PRIMARY DUTIES AND RESPONSIBILITIES:

• Assists with maintaining the Companys IT SOX program such as developing and reviewing detailed documentation of system scoping process narratives IT General Control (ITGC) design and assisting with control execution where applicable.

• Assists in the identification and assessment of IT risks and issues that could have an impact on financial reporting.

• Supports the early identification of systems that require SOX assessment and partners with applicable system owners and key stakeholders to design implement and document effective ITGCs and applicable automated controls.

• Conducts ongoing reviews to ensure management can continue to rely on SOX systems and relevant IT general and automated controls.

• Assists management in performing self-assessments in relation to ITGC and provides recommendations for risk mitigation. This includes documentation for new and modified processes as well as new acquisitions.

• Provides controls guidance to IT and the business to facilitate operational effectiveness and ensures SOX compliance requirements are met.

• Responsible for developing and maintaining the ITGC SOX Portal documentation.

• Assists with user access role design and reviews including identification of privileged/sensitive access and segregation of duties (SOD) conflicts within and across multiple systems including assistance with documenting managements assessment of the results.

• Reviews SOC1 & SOC2 reports from third parties working with major suppliers and vendors to improve IT SOX control maturity and addresses concerns where required.

• Participates in the assessment and design of automated solutions to support SOX control execution (e.g. Alteryx or Robotic Process Automation).

• Supports maintaining the SAP GRC Access Control & Process Control tools as well as other rulesets for continuous monitoring of logical access and configurable controls within SAP and Microsoft Dynamics 365.

• Participates in new acquisition onboarding activities and assists in the design of IT processes including the evaluation of IT control environment and the development of internal controls.

• Assists the Internal Controls team in researching and documenting SOX issues identifying root cause and tracking remediation to conclusion. Reviews findings from internal and external audits and facilitates the remediation plans.

• Works closely with the Internal Audit Information Security IT Compliance and other IT and Business departments in resolving IT control issues.

• Stays current with latest changes in external and internal compliance initiatives that may affect the organizations internal controls compliance.

• Performs other duties as assigned.

• Travel may be required periodically

EXPERIENCE AND EDUCATIONAL REQUIREMENTS:

Bachelors Degree with a preferred concentration in information system management computer science accounting or another related field.

One or more of the following certifications desired but not required: Certified Information Systems Auditor (CISA) Certified Information Systems Manager (CISM) Certified Information Systems Security Professional (CISSP) Certified in Risk and Information Systems Control (CRISC) Certified Public Accountant (CPA) Certified Internal Auditor (CIA) or Certified Fraud Examiner (CFE). Normally requires a minimum of three (3) years of experience in internal controls public accounting and/or internal auditing with a focus on assessing controls around and within accounting information systems.

MINIMUM SKILLS KNOWLEDGE AND ABILITY REQUIREMENTS:

• Working knowledge of Sarbanes-Oxley requirements.
• Self-starter strong work ethic adaptable and actively seeks opportunities to improve the SOX Program by sharing those recommendations for consideration as an agent for change.
• Strong understanding of IT controls including ITGCs and automated controls.
• Knowledge of international control frameworks and standards such as COSO COBIT ISO27001 and NIST.
• Strong understanding of IT and Information Security/Cybersecurity related controls including identity and access management privileged access management system development life cycle methodologies IT Operations IT governance and other application specific control principles and risks in both cloud and on-premises infrastructures.
• Knowledge of different technologies and platforms such as Active Directory Windows Servers Unix/Linux IBMi SQL Server and Oracle databases and security concepts ((e.g. firewalls public/private key encryption VPN etc.).
• Experience in reviewing SOC1/SOC2 reports and performing assessments as a result of deficiencies identified over third-party organizations.
• Proficient in Microsoft Excel including functions such as Vlookup pivot tables data validation and analytical skills.
• Working knowledge of data analytic applications (e.g. Alteryx IDEA PowerBI) is preferred. Coding experience is a plus.
• Ability to communicate effectively both orally and in writing; ability to communicate with associates and management in a cross-functional matrix organization; solid teamwork and interpersonal skills to successfully interact and influence employees.
• Strong planning and organizational skills with attention to detail.
• PC literate with ability to learn systems and processes quickly (SAP ECC/S4 SAP GRC or MS D365 a plus)

WORK ENVIRONMENT:

The work environment characteristics described here are representative of those an associate encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions:

The noise level in the work environment is generally quiet.

PHYSICAL AND MENTAL REQUIREMENTS:

The physical demands described here are representative of those that must be met by an associate to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions:

• Sedentary physical activity requiring reaching sifting lifting finger dexterity grasping feeling repetitive motions talking and hearing.
• Visual requirement is for close vision distance vision peripheral vision and ability to adjust focus.
• 50% or more time is spent looking directly at a computer.
• Associate is frequently required to stand walk (or otherwise be mobile).
• Ability to deal with stressful situations as they arise.

.

• Working knowledge of Sarbanes-Oxley requirements.
• Self-starter strong work ethic adaptable and actively seeks opportunities to improve the SOX Program by sharing those recommendations for consideration as an agent for change.
• Strong understanding of IT controls including ITGCs and automated controls.
• Knowledge of international control frameworks and standards such as COSO COBIT ISO27001 and NIST.
• Strong understanding of IT and Information Security/Cybersecurity related controls including identity and access management privileged access management system development life cycle methodologies IT Operations IT governance and other application specific control principles and risks in both cloud and on-premises infrastructures.

What Cencora offers

Benefit offerings outside the US may vary by country and will be aligned to local market practice. The eligibility and effective date may differ for some benefits and for team members covered under collective bargaining agreements.

Affiliated Companies

Equal Employment Opportunity

Cencora is committed to providing equal employment opportunity without regard to race color religion sex sexual orientation gender identity genetic information national origin age disability veteran status or membership in any other class protected by federal state or local law.

The companys continued success depends on the full and effective utilization of qualified individuals. Therefore harassment is prohibited and all matters related to recruiting training compensation benefits promotions and transfers comply with equal opportunity principles and are non-discriminatory.

Cencora is committed to providing reasonable accommodations to individuals with disabilities during the employment process which are consistent with legal requirements. If you wish to request an accommodation while seeking employment please call 888.692.2272 or email . We will make accommodation determinations on a request-by-request basis. Messages and emails regarding anything other than accommodations requests will not be returned