Role Summary
- Supports IT SOX compliance, audit readiness, and access governance across enterprise systems in a regulated environment.
- Partners with IT, IT Application Security, and Audit teams to support IT General Controls (ITGCs), user access reviews, and audit support.
Key Responsibilities
- Support IT SOX and ITGC audits (evidence coordination, auditor inquiries, remediation tracking).
- Execute periodic user access reviews (access validation, Active Directory checks, segregation of duties considerations, remediation follow-ups).
- Support SAP Change Management and SAP GRC (transport reviews, CAB approval validation, sensitive access reviews, audit evidence preparation).
- Support SDLC controls (pre-implementation risk/scope assessments and post-implementation audits).
- Support third-party/SaaS audit requests (SOC report coordination, complementary user entity control validation, control confirmations).
- Administer/coordinate AuditBoard (Optro) (or similar GRC) access for internal teams and external auditors.
- Maintain audit-ready ITGC documentation and evidence artifacts for access controls, change management, and incident response.
- Identify opportunities for control automation and process improvement.
- Provide audit status, remediation, and project reporting.
Required Qualifications / Skills
- Bachelorβs degree in IT/computer science/information systems/related field.
- 1β3 years hands-on experience in IT SOX, ITGCs, or technology risk/compliance.
- Strong understanding of user access controls, identity lifecycle management, and segregation of duties.
- Experience with SDLC controls (pre/post implementation reviews).
- ERP experience (SAP preferred), including access/change-related controls.
- Working knowledge of GRC platforms (AuditBoard, SAP GRC, or ServiceNow GRC).
- Experience interfacing with external auditors; strong documentation and written communication.
- Ability to work independently and collaborate with U.S. and EU stakeholders.
Preferred Qualifications
- CISA (completed or pursuing).
- Experience with Big 4 or large public accounting firm audits.
- Experience in regulated industries (life sciences, pharmaceuticals, healthcare, or financial services).