Sr. Associate - Information Systems - Information Governance, Assurance and Compliance

The Sr. Associate is a vital part of the Governance, Assurance and Compliance (GAC) team within Global Information Protection (GIP). This team is part of Amgen's Information Systems (IS) team. In this position you are responsible for enabling Information Technology Sarbanes-Oxley (SOX) Compliance. You are required to collaborate with the IT SOX Compliance Manager, service owners, engineers, and other Amgen internal partners such as Finance, Compliance, Corporate Audit and Law department to develop, maintain, and improve Amgen's Information Compliance.

Key responsibilities:

You will bring forth out of the box thinking, an agile mindset and proven domain expertise and innate understanding of IS controls to empower IS process and product owners to build and maintain IT solutions with compliance, by design.

You will perform the following activities and any additional tasks required to attest that our systems, applications and infrastructures subjected to different aspects of compliance are able to verify adherence efficiently and effectively.

• Support the IS SOX Controls Management and Compliance function
• Coordinate, collaborate, and communicate with IT personnel across the organization to ensure that our IS SOX process is followed as required by our organization
• Ability to demonstrate solid sense of ownership, detail orientation, keen focus on quality and setting clear expectations
• In charge of working with process owners, internal, and external auditors in support of our quarterly certification process
• Collaborate and support any SOX evidence request efforts made by Internal and External Audit teams
• Develop and promote educational mentorship resources that will help facilitate new owners understanding of the Sarbanes-Oxley Act and their responsibilities
• Participate in walkthroughs with system, service, and process owners
• Review and analyze SOX systems and applications showing in Configuration Management Database (CMDB) for SOX applicability and ensure all components are collected and accounted for
• Deep understanding of IT infrastructure and hands on experience in Information Technology Infrastructure Library (ITIL) and System Development Life Cycle (SDLC)
• Assess the risks of IT audit findings, identify mitigating controls and incorporate in IT process framework continual improvement
• Map regulatory requirements across functions to identify compliance and audit response efficiencies while liaising with internal auditors and IT service owners to ensure information assurance processes are mature, and outcomes are effective by appropriately addressing and raising relevant risks to policy and regulatory compliance
• Contribute to the strategic development of Information Governance (IG) program
• Maintain awareness of changing technology environments, implementation methodologies and frameworks used to support responsible functions (e.g., AI, machine learning, Dev Ops, etc.)
• Ensure quality of work and timeliness across different functional deliverables and take ownership of issues and coordinate through to completion
• Align responsible functions with greater Information Systems strategy (e.g., City Planning, Cloud First, etc.)

Basic Qualifications:

Master's degree
OR
Bachelor's degree and 2 years of Information Systems experience
OR
Associate's degree and 6 years of Information Systems experience
OR
High school diploma / GED and 8 years of Information Systems experience

Preferred Qualifications:

• 4+ years of IT audit, Information Technology / Security control assurance or enterprise IT compliance experience
• Working knowledge of Information Governance principles and Information Security principles: confidentiality, integrity, and availability
• Knowledge of international standards for Information Technology and Information Governance
• Experience working with various technologies, IT frameworks and methodologies
• Proven ability to understand the concepts of new cloud technologies and other paradigms such as emerging Big Data technologies, lean methodologies to propose appropriate controls and compliance mentorship
• Strong written and verbal communication, including the ability to explain technical matters to a non-technical audience
• Possess strong organizational and collaboration skills
• Strong written and verbal communication, including the ability to explain technical matters to a non-technical audience
• Possess strong organizational and collaboration skills
• Working in large / global corporate environments involving multiple businesses
• 3+ years of experience within health, biotechnology/pharma or other regulated industries
• Experience working in Agile and/or DevOps teams (SCRUM)
• Working experience with Governance, Risk and Compliance (GRC) tools.
• Exceptional teamwork encompassing cross-functional teams, peer relationships, informing, understanding and appreciating differences
• Strong ability to convey and influence complex information compliance, risk and security issues in a manner that is easily understood and actionable
• Ability to effectively facilitate and inspire change within the organization.
• Developing / delivering presentations to large audiences and at all levels within the organization
• One or more industry recognized certifications, including but not limited to:
• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• Certified Information Systems Security Professional (CISSP)
• SANS Global Information Assurance Certifications (GIAC)

Amgen focuses on areas of high unmet medical need and leverages its expertise to strive for solutions that improve health outcomes and dramatically improve people's lives. A biotechnology pioneer since 1980, Amgen has grown to be one of the world's leading independent biotechnology companies, has reached millions of patients around the world and is developing a pipeline of medicines with breakaway potential.