Job
Description
Hi, We are having an opening for Lead Audit & Compliance Specialist -IT at our Mumbai location. Job Summary : The Lead Audit & Compliance Specialist plays a strategic and hands-on role in managing IT audits, compliance requirements, and risk mitigation initiatives across Sun Pharma's global IT landscape. This role is responsible for planning, coordinating, and executing internal and external IT audits, ensuring adherence to global compliance standards including SOX, GxP, and other regulatory frameworks. The incumbent will work across functions and geographies to embed a culture of compliance, maintain audit readiness, and strengthen IT governance. Key Responsibilities: Audit Lifecycle Management Lead and coordinate global IT audits, including preparation, evidence gathering, walkthroughs, and response submission. Manage the end-to-end lifecycle of audit findings, including tracking, remediation, and closure validation. Compliance & Regulatory Adherence Ensure IT compliance with GxP, SOX, ISO, and other applicable frameworks across infrastructure and service domains. Collaborate with internal stakeholders to implement global policies and ensure readiness for inspections. Documentation & Governance Maintain comprehensive documentation for IT controls, SOPs, risk registers, and mitigation actions. Establish audit dashboards and maintain compliance scorecards by geography and function. Internal Awareness & Training Drive audit and compliance awareness across IT teams through workshops, readiness drills, and role-based training. Continuous Improvement Identify compliance gaps and propose process enhancements or automation opportunities to reduce risk exposure. Specialized Knowledge Requirements Strong understanding of global regulatory standards including SOX, GxP, and ISO 27001 Experience with IT general controls (ITGC), audit frameworks, and risk management tools (e.g., Archer, ServiceNow GRC) Familiarity with ITSM/ITIL processes and audit mapping across Change, Incident, Problem, and Asset Management Exposure to Pharma or highly regulated industries is preferred Internal Stakeholders and Nature of Interaction CIO / Head of IT Service Assurance: Strategic guidance, audit governance, and risk updates Service Assurance, Infra, Cloud, and Application Leads: Evidence coordination, control implementation, RCA collaboration ITBPs, PMO, and HR Compliance: Policy alignment, audit readiness training, and data consistency External Stakeholders and Nature of Interaction Internal & External Auditors: Direct interaction during audit planning, walkthroughs, and evidence presentation Regulatory Inspectors: Respond to inspection findings and ensure documentation and controls are validated Consultants / Third-party Advisors: Best practices adoption, controls benchmarking, and co-sourcing guidance External Interaction % Approximately 3040% of role involves active engagement with auditors, regulatory bodies, and external advisors Nature of Communication Highly structured communication involving formal documentation, audit reports, control narratives, and risk dashboards Strategic presentation of findings to senior leadership and external stakeholders Tactical and operational interactions across teams to ensure data accuracy and audit response readiness Role Played in Negotiations Key influencer in discussions around audit scoping, remediation timelines, and closure sign-off Collaborates with Legal and Compliance teams on the language and commitments in control response narratives Key Decision-Making Expected Assessment of audit risk severity and prioritization of remediation actions Selection and implementation of compliance tools or frameworks for specific geographies or domains Recommendation of policy updates based on new or evolving regulatory standards Key Challenges for the Role Managing diverse compliance obligations across multiple jurisdictions Ensuring consistent and timely audit responses across distributed IT teams Driving cultural shift toward proactive compliance ownership Addressing historical non-compliance in legacy systems Extent and Nature of Innovation Required for the Role High degree of innovation required in designing automation for compliance workflows, dashboards, and evidence management Leveraging analytics to detect non-compliance trends and trigger preventive controls Enhancing audit readiness using AI-enabled documentation checks and control testing tools Job Requirements Educational Qualification: Master's in Information Technology, Risk Management, or related field Certifications: CISA, CRISC, or equivalent certifications are preferred ITIL and GRC platform certification (ServiceNow, Archer, etc.) Skills: Risk-based audit planning and control design Cross-functional collaboration and stakeholder management Tools-based audit management and compliance analytics Experience : 12-15+ years of experience in IT audit, risk, and compliance roles. Exposure to global audit environments and regulated industries (pharma/healthcare preferred)
