IT Audit and Compliance Consultant

Lake County, IL, US
Aug 03, 2018
Required Education
Bachelors Degree
Position Type
Full time
The IT Audit & Compliance Consultant position serves a tactical purpose for AbbVie and must achieve a difficult balance of involvement and objectivity. Accountable for independently leading & facilitating internal audits, external inspection, and governance processes through a disciplined approach of performing analysis of quality IT systems and operational areas on a periodic basis. Review and monitor the completion of IT Non-Conformances/Exception and Corrective and Preventative Actions (CA/PAs) to address the deficiencies identified. Understands the basic concepts related Governance, Risk Management and Compliance as it applies it to IT and QA areas.


The major responsibilities of this position are primarily focused on:
  • Leading & managing IT inspections/Audits independently. This would encompass presenting / providing responses to auditor's during audits, formulate remediation plans & recommendations, and review corrective actions to determine if corrective actions and commitments have been properly implemented, proven to be effective and are being maintained.
  • Tracking, reviewing and monitoring IT Exceptions / Non- Conformities and associated Corrective & Preventative actions.
  • Coordinate execution of IT audit plans to optimize audit speed and effectiveness
  • Coordinate efforts with internal / external audit as appropriate
  • Assess compliance of systems, facilities, and procedures per applicable regulations through audits and assessments, assuring compliance to regulatory requirements and AbbVie specifications
  • Lead and execute IT audits execution for a throughout AbbVie's international and domestic organizations while interacting with their local audit management as necessary
  • Prepare and present IT audit remediation plans to stakeholders as necessary
  • Identify and communicate risk & control themes
  • Participate in the IT risk assessment and creation of the audit observation remediation plans for assigned entities and critical systems
  • Responsible for compliance with applicable Corporate and Divisional Policies and procedures.
  • Understanding all applicable AbbVie IT policies, procedures and practices. Reviews and provides input to improve procedures as applicable.
  • Train & educate internal IT staff on AbbVie IT policies, procedures and practices as necessary.


  • Provides targeted and quantifiable reporting of Audit findings/observations, IT Exception/non-conformities & Risk Management activities, including all aspects of the metrics/reporting lifecycle management.
  • Collaborates with all technology groups, lines of business, and corporate functional areas to define, gather and analyze risk metrics. Provides targeted reporting to all levels of IT and Business management.
  • Maintains a customized process, risk and control framework to improve the organization's IT risk profile by aligning with the regulatory and quality, industry practices and internal requirements.
  • Coordinates and communicates IT risk-related activities among key stake holders. Integrates and coordinates risk intelligence artifacts to gain efficiencies and reduce redundancy.
  • Executes, maintains, oversees governance, risk and compliance tools with the goal of improving efficiency, reducing costs, improving agility and optimizing information technology governance, risk, and controls management processes, while providing the business a more defined view into technology risk.
  • Understands the business organizational structure and culture to best attain objectives and results.

  • Bachelor's Degree Information Technology, Computer Science or Computer Engineering
  • 5 -10 years of experience with IT compliance and IT audit
  • Willing to travel at least 15% of the time for audit purposes.
  • Experience with Software Development Lifecycle (SDLC) methodologies.
  • In-depth understanding with all aspects of regulatory and contractual compliance, PII, PHI, and Health Information Portability and Accountability Act (HIPAA) requirements
  • Experience communicating and presenting both verbally and in writing to various audiences, including committees, large groups, senior management, and executive leadership.
  • Ability to prioritize and multi-task and strong problem resolution skills.
  • Demonstrated ability to coordinate cross-functional teams towards task completion.
  • Requires knowledge of outsourcing methodologies and operating models, and working with professional services firms.
  • Excellent written and verbal communication skills.
  • Strong interpersonal / relationship management skills.
  • Requires experience overseeing geographically distributed and culturally diverse work-groups.

  • Experience with IT process, risk and control frameworks, such as COBIT, ISO 27001, ITIL, Risk IT.
  • Professional security management certification: CISSP or CISA preferred.
  • Advanced knowledge of risk assessment design and delivery.
  • Knowledge of business and technology trends.

Equal Opportunity Employer Minorities/Women/Veterans/Disabled

Travel: 25% travel