GAM Compliance Lead

Description:

At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at https://www.jnj.com/.

For more than 130 years, diversity, equity & inclusion (DEI) has been a part of our cultural fabric at Johnson & Johnson and woven into how we do business every day. Rooted in Our Credo, the values of DEI fuel our pursuit to create a healthier, more equitable world. Our diverse workforce and culture of belonging accelerate innovation to solve the world’s most pressing healthcare challenges.

We know that the success of our business – and our ability to deliver meaningful solutions – depends on how well we understand and meet the diverse needs of the communities we serve. Which is why we foster a culture of inclusion and belonging where all perspectives, abilities and experiences are valued and our people can reach their potential.

At Johnson & Johnson, we all belong.

Johnson & Johnson is recruiting for a GAM Compliance Lead, located in Paranaque City, Manila.

The Global Access Management Compliance Lead is responsible for assuring applicable information technology controls and all compliance-related activities, including SOX certification and compliance with relevant policies and procedures across the supported organizations.

The role will also be responsible for performing reviews of system access and segregation of duties conflicts for all users of the various ERP and application systems used by supported organizations and will be the process leader for Global Access Management governance.

Main Responsibilities:

• Identify partner concerns and facilitate discussion on process consultations, identify problems and communicate potential solutions.
• Responsible for handling and performing applicable IT controls assurance and compliance activities
• Perform control validation testing of all applicable IT controls as per guidelines from the SOX Program including UASOD, interface controls, configurable and application controls related to finance systems and processes.
• Assist with the implementation of Regional Compliance initiatives and Compliance department related activities such as risk management and assessment programs, compliance audit annual calendar of activities, monthly leadership compliance related requirements.
• Build and implement risk assessment and management process over financial IT related process which includes risk prioritization and evaluation subject to the approval of the Regional GFS Compliance Head.
• Guide business process owners and provide full advisory support during process-related internal and external audit reviews.
• Inform/discuss with potential risks and issues and/or opportunities for improvement and standard processes at the GS centers to promote strong compliance.
• Other matters that may be assigned.
  
  

Core Compliance Taxonomy Responsibilities:

User Access Management

• Review and perform risk analysis for access/change requests ensuring completeness of the access request form and segregation of duties.
• Review access request against the role matrix/library and ensure approvers are correct based on the approval matrix
• Perform Segregation of Duties (SOD) checks ensuring access requested does not have conflicts with existing access implementing a cross-system analysis and considering manual job responsibilities.
  
  

Participate in the process of role creation and risk analysis assessments based on requirements and develop recommendations from those findings

• Review weekly changes/transfers report to ensure accesses are accurate to the user’s current function and take action on changes detected and terminated users to ensure a compliant environment.
• Support the remediation for all Corporate Governance, Segregation of Duties, and Sarbanes-Oxley-related projects and ongoing maintenance in these efforts in the SAP space.
• Review complex business processes, systems, workflows, SOPs, policies and procedures to identify, document, and elevate the presence of risks and controls, both manual and automated, and/or management controls in each functional area to mitigate any risk or exposure
• Stay up to date on the latest risks and challenges in the SAP/Systems space and provide current and ongoing recommendations to J&J leadership on our risk posture. Drive continuous process improvement in order to meet changing business conditions
• Work closely with IT to support on global access reviews, raising issues, peering with IT and supporting reviewers to ensure 100% of the appropriateness reviews are done within the deadline.
• Work in partnership with Compliance Team to provide best recommendations on User Access and Segregation of duties issues, mapping mitigating controls, reviewing them and updating them accordingly as per guidelines to guarantee risks are properly mitigated.
• Monitor the review progress to ensure that reviewers complete the review timely, escalate reviews to reviewer's supervisor and leadership if reviewer is not able to complete review. Provide help and support for questions in performing the review.
• Provide trainings to process owners (users and reviewers) on the processes to request, review and run user access for the systems they use including SOD assessment. This is to ensure they understand the process and are performing the control appropriately.
• Ensure compliance with all Sarbanes‐Oxley and all other internal control & regulatory requirements
• Ensure successful internal and external audits in the area of user access & segregation of duties.
• Support the Go Lives/Transitions/Due Diligence process to ensure compliant user access & segregation of duties processes & controls.
• Maintain the standardized Sarbanes‐Oxley Documentation package for user access & segregation of duties and ensure alignment with global initiatives
  
  

Access Approver Management

• Deliver training to the designated Access Approvers to ensure that the approval workflow process was understood, and controls were performed appropriately.
• Assess if the access approver is appropriate for the role and scope of the request.
• Perform approver review and provide positive confirmation on the appropriateness of access and any changes required.
• Monitor Access Approver
  
  

Access Risk & SOD Ruleset Governance

• Monitor and Approve Access Risk and SOD Rulesets for changes
• Implement Change Control and Testing of Access Risk and SOD Rulesets changes
• Communicate Changes and Train Access Approvers
  
  

Role Design Governance

• Support the business by monitoring risks related to organization, technology, and process changes to ensure that the system roles remain appropriate over time.
• Act as a compliance tester to validate that role changes are implemented per approved design and critical access and SOD conflicts are identified and remediated before implementation.
• Act as a compliance approver for role creation or changes to ensure critical access and SOD conflicts are identified and remediated before implementation.
  
  

Qualifications:

• At least 3 years of progressive experience in auditing in one or more of the following fields: (a) financial/operational, (b) external, (c) information systems, and (d) compliance.
• Strong attention to detail and precise work delivered is a must
• Strong customer focus with excellent communication, presentation and training skills
• Proficient in basic MS Office applications (Excel, Outlook, Powerpoint, Word) required
• Solid understanding of SAP (or other ERP's) an advantage
• Familiarity in SOX documentation procedure and SOX certification is desirable
• Demonstrated experience in internal/external audit, finance, compliance
• Control, Compliance, Audit and/or Operational Risk experience is desirable
• Relevant experience in risk identification, assessment, monitoring, and remediation will be an additional strength
• Ability to think strategically and connect.
• Strong customer focus with excellent communication, presentation, and training skills
• Knowledge of the Banking environment is a plus
• Planning, prioritization, and multitasking skills.
• Experience managing/working on complex projects, with variable partners and within tight deadlines
• Effectively work with new and changing situations.
• Good interpersonal, as well as both oral and written communication skills.
• Good command of English language