Compliance Senior Lead

Auris Health

Auris Health

Manila, Philippines
Posted on Wednesday, August 2, 2023


Main Responsibilities:
• Direct, train, supervise, and evaluate direct reports to enhance their performance, development and ownership of work product.
• Effectively oversee administrative and HR matters of the direct reports.
• Help manage stakeholder concerns and facilitate discussion on process consultations, identify problems and communicate potential solutions.
• Responsible for managing/reviewing applicable IT controls assurance and compliance activities
• Reviews SOX testing, due diligence testing including status update.
• Reviews applicable IT SOX documentation including system inventory, IT DCMs, test plans, test scripts, handoff documents, etc.
• Assist with process design implementation of Regional Compliance initiatives related activities such as risk management and assessment programs, compliance audit annual calendar of activities, monthly leadership compliance related requirements.
• Create and implement risk assessment and management process over financial IT related process which includes risk prioritization and evaluation subject to the approval of the Regional GFS Compliance Head.
• Guide business process owners and provide full advisory support during process-related internal and external audit reviews.
• Assist GAM Compliance manager with timely compliance updates to senior management.
• Promotes teamwork and buy-in of Compliance initiatives by dealing effectively with identified SOX Coordinators, obtain cooperation from process owners and other internal or external parties in the implementation of Compliance initiatives and delivery of specific Compliance requirements.
• Inform/discuss with potential risks and issues and/or opportunities for improvement and best practices at the GS Manila and LGS to promote strong compliance.
• Ensure alignment and appropriate coordination with GRC, IT Teams, ISRM and Corporate Internal Audit and GPO.
• Oversee day-to-day access management operations and assigns daily work priorities based on work volume, processing requirements, SLA and auditing deadlines.
• Develops, motivates and coaches Compliance analysts to ensure that proper processes and practices are being implemented.
• Ensure that the GAM Compliance Manager is updated regularly on team projects and related progress.
• Other matters that may be assigned.

Core Compliance Taxonomy Responsibilities:
User Access Management
- Assess and Review risk analysis for access/change requests ensuring completeness of the access request form and segregation of duties.
- Proactively identify UASOD related risks & propose adequate and efficient corrective actions to mitigate gaps.
Participate in the process of role creation and risk analysis assessments based on requirements and develop recommendations from those findings
- Review weekly changes/transfers report to ensure accesses are accurate to user’s current function and take action on changes detected and terminated users to ensure a compliant environment.
- Support the remediation for all Corporate Governance, Segregation of Duties, and Sarbanes-Oxley related projects and ongoing maintenance in these efforts in the SAP space.
- Review complex business processes, systems, workflows, SOPs, policies and procedures to identify, document, and elevate the presence of risks and controls, both manual and automated, and/or management controls in each functional area to mitigate any risk or exposure
- Stay up to date on the latest risks and challenges in the SAP/Systems’ space and provide current and ongoing recommendations to J&J leadership on our risk posture. Drive continuous process improvement in order to meet changing business conditions.
- Work closely with IT to support on global access reviews, escalating issues, peering with IT and supporting reviewers to ensure 100% of the appropriateness reviews are done within the deadline.
- Work in partnership with Compliance Team to provide best recommendations on User Access and Segregation of duties issues, mapping mitigating controls, reviewing them and updating them accordingly as per guidelines to guarantee risks are properly mitigated.
- Monitor the review progress to ensure that reviewers complete the review timely, escalate reviews to reviewer's supervisor and leadership if reviewer is not able to complete review. Provide help and support for questions in performing the review.
- Provide trainings to process owners (users and reviewers) on the processes to request, review and manage user access for the systems they use including SOD assessment. This is to ensure they understand the process and are performing the control appropriately.
- Ensure compliance with all Sarbanes‐Oxley and all other internal control & regulatory requirements
- Ensure successful internal and external audits in the area of user access & segregation of duties.
- Support the Go Lives/Transitions/Due Diligence process to ensure compliant user access & segregation of duties processes & controls.
- Maintain the standardized Sarbanes‐Oxley Documentation package for user access & segregation of duties and ensure alignment with global initiatives.
- Communicate to operations ensuring appropriate mitigating controls exist and are operating effectively to mitigate the SOD risk.
- Work with operations to ensure the mitigating controls are documented and mapped to the SOD conflicts found on the access request.
- Look to optimize user management related processes / operations through Continuous Improvement.
- Continuously identify opportunities to standardize and centralize UASOD processes and controls.
Access Approver Management
- Provide training to the designated Access Approvers to ensure they understand the approval workflow process, and are performing the control appropriately.
- Assess if access approver is appropriate for the role and scope of the request.
- Perform approver review and provide positive confirmation on the appropriateness of access and any changes required.
Access Risk & SOD Ruleset Governance
- Monitor and Approve Access Risk and SOD Rulesets for changes
- Execute Change Control and Testing of Access Risk and SOD Rulesets changes
- Communicate Changes and Train Access Approvers
Role Design Governance
- Support the business by monitoring risks related to organization, technology, and process changes to ensure that the system roles remain appropriate over time.
- Act as a compliance approver for role creation or changes to ensure to ensure critical access and SOD conflicts are identified and remediated before implementation.



• At least 3-5 years of progressive experience in auditing in one or more of the following fields: (a) financial/operational, (b) external, (c) information systems, and (d) compliance.
• Strong attention to details and precise work delivered is a must
• Strong customer focus with excellent communication, presentation and training skills
• Proficient in basic MS Office applications (Excel, Outlook, Powerpoint, Word) required
• Working knowledge of SAP (or other ERP's) an advantage
• Familiarity in SOX documentation procedure and SOX certification is desirable
• Demonstrated experience in internal/external audit, finance, compliance
• Control, Compliance, Audit and/or Operational Risk experience is desirable
• Project management & Coordination capabilities
• Ability to work independently and prioritize, solve difficult situations using own judgment and sense of urgency
• Good people management skills
• Relevant experience in risk identification, assessment, monitoring, and remediation will be an additional strength
• Ability to think strategically and connect.
• Strong customer focus with excellent communication, presentation and training skills
• Knowledge of Banking environment is a plus
• Planning, prioritization, and multitasking skills.
• Experience managing / working on complex projects, with variable stakeholders and within tight deadlines
• Effectively work with new and changing situations.
• Good interpersonal, as well as both oral and written communication skills.
• Good command of English language (Spanish, Portuguese is desirable - for LATAM)

Key Competencies:

• Integrity and Credo-based Actions ~ lives Credo values; builds trust; tells the truth; initiates transparency into problems; demonstrates genuine caring for people
• Strategic Thinking ~ driven to envision a better future; takes any role or job and makes it better; has relentless dissatisfaction with status quo; makes the customer central to all thinking; keeps the focus on driving customer value; motivated to leave things better than they were; a change agent
• Big Picture Orientation with Attention to Detail ~ able to operate in two “worlds” simultaneously e.g., growth and cost control, enterprise and operating company success; sees the why as well as the what; can zoom in or out as needed
• Organization & Talent Development ~ motivates and empowers others to achieve a desired action; enjoys developing a diverse group of people; instills confidence; attracts good people; brings out the best in others; invests time to be personally “connected” with the organization
• Intellectual Curiosity ~ sees the possibilities; willing to experiment; cultivates new ideas; comfortable with ambiguity and uncertainty
• Collaboration and Teaming ~ puts interests of enterprise above own; works well across functions and groups; builds teams effectively; inspires follower ship; instills a global mindset
• Sense of Urgency ~ proactively senses and responds to problems and opportunities; works to reduce “cycle” time; takes action when needed
• Prudent Risk-taking ~ inner confidence to take risks and learn from experience; courage to grab opportunities or shed non-viable businesses
• Self-awareness and Adaptability ~ resilient; has personal modesty and humility; willing to learn from others; patient, optimistic, flexible and adaptable
• Results and Performance Driven ~ assumes personal ownership and accountability for business results and solutions; willing to make tough calls; consistently delivers results that meet or exceed expectations; demonstrates a track record of people development; champion’s diversity; net exporter of successful talent
• Lead by example ~creating and developing a strong environment through developing and supervising the RM&C team under your responsibility.