Foster City, CA
Contract Duration: 4-18 months
Rate: Negotiable
Salary: NA $1.00
Responsibilities:
- Excellent employment opportunity for an IT Risk & Controls Manager in the Foster City, CA area.
- Onsite: (subject to the vaccine mandate) - Hybrid, 2 3 days onsite and remainder will be remote Hybrid Ok
- This position provides the required IT Risk & Controls program by sharing a point of view around ITGC controls design and audit support with expertise in a broad range of information security management topics.
- Assist in the efforts to scope and evaluate the design of Internal Controls over Financial reporting (ICFR) specific to IT systems in compliance with the Sarbanes-Oxley Act (SOX) while supporting an efficient and effective process
- Liaison with the Company's external and internal audit to provide expertise and consultation for a smooth and effective audit
- Assist in the assessment of the impact of audit findings, provide consultative support to system managers and support teams, and monitor remediation and action plans
- Coordinate with 3rd party service provider's as it relates to quality assessments of control execution, and the review of changes and assessments of SOX systems
- Conduct training and awareness of Company's IT system key controls framework of policies, procedures, standards and guidelines
- Work closely with business process owners, SOX PMO and Internal Audit on implementation, execution and compliance with IT system key controls
- Participate in IT project risk assessment reviews to support development of new and/or modification of existing application
- Support operational IT controls for new and emerging areas of risk
- Coordinate internal and external audits and ensure IT system owners are trained and aware of IT operating procedures and how these implement SOX control objectives.
- Report status of audits, open actions items and remediation efforts.
- Provide auditing and controls expertise to IT to support implementation of controls in new IT systems.
- Support the general IT Risk & Controls objectives by participating in security, compliance and risk management activities.
Experience:
- Undergraduate Degree in Computer Science, Information Systems Management, Finance or Accounting. Certification highly desired (CISA, CISSP). Project management certification or relevant experience preferred.
- 4+ years of experience with functional and technical aspects of IT compliance and auditing principles
- Knowledge and understanding of auditing and control and has experience working with IT operating procedures preferably in the Pharmaceutical/Biotech industry.
- Experience in information and IT services including knowledge of auditing principles, auditing standards and Sarbanes-Oxley (SOX) requirements.
- Experience working with IT general computer controls.
- Knowledge of application access and configuration controls and reviews in an Enterprise Resource Planning (ERP) applications environment (e.g., Oracle EBS) is strongly preferred.
- Project Management skills are required.
- Works under minimal direction and work products require minimal review.
- Supervisory Relationships: Leads a centralized functional activity and is encouraged to effectively oversee temporary workers or consultants
- Applies project management principles to drive teams to achievement of agreed deadlines.
- Experience with assisting with the coordination of internal and external audits (e.g., SOX IT or quality system audits)
- Strong business and technology acumen; solid grasp of general IT computer and application controls, IT platforms and related services
- Skills/experience in planning, coordinating and implementing information technology policies, procedures and practices in regulated computing environments
- Knowledge and understanding of general computer controls, IT process management (i.e., ITIL) including incident, problem, change and release management
- Excellent verbal and written communication, presentation, facilitation and diplomacy skills
- Top 3 Required Skill Sets: IT General Controls, IT Audit/SOX, Project Management
- Top 3 nice to have skills: SDLC, Excellent communication skills, SAP and GRC experience