Specialist IS Bus Sys Analyst

Job Description

What you will do Lets do this. Lets change the world. In this vital role you will be part of the Governance, Risk and Compliance (GRC) team within Cybersecurity and Digital Trust (CDT). This team is part of Amgen's technology team. In this position you are responsible for enabling Information Technology Sarbanes-Oxley (SOX) Compliance. You are required to collaborate with the IT SOX Compliance Manager, service owners, engineers, and other Amgen internal partners such as Finance, Compliance, Corporate Audit and Law department to develop, maintain, and improve Amgens Information Compliance. Roles & Responsibilities: You will bring forth out of the box thinking, an agile approach and domain expertise and highly developed understanding of IS controls to empower IS process and product owners to build and maintain IT controls and solutions with compliance, by design. You will perform the following activities, and any additional tasks required to attest that our systems, applications and infrastructures subjected to different aspects of compliance are able to verify adherence efficiently and effectively. Own and run the ITGC SOX Controls Management and Compliance function Deep understanding of industry standard regulatory compliance frameworks Exceptional interpersonal skills, soft skills and presentation skills Prior experience in working with and presenting to external auditors Experience working with regulatory tools and applications Coordinate, collaborate, and communicate with IT personnel across the organization, audit committee and regulatory compliance teams to ensure that our IS SOX process is followed as required by our organization Ability to demonstrate solid sense of ownership, detail orientation, keen focus on quality and setting clear expectations In charge of working with process owners, internal, and external auditors in support of our quarterly certification process Collaborate and support any SOX evidence request efforts made by Internal and External Audit teams Develop and promote educational mentorship resources that will help facilitate new owners understanding of the Sarbanes-Oxley Act and their responsibilities Review documentation to identify control gaps Create and author documentation and training materials Participate in walkthroughs with system, service, and process owners Review and analyze SOX systems and applications showing in Configuration Management Database (CMDB) for SOX applicability and ensure all components are collected and accounted for Deep understanding of IT infrastructure and hands on experience in Information Technology Infrastructure Library (ITIL) and System Development Life Cycle (SDLC) Assess the risks of IT audit findings, identify mitigating controls and incorporate in IT process framework continual improvement Map regulatory requirements across functions to identify compliance and audit response efficiencies while liaising with internal auditors and IT service owners to ensure information assurance processes are mature, and outcomes are effective by appropriately addressing and raising relevant risks to policy and regulatory compliance Maintain awareness of changing technology environments, implementation methodologies and frameworks used to support responsible functions (e.g., AI, machine learning, Dev Ops, etc.) Ensure quality of work and timeliness across different functional deliverables and take ownership of issues and coordinate through to completion What we expect of you We are all different, yet we all use our unique contributions to serve patients. Basic Qualifications: Masters degree with 4 to 6 years in Information Technology or Cybersecurity OR Bachelors degree with 6to 8 years experience in regulatory compliance and auditing Functional Skills: Must-Have Skills: 4+ years of IT audit, Information Technology / Security control assurance or enterprise IT compliance experience Working knowledge of Information Governance principles and Information Security principles: confidentiality, integrity, and availability Knowledge of international standards for Information Technology and Information Governance Experience working with various technologies, IT frameworks and methodologies Proven ability to understand the concepts of new cloud technologies and other paradigms such as emerging Big Data technologies, lean methodologies to propose appropriate controls and compliance mentorship Strong written and verbal communication, including the ability to explain technical matters to a non-technical audience Possess strong organizational and collaboration skills Strong written and verbal communication, including the ability to explain technical matters to a non-technical audience Possess strong organizational and collaboration skills Working in large / global corporate environments involving multiple businesses Good-to-Have Skills: 3+ years of experience within health, biotechnology/pharma or other regulated industries Experience working in Agile and/or DevOps teams (SCRUM) Working experience with Governance, Risk and Compliance (GRC) tools. Exceptional teamwork encompassing multi-functional teams, peer relationships, informing, understanding and appreciating differences Strong ability to convey and influence complex information compliance, risk and security issues in a manner that is easily understood and actionable Ability to effectively facilitate and inspire change within the organization. Developing / delivering presentations to large audiences and at all levels within the organization Professional Certifications: Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified Information Systems Security Professional (CISSP) SANS Global Information Assurance Certifications (GIAC) Soft Skills: Good communication and collaboration skills, particularly when working with global teams. Ability to manage and prioritize tasks effectively in a high-pressure environment. Critical thinking and problem-solving abilities, especially in incident response situations. A commitment to continuous learning and knowledge sharing.