Johnson & Johnson Corporate Internal Audit is seeking a Information Technology (IT) Lead Auditor (SAP). The preferred location for this position is New Brunswick, NJ; however, consideration will also be given to candidates in Beerse (Belgium), India, United Kingdom and other NA locations. This position requires up to 40% domestic and international travel.
Johnson & Johnson, through its operating companies, is the world's most comprehensive and broadly based manufacturer of health care products, as well as a provider of related services, for the consumer, pharmaceutical, and medical devices and diagnostics markets. We strive to provide scientifically sound, high quality products and services to help heal, cure disease and improve the quality of life.
Internal Audit's primary mission is to assist Johnson & Johnson management in ensuring that an effective system of internal controls is designed and operating effectively. To this end, the Lead IT Auditor leads and conducts audits of SAP application security and IT general controls across the Johnson & Johnson Family of Companies to evaluate the adequacy of internal controls and to develop recommendations for improvement.
Johnson & Johnson Corporate Internal Audit is seeking a strong and proven professional for the position of IT Lead Auditor. Internal Audit's primary mission is to assist Johnson & Johnson management in ensuring that an effective system of internal controls exists. To this end, team members review information resources across the Johnson & Johnson Family of Companies to evaluate the adequacy of internal controls and to develop recommendations for improvement. Information resources include business critical applications such as SAP and JD Edwards, as well as related technology/infrastructure, data, facilities, organizations, and processes. The IT Lead Auditor plans and executes the most complex audits in compliance with audit standards and related guidelines. This position manages cross-functional audit teams and reviews team progress against audit objectives. The position liaises with management before, during, and after the audit, and is heavily involved in presenting and securing management agreement with audit findings and recommendations. The IT Lead Auditor leverages deep IT and audit knowledge to assess complex operations and risks. Using this knowledge, the IT Lead Auditor defines, develops, and implements new or modified audit programs in line with the Department's mission, vision, and annual goals and objectives. This position also provides management with internal controls advice and guidance.
Leads and performs SAP security and control assurance and advisory engagements.
Continuously assesses SAP security and control risks.
Develops, documents, and maintains SAP audit programs, consistent with enterprise policies and procedures, and industry standards and methods.
Initiates, facilitates, and promotes activities to continuously improve the SAP audit approach, awareness, and training throughout the Department.
Independently assesses the design and operating effectiveness of SAP configuration and process controls impacting financial reporting
Develops and maintains control and process documentation (e.g., control matrices, flowcharts, testing documentation) in accordance with engagement objectives.
Performs root cause analyses and communicates control deficiencies and remediation techniques, both internally and with senior management.
Supports and monitors remediation activities, as and when necessary.
Maintains awareness of SAP enhancements.
Coordinates and manages interactions with multi-functional and cross-geographical teams both internally and externally, as necessary
Identifies internal control weaknesses and
opportunities to improve operating effectiveness.
Directs and performs ongoing controls testing, consistent with J&J SOX 404 program guidelines.
A Bachelor's degree (BA/BS) is required, an advanced degree (MBA or MS) is a plus.
A control-related professional certification, such as CISA, CIA, or CISSP, is preferred.
A minimum of 5 years of IT operations, consulting, and/or audit experience in a corporate environment or with a Big 4 firm is required.
Fluency in English is required.
A strong understanding of IT processes and technologies, with demonstrated proficiency in one or more of the following areas is required: program/project management, architecture, operations, applications, information security, disaster recovery, and infrastructure (operating systems, databases, network, hardware, facilities).
Experience with SAP implementations, SAP security or SAP administrator role is required.
Specific SAP domain expertise in GRC is preferred.
Practical experience in regulatory compliance or risk management is preferred.
English fluency (written and verbal) is required; fluency in multiple languages is preferred.
Excellent presentation and written communication skills are required.
The ability to communicate risk findings and recommendations to others clearly and accurately in non-technical terms is required.
Experience with Sarbanes-Oxley compliance is required.
Experience interacting with all levels of management is required.
Willingness to travel domestically and internationally 40% annually is required. (level of travel may be dependent on country of hire)
Analytical skills; specifically, the ability to assess and decompose processes utilizing a risk and control focus is required.
Ability to demonstrate leadership skills related to living our Credo, connect, lead, shape and deliver is required.
United States-New Jersey-New Brunswick
Europe/Middle East/Africa-United Kingdom, Asia Pacific-India, Europe/Middle East/Africa-Belgium-Antwerp-Beerse, North America
Johnson & Johnson (6067)
Internal Audit IT