Johnson & Johnson - GAM Compliance Specialist

About Johnson & Johnson

Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity.

The GAM Compliance Specialist is responsible for access management governance over applicable information technology controls and all compliance related activities, including SOX certification and compliance with relevant policies and procedures across the supported organizations.

The role will also be responsible for performing reviews of system access and segregation of duties conflicts for all users of the various ERP and application systems utilized by supported organizations and will be the process leader for Global Access Management governance.

Key Responsibilities:

• Review access/change request form for completeness
• Review access request against the role matrix/library and ensure approvers are correct based on the approval matrix
• Perform Segregation of Duties (SOD) checks ensuring access requested does not have conflict with existing access and manual job responsibilities.
• Review weekly movement report ensuring transfer employee's system access is up-to-date and terminated user's system access is revoked on time.
• Main support of the review process including automated access review (NAGS)
• Perform immediate action based on the reviewer's feedback and concerns
• Ensure that user access recertification is completed on time
• Identification of mitigating control assignment request for users with valid SOD conflicts
• Review and validation of new SOD conflicts and Document mitigating controls assignment
• Annual update of mitigating control library

• Identification of appropriate access approvers (i.e. role owner, compliance manager)
• Main support of the review process including automated access review (NAGS)
• Perform immediate action based on the reviewer's feedback and concerns
• Ensure that user access recertification is completed on time
• Provide training and continuous support to business reviewers/approvers and related process owners through conduct of IT SOX and Global Access Management refresher trainings
• Main support for the UA SOD scope in CIA audits
• Responsible for SOX/Compliance mentorship deployment (ie DCM walkthroughs to Affiliates) and new projects (ie GRC implementation)
• Perform controls validation testing of all applicable IT controls as per guidelines from the SOX Program including UASOD, interface controls, configurable and application controls related to finance systems and processes.
• Assist on the due diligence project by performing key controls testing based on Global prescribed test scripts and attributes.

• Support the business by monitoring risks related to organization, technology, and process changes to ensure that the system roles remain appropriate over time.
• Other matters that may be assigned.

• At least 2-3 years significant experience
• If IT background, experience in Access Management is a must.
• For Finance background, audit and ITGC background is required.
• University degree in Finance or related field or equivalent with professional certification (e.g. CISA, CPA)
• Proficient in basic MS Office applications (Excel, Outlook, Powerpoint, Word) required
• Working knowledge of SAP (or other ERP's) an advantage
• Familiarity in SOX documentation procedure and SOX certification is desirable
• Demonstrated experience in internal/external audit, finance, compliance
• Experience in shared services center of a multinational corporation desirable
• Proactive with good interpersonal skills
• Good command of the English language