicate potential solutions.
• Responsible for managing and performing applicable IT controls assurance and compliance activities
• Perform control validation testing of all applicable IT controls as per guidelines from the SOX Program including UASOD, interface controls, configurable and application controls related to finance systems and processes.
• Assist with the implementation of Regional Compliance initiatives and Compliance department related activities such as risk management and assessment programs, compliance audit annual calendar of activities, monthly leadership compliance related requirements.
• Create and implement risk assessment and management process over financial IT related process which includes risk prioritization and evaluation subject to the approval of the Regional GFS Compliance Head.
• Guide business process owners and provide full advisory support during process-related internal and external audit reviews.
• Inform/discuss with potential risks and issues and/or opportunities for improvement and best practices at the GS centers to promote strong compliance.
• Other matters that may be assigned.
Core Compliance Taxonomy Responsibilities:
User Access Management
- Review and perform risk analysis for access/change requests ensuring completeness of the access request form and segregation of duties.
- Review access request against the role matrix/library and ensure approvers are correct based on the approval matrix
- Perform Segregation of Duties (SOD) checks ensuring access requested does not have conflicts with existing access executing a cross-system analysis and considering manual job responsibilities.
Participate in the process of role creation and risk analysis assessments based on requirements and develop recommendations from those findings
- Review weekly changes/transfers report to ensure accesses are accurate to user’s current function and take action on changes detected and terminated users to ensure a compliant environment.
- Support the remediation for all Corporate Governance, Segregation of Duties, and Sarbanes-Oxley related projects and ongoing maintenance in these efforts in the SAP space.
- Review complex business processes, systems, workflows, SOPs, policies and procedures to identify, document, and elevate the presence of risks and controls, both manual and automated, and/or management controls in each functional area to mitigate any risk or exposure
- Stay up to date on the latest risks and challenges in the SAP/Systems’ space and provide current and ongoing recommendations to J&J leadership on our risk posture. Drive continuous process improvement in order to meet changing business conditions
- Work closely with IT to support on global access reviews, escalating issues, peering with IT and supporting reviewers to ensure 100% of the appropriateness reviews are done within the deadline.
- Work in partnership with Compliance Team to provide best recommendations on User Access and Segregation of duties issues, mapping mitigating controls, reviewing them and updating them accordingly as per guidelines to guarantee risks are properly mitigated.
- Monitor the review progress to ensure that reviewers complete the review timely, escalate reviews to reviewer's supervisor and leadership if reviewer is not able to complete review. Provide help and support for questions in performing the review.
- Provide trainings to process owners (users and reviewers) on the processes to request, review and manage user access for the systems they use including SOD assessment. This is to ensure they understand the process and are performing the control appropriately.
- Ensure compliance with all Sarbanes‐Oxley and all other internal control & regulatory requirements
- Ensure successful internal and external audits in the area of user access & segregation of duties.
- Support the Go Lives/Transitions/Due Diligence process to ensure compliant user access & segregation of duties processes & controls.
- Maintain the standardized Sarbanes‐Oxley Documentation package for user access & segregation of duties and ensure alignment with global initiatives
Access Approver Management
- Provide training to the designated Access Approvers to ensure that the approval workflow process was understood, and controls were performed appropriately.
- Assess if access approver is appropriate for the role and scope of the request.
- Perform approver review and provide positive confirmation on the appropriateness of access and any changes required.
- Monitor Access Approver
Access Risk & SOD Ruleset Governance
- Monitor and Approve Access Risk and SOD Rulesets for changes
- Execute Change Control and Testing of Access Risk and SOD Rulesets changes
- Communicate Changes and Train Access Approvers
Role Design Governance
- Support the business by monitoring risks related to organization, technology, and process changes to ensure that the system roles remain appropriate over time.
- Act as a compliance tester to validate that role changes are implemented per approved design and critical access and SOD conflicts are identified and remediated before implementation.
- Act as a compliance approver for role creation or changes to ensure critical access and SOD conflicts are identified and remediated before implementation.
• At least 3 years of progressive experience in auditing in one or more of the following fields: (a) financial/operational, (b) external, (c) information systems, and (d) compliance.
• Strong attention to details and precise work delivered is a must
• Strong customer focus with excellent communication, presentation and training skills
• Proficient in basic MS Office applications (Excel, Outlook, Powerpoint, Word) required
• Working knowledge of SAP (or other ERP's) an advantage
• Familiarity in SOX documentation procedure and SOX certification is desirable
• Demonstrated experience in internal/external audit, finance, compliance
• Control, Compliance, Audit and/or Operational Risk experience is desirable
• Relevant experience in risk identification, assessment, monitoring, and remediation will be an additional strength
• Ability to think strategically and connect.
• Strong customer focus with excellent communication, presentation and training skills
• Knowledge of Banking environment is a plus
• Planning, prioritization, and multitasking skills.
• Experience managing / working on complex projects, with variable stakeholders and within tight deadlines
• Effectively work with new and changing situations.
• Good interpersonal, as well as both oral and written communication skills.
• Good command of English language (Spanish, Portuguese is desirable - for LATAM )
• Integrity and Credo-based Actions ~ lives Credo values; builds trust; tells the truth; initiates transparency into problems; demonstrates genuine caring for people
• Strategic Thinking ~ driven to envision a better future; takes any role or job and makes it better; has relentless dissatisfaction with status quo; makes the customer central to all thinking; keeps the focus on driving customer value; motivated to leave things better than they were; a change agent
• Big Picture Orientation with Attention to Detail ~ able to operate in two “worlds” simultaneously e.g., growth and cost control, enterprise and operating company success; sees the why as well as the what; can zoom in or out as needed
• Organization & Talent Development ~ motivates and empowers others to achieve a desired action; enjoys developing a diverse group of people; instills confidence; attracts good people; brings out the best in others; invests time to be personally “connected” with the organization
• Intellectual Curiosity ~ sees the possibilities; willing to experiment; cultivates new ideas; comfortable with ambiguity and uncertainty
• Collaboration and Teaming ~ puts interests of enterprise above own; works well across functions and groups; builds teams effectively; inspires follower ship; instills a global mindset
• Sense of Urgency ~ proactively senses and responds to problems and opportunities; works to reduce “cycle” time; takes action when needed
• Prudent Risk-taking ~ inner confidence to take risks and learn from experience; courage to grab opportunities or shed non-viable businesses
• Self-awareness and Adaptability ~ resilient; has personal modesty and humility; willing to learn from others; patient, optimistic, flexible and adaptable
• Results and Performance Driven ~ assumes personal ownership and accountability for business results and solutions; willing to make tough calls; consistently delivers results that meet or exceed expectations; demonstrates a track record of people development; champion’s diversity; net exporter of successful talent
• Lead by example ~creating and developing a strong environment through developing and supervising the RM&C team under your responsibility.