Eli Lilly and Company
Associate Director - SOx IT Audit Readiness Lead
Eli Lilly and Company, Indiana, Pennsylvania, us, 15705
At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.
The
SOx
IT Audit Readiness Lead is responsible for the oversight of IT
SOx
compliance as it relates to validated and materially significant computer systems at Lilly. This includes
establishing
and maintaining the
SOx
-related IT General Control (ITGC) requirements for computer systems subject to
SOx
requirements;
c
onsulting with Financial and
Tech@Lilly
areas on the interpretation and application of
SOx
compliance requirements;
m
onitoring the
SOx
inspection-ready state of the
Tech@Lilly
assets;
i
dentifying
and managing key relationships within Financial, Corporate Audit Services, Ernst & Young (E&Y, external auditor), suppliers, and
Tech@Lilly
SMEs to influence and drive key decisions; and
e
xternal benchmarking of
SOx
controls for
Tech@Lilly
applications and infrastructure services based on the obligations and standards set forth by the external regulating and oversight organizations
(
i.e.
PCAOB)
. Key Objectives/Deliverables: SOx
Compliance Program Operations/Delivery Serve as the IT member of
SOx
Program Management Office (Financial),
SOx
Sub-Committee and
SOx
Steering Committee.
Determine
IT
SOx
scope annually based on Financial
SOx
scope.
Continuously enhance and
operate
SOx
compliance program.
Maintain and communicate
SOx
metrics and trends.
Interpret and remediate significant
SOx
compliance gaps.
Lead
and regularly collaborate with
a group of
SOx
Functional Coordinators.
Ensure the year-end reporting/certification obligations are fulfilled.
Manage and
assist
E
Y’s engagements, including US and OUS audits.
Conduct
SOx
assessments on newly in-scope
or
high risk
Tech@Lilly
assets.
Ensure
SOx
requirements are met by third party service providers in scope for
SOx
.
Partner with multiple
Tech@Lilly
teams (US and OUS) to
identify
potential
SOx
risks and mitigate risks before the audit (
i.e.
Tech@Lilly
Outsourcing, BPO, new system implementations,
etc.
).
Grow Capabilities and Knowledge Increase the
SOx
awareness to the
Tech@Lilly
organization.
Stay abreast of the changes in
SOx
requirements, PCAOB standards, E&Y’s Primary Controls, Corporate Audit Services’ audit practice,
etc.
to ensure the
SOx
program meets all requirements and expectations in the most efficient way.
Develop
training materials / programs
and train
IT
SOx
Functional Coordinators
and control owners
for their responsibilities in overseeing
SOx
IT
assets
.
Participate in field audits (
SOx
or non-
SOx
) periodically to assess the audit program and the
Tech@Lilly
operations at various sites (Lilly or non-Lilly)
.
Identify
opportunities to automate control
activities where
appropriate
and support the business in exploring options to
drive automation and intelligent workflows.
Maintain Inspection Readiness Provide guidance to
SOx
Functional Coordinators and system owners/custodians to help ensure
positive
SOx
compliance and audit outcome.
Partner with CSQA to
ensure the
appropriate control
design is implemented
, understood by control owners,
and accurately documented
for in-scope
IT
assets
.
Partner with business process owners to ensure key vendors’ (existing or potential)
IT
environment
are
operating
in control.
Create and
maintain
inspection-readiness information for system owners and custodians.
Identify
and improve inspection-ready activity.
Escalate issues
and observations with business owners, FCO and
S
O
x
committee
tim
ely
and support remediation activities when needed.
Drive Operational Efficiency and Business Value Understand and maximize business value of
SOx
controls for
Tech@Lilly.
Understand customer, company, and Quality priorities.
Provide consulting and right-sizing of
SOx
-related activities based on risk.
Identify
and pursue opportunities for streamlining and right-sizing
, including potential automation of manual control processes.
Identify
systemic issues and trends and drive improvement activity.
Understand the external environment/best practices and bring external learning back to Lilly.
Minimum
Requirements: Bachelor’s degree in
technology-related field, such as Computer Science, Engineering,
Mathematics, or Life Sciences; or equivalent experience (i.e., 7
+ years’ experience)
5+ years of IT Audit experience (internal.external)
Demonstrated understanding of
Sarbanes-Oxley requirements
for computer systems
Demonstrated understanding of f
inancial
business processes
Additional Preferences: Certified IT Auditor (e.g., CISA, CIA)
Demonstrated understanding of
Tech@Lilly
internal controls and
Sarbanes-Oxley requirements
Experience working with and influencing quality practices of third parties
Understanding of process development and/or improvement (
e.g.
Six Sigma)
Proficiency
with
Tech@Lilly
systems development life cycle
Knowledge and experience with data lakes,
control automation,
multiple
systems
and platforms
Established relationships with internal CAS or external E&Y audit groups
Proficiency
with Lilly Computer Systems Validation requirements
Other Information: P
osition is hybrid work
located
at Lilly Corporate Center,
Indianapolis IN. Employees are expected to be in the office most days, with up to four days per month flexible to work remotely.
Travel may occasionally be required, no more than 5% of time.
Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form (
https://careers.lilly.com/us/en/workplace-accommodation
) for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response. Lilly is proud to be an EEO Employer and does not discriminate on the basis of age, race, color, religion, gender identity, sex, gender expression, sexual orientation, genetic information, ancestry, national origin, protected veteran status, disability, or any other legally protected status.
Our employee resource groups (ERGs) offer strong support networks for their members and are open to all employees. Our current groups include: Africa, Middle East, Central Asia Network, Black Employees at Lilly, Chinese Culture Network, Japanese International Leadership Network (JILN), Lilly India Network, Organization of Latinx at Lilly (OLA), PRIDE (LGBTQ+ Allies), Veterans Leadership Network (VLN), Women’s Initiative for Leading at Lilly (WILL), enAble (for people with disabilities). Learn more about all of our groups. Actual compensation will depend on a candidate’s education, experience, skills, and geographic location. The anticipated wage for this position is $111,000 - $162,800 Full-time equivalent employees also will be eligible for a company bonus (depending, in part, on company and individual performance). In addition, Lilly offers a comprehensive benefit program to eligible employees, including eligibility to participate in a company-sponsored 401(k); pension; vacation benefits; eligibility for medical, dental, vision and prescription drug benefits; flexible benefits (e.g., healthcare and/or dependent day care flexible spending accounts); life insurance and death benefits; certain time off and leave of absence benefits; and well-being benefits (e.g., employee assistance program, fitness benefits, and employee clubs and activities).Lilly reserves the right to amend, modify, or terminate its compensation and benefit programs in its sole discretion and Lilly’s compensation practices and guidelines will apply regarding the details of any promotion or transfer of Lilly employees. #WeAreLilly
#J-18808-Ljbffr
SOx
IT Audit Readiness Lead is responsible for the oversight of IT
SOx
compliance as it relates to validated and materially significant computer systems at Lilly. This includes
establishing
and maintaining the
SOx
-related IT General Control (ITGC) requirements for computer systems subject to
SOx
requirements;
c
onsulting with Financial and
Tech@Lilly
areas on the interpretation and application of
SOx
compliance requirements;
m
onitoring the
SOx
inspection-ready state of the
Tech@Lilly
assets;
i
dentifying
and managing key relationships within Financial, Corporate Audit Services, Ernst & Young (E&Y, external auditor), suppliers, and
Tech@Lilly
SMEs to influence and drive key decisions; and
e
xternal benchmarking of
SOx
controls for
Tech@Lilly
applications and infrastructure services based on the obligations and standards set forth by the external regulating and oversight organizations
(
i.e.
PCAOB)
. Key Objectives/Deliverables: SOx
Compliance Program Operations/Delivery Serve as the IT member of
SOx
Program Management Office (Financial),
SOx
Sub-Committee and
SOx
Steering Committee.
Determine
IT
SOx
scope annually based on Financial
SOx
scope.
Continuously enhance and
operate
SOx
compliance program.
Maintain and communicate
SOx
metrics and trends.
Interpret and remediate significant
SOx
compliance gaps.
Lead
and regularly collaborate with
a group of
SOx
Functional Coordinators.
Ensure the year-end reporting/certification obligations are fulfilled.
Manage and
assist
E
Y’s engagements, including US and OUS audits.
Conduct
SOx
assessments on newly in-scope
or
high risk
Tech@Lilly
assets.
Ensure
SOx
requirements are met by third party service providers in scope for
SOx
.
Partner with multiple
Tech@Lilly
teams (US and OUS) to
identify
potential
SOx
risks and mitigate risks before the audit (
i.e.
Tech@Lilly
Outsourcing, BPO, new system implementations,
etc.
).
Grow Capabilities and Knowledge Increase the
SOx
awareness to the
Tech@Lilly
organization.
Stay abreast of the changes in
SOx
requirements, PCAOB standards, E&Y’s Primary Controls, Corporate Audit Services’ audit practice,
etc.
to ensure the
SOx
program meets all requirements and expectations in the most efficient way.
Develop
training materials / programs
and train
IT
SOx
Functional Coordinators
and control owners
for their responsibilities in overseeing
SOx
IT
assets
.
Participate in field audits (
SOx
or non-
SOx
) periodically to assess the audit program and the
Tech@Lilly
operations at various sites (Lilly or non-Lilly)
.
Identify
opportunities to automate control
activities where
appropriate
and support the business in exploring options to
drive automation and intelligent workflows.
Maintain Inspection Readiness Provide guidance to
SOx
Functional Coordinators and system owners/custodians to help ensure
positive
SOx
compliance and audit outcome.
Partner with CSQA to
ensure the
appropriate control
design is implemented
, understood by control owners,
and accurately documented
for in-scope
IT
assets
.
Partner with business process owners to ensure key vendors’ (existing or potential)
IT
environment
are
operating
in control.
Create and
maintain
inspection-readiness information for system owners and custodians.
Identify
and improve inspection-ready activity.
Escalate issues
and observations with business owners, FCO and
S
O
x
committee
tim
ely
and support remediation activities when needed.
Drive Operational Efficiency and Business Value Understand and maximize business value of
SOx
controls for
Tech@Lilly.
Understand customer, company, and Quality priorities.
Provide consulting and right-sizing of
SOx
-related activities based on risk.
Identify
and pursue opportunities for streamlining and right-sizing
, including potential automation of manual control processes.
Identify
systemic issues and trends and drive improvement activity.
Understand the external environment/best practices and bring external learning back to Lilly.
Minimum
Requirements: Bachelor’s degree in
technology-related field, such as Computer Science, Engineering,
Mathematics, or Life Sciences; or equivalent experience (i.e., 7
+ years’ experience)
5+ years of IT Audit experience (internal.external)
Demonstrated understanding of
Sarbanes-Oxley requirements
for computer systems
Demonstrated understanding of f
inancial
business processes
Additional Preferences: Certified IT Auditor (e.g., CISA, CIA)
Demonstrated understanding of
Tech@Lilly
internal controls and
Sarbanes-Oxley requirements
Experience working with and influencing quality practices of third parties
Understanding of process development and/or improvement (
e.g.
Six Sigma)
Proficiency
with
Tech@Lilly
systems development life cycle
Knowledge and experience with data lakes,
control automation,
multiple
systems
and platforms
Established relationships with internal CAS or external E&Y audit groups
Proficiency
with Lilly Computer Systems Validation requirements
Other Information: P
osition is hybrid work
located
at Lilly Corporate Center,
Indianapolis IN. Employees are expected to be in the office most days, with up to four days per month flexible to work remotely.
Travel may occasionally be required, no more than 5% of time.
Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form (
https://careers.lilly.com/us/en/workplace-accommodation
) for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response. Lilly is proud to be an EEO Employer and does not discriminate on the basis of age, race, color, religion, gender identity, sex, gender expression, sexual orientation, genetic information, ancestry, national origin, protected veteran status, disability, or any other legally protected status.
Our employee resource groups (ERGs) offer strong support networks for their members and are open to all employees. Our current groups include: Africa, Middle East, Central Asia Network, Black Employees at Lilly, Chinese Culture Network, Japanese International Leadership Network (JILN), Lilly India Network, Organization of Latinx at Lilly (OLA), PRIDE (LGBTQ+ Allies), Veterans Leadership Network (VLN), Women’s Initiative for Leading at Lilly (WILL), enAble (for people with disabilities). Learn more about all of our groups. Actual compensation will depend on a candidate’s education, experience, skills, and geographic location. The anticipated wage for this position is $111,000 - $162,800 Full-time equivalent employees also will be eligible for a company bonus (depending, in part, on company and individual performance). In addition, Lilly offers a comprehensive benefit program to eligible employees, including eligibility to participate in a company-sponsored 401(k); pension; vacation benefits; eligibility for medical, dental, vision and prescription drug benefits; flexible benefits (e.g., healthcare and/or dependent day care flexible spending accounts); life insurance and death benefits; certain time off and leave of absence benefits; and well-being benefits (e.g., employee assistance program, fitness benefits, and employee clubs and activities).Lilly reserves the right to amend, modify, or terminate its compensation and benefit programs in its sole discretion and Lilly’s compensation practices and guidelines will apply regarding the details of any promotion or transfer of Lilly employees. #WeAreLilly
#J-18808-Ljbffr