IT Audit and Compliance Consultant

Employer
AbbVie
Location
Lake County, IL, US
Posted
Aug 03, 2018
Ref
1801686
Required Education
Bachelors Degree
Position Type
Full time
The IT Audit & Compliance Consultant position serves a tactical purpose for AbbVie and must achieve a difficult balance of involvement and objectivity. Accountable for independently leading & facilitating internal audits, external inspection, and governance processes through a disciplined approach of performing analysis of quality IT systems and operational areas on a periodic basis. Review and monitor the completion of IT Non-Conformances/Exception and Corrective and Preventative Actions (CA/PAs) to address the deficiencies identified. Understands the basic concepts related Governance, Risk Management and Compliance as it applies it to IT and QA areas.

RESPONSIBILITIES:

The major responsibilities of this position are primarily focused on:
  • Leading & managing IT inspections/Audits independently. This would encompass presenting / providing responses to auditor's during audits, formulate remediation plans & recommendations, and review corrective actions to determine if corrective actions and commitments have been properly implemented, proven to be effective and are being maintained.
  • Tracking, reviewing and monitoring IT Exceptions / Non- Conformities and associated Corrective & Preventative actions.
  • Coordinate execution of IT audit plans to optimize audit speed and effectiveness
  • Coordinate efforts with internal / external audit as appropriate
  • Assess compliance of systems, facilities, and procedures per applicable regulations through audits and assessments, assuring compliance to regulatory requirements and AbbVie specifications
  • Lead and execute IT audits execution for a throughout AbbVie's international and domestic organizations while interacting with their local audit management as necessary
  • Prepare and present IT audit remediation plans to stakeholders as necessary
  • Identify and communicate risk & control themes
  • Participate in the IT risk assessment and creation of the audit observation remediation plans for assigned entities and critical systems
  • Responsible for compliance with applicable Corporate and Divisional Policies and procedures.
  • Understanding all applicable AbbVie IT policies, procedures and practices. Reviews and provides input to improve procedures as applicable.
  • Train & educate internal IT staff on AbbVie IT policies, procedures and practices as necessary.


ROLES:

  • Provides targeted and quantifiable reporting of Audit findings/observations, IT Exception/non-conformities & Risk Management activities, including all aspects of the metrics/reporting lifecycle management.
  • Collaborates with all technology groups, lines of business, and corporate functional areas to define, gather and analyze risk metrics. Provides targeted reporting to all levels of IT and Business management.
  • Maintains a customized process, risk and control framework to improve the organization's IT risk profile by aligning with the regulatory and quality, industry practices and internal requirements.
  • Coordinates and communicates IT risk-related activities among key stake holders. Integrates and coordinates risk intelligence artifacts to gain efficiencies and reduce redundancy.
  • Executes, maintains, oversees governance, risk and compliance tools with the goal of improving efficiency, reducing costs, improving agility and optimizing information technology governance, risk, and controls management processes, while providing the business a more defined view into technology risk.
  • Understands the business organizational structure and culture to best attain objectives and results.


Basic:
  • Bachelor's Degree Information Technology, Computer Science or Computer Engineering
  • 5 -10 years of experience with IT compliance and IT audit
  • Willing to travel at least 15% of the time for audit purposes.
  • Experience with Software Development Lifecycle (SDLC) methodologies.
  • In-depth understanding with all aspects of regulatory and contractual compliance, PII, PHI, and Health Information Portability and Accountability Act (HIPAA) requirements
  • Experience communicating and presenting both verbally and in writing to various audiences, including committees, large groups, senior management, and executive leadership.
  • Ability to prioritize and multi-task and strong problem resolution skills.
  • Demonstrated ability to coordinate cross-functional teams towards task completion.
  • Requires knowledge of outsourcing methodologies and operating models, and working with professional services firms.
  • Excellent written and verbal communication skills.
  • Strong interpersonal / relationship management skills.
  • Requires experience overseeing geographically distributed and culturally diverse work-groups.


PREFERRED
  • Experience with IT process, risk and control frameworks, such as COBIT, ISO 27001, ITIL, Risk IT.
  • Professional security management certification: CISSP or CISA preferred.
  • Advanced knowledge of risk assessment design and delivery.
  • Knowledge of business and technology trends.


Equal Opportunity Employer Minorities/Women/Veterans/Disabled

Travel: 25% travel