IT Risk & Controls Manager

Responsibilities:

• Excellent employment opportunity for an IT Risk & Controls Manager in the Foster City, CA area.
• Onsite: (subject to the vaccine mandate) - Hybrid, 2 3 days onsite and remainder will be remote Hybrid Ok
• This position provides the required IT Risk & Controls program by sharing a point of view around ITGC controls design and audit support with expertise in a broad range of information security management topics.
• Assist in the efforts to scope and evaluate the design of Internal Controls over Financial reporting (ICFR) specific to IT systems in compliance with the Sarbanes-Oxley Act (SOX) while supporting an efficient and effective process
• Liaison with the Company's external and internal audit to provide expertise and consultation for a smooth and effective audit
• Assist in the assessment of the impact of audit findings, provide consultative support to system managers and support teams, and monitor remediation and action plans
• Coordinate with 3rd party service provider's as it relates to quality assessments of control execution, and the review of changes and assessments of SOX systems
• Conduct training and awareness of Company's IT system key controls framework of policies, procedures, standards and guidelines
• Work closely with business process owners, SOX PMO and Internal Audit on implementation, execution and compliance with IT system key controls
• Participate in IT project risk assessment reviews to support development of new and/or modification of existing application
• Support operational IT controls for new and emerging areas of risk
• Coordinate internal and external audits and ensure IT system owners are trained and aware of IT operating procedures and how these implement SOX control objectives.
• Report status of audits, open actions items and remediation efforts.
• Provide auditing and controls expertise to IT to support implementation of controls in new IT systems.
• Support the general IT Risk & Controls objectives by participating in security, compliance and risk management activities.

Experience:

• Undergraduate Degree in Computer Science, Information Systems Management, Finance or Accounting. Certification highly desired (CISA, CISSP). Project management certification or relevant experience preferred.
• 4+ years of experience with functional and technical aspects of IT compliance and auditing principles
• Knowledge and understanding of auditing and control and has experience working with IT operating procedures preferably in the Pharmaceutical/Biotech industry.
• Experience in information and IT services including knowledge of auditing principles, auditing standards and Sarbanes-Oxley (SOX) requirements.
• Experience working with IT general computer controls.
• Knowledge of application access and configuration controls and reviews in an Enterprise Resource Planning (ERP) applications environment (e.g., Oracle EBS) is strongly preferred.
• Project Management skills are required.
• Works under minimal direction and work products require minimal review.
• Supervisory Relationships: Leads a centralized functional activity and is encouraged to effectively oversee temporary workers or consultants
• Applies project management principles to drive teams to achievement of agreed deadlines.
• Experience with assisting with the coordination of internal and external audits (e.g., SOX IT or quality system audits)
• Strong business and technology acumen; solid grasp of general IT computer and application controls, IT platforms and related services
• Skills/experience in planning, coordinating and implementing information technology policies, procedures and practices in regulated computing environments
• Knowledge and understanding of general computer controls, IT process management (i.e., ITIL) including incident, problem, change and release management
• Excellent verbal and written communication, presentation, facilitation and diplomacy skills
• Top 3 Required Skill Sets: IT General Controls, IT Audit/SOX, Project Management
• Top 3 nice to have skills: SDLC, Excellent communication skills, SAP and GRC experience