Compliance Senior Lead

Johnson & Johnson



Manila, Philippines


Position summary

Main Responsibilities:
• Direct, train, supervise, and evaluate direct reports to enhance their performance, development and ownership of work product.
• Effectively oversee administrative and HR matters of the direct reports.
• Help manage stakeholder concerns and facilitate discussion on process consultations, identify problems and communicate potential solutions.
• Responsible for managing/reviewing applicable IT controls assurance and compliance activities
• Reviews SOX testing, due diligence testing including status update.
• Reviews applicable IT SOX documentation including system inventory, IT DCMs, test plans, test scripts, handoff documents, etc.
• Assist with process design implementation of Regional Compliance initiatives related activities such as risk management and assessment programs, compliance audit annual calendar of activities, monthly leadership compliance related requirements.
• Create and implement risk assessment and management process over financial IT related process which includes risk prioritization and evaluation subject to the approval of the Regional GFS Compliance Head.
• Guide business process owners and provide full advisory support during process-related internal and external audit reviews.
• Assist GAM Compliance manager with timely compliance updates to senior management.
• Promotes teamwork and buy-in of Compliance initiatives by dealing effectively with identified SOX Coordinators, obtain cooperation from process owners and other internal or external parties in the implementation of Compliance initiatives and delivery of specific Compliance requirements.
• Inform/discuss with potential risks and issues and/or opportunities for improvement and best practices at the GS Manila and LGS to promote strong compliance.
• Ensure alignment and appropriate coordination with GRC, IT Teams, ISRM and Corporate Internal Audit and GPO.
• Oversee day-to-day access management operations and assigns daily work priorities based on work volume, processing requirements, SLA and auditing deadlines.
• Develops, motivates and coaches Compliance analysts to ensure that proper processes and practices are being implemented.
• Ensure that the GAM Compliance Manager is updated regularly on team projects and related progress.
• Other matters that may be assigned.

Core Compliance Taxonomy Responsibilities:
User Access Management

  • Assess and Review risk analysis for access/change requests ensuring completeness of the access request form and segregation of duties.
  • Proactively identify UASOD related risks & propose adequate and efficient corrective actions to mitigate gaps.
    Participate in the process of role creation and risk analysis assessments based on requirements and develop recommendations from those findings
  • Review weekly changes/transfers report to ensure accesses are accurate to user’s current function and take action on changes detected and terminated users to ensure a compliant environment.
  • Support the remediation for all Corporate Governance, Segregation of Duties, and Sarbanes-Oxley related projects and ongoing maintenance in these efforts in the SAP space.
  • Review complex business processes, systems, workflows, SOPs, policies and procedures to identify, document, and elevate the presence of risks and controls, both manual and automated, and/or management controls in each functional area to mitigate any risk or exposure
  • Stay up to date on the latest risks and challenges in the SAP/Systems’ space and provide current and ongoing recommendations to J&J leadership on our risk posture. Drive continuous process improvement in order to meet changing business conditions.
  • Work closely with IT to support on global access reviews, escalating issues, peering with IT and supporting reviewers to ensure 100% of the appropriateness reviews are done within the deadline.
  • Work in partnership with Compliance Team to provide best recommendations on User Access and Segregation of duties issues, mapping mitigating controls, reviewing them and updating them accordingly as per guidelines to guarantee risks are properly mitigated.
  • Monitor the review progress to ensure that reviewers complete the review timely, escalate reviews to reviewer's supervisor and leadership if reviewer is not able to complete review. Provide help and support for questions in performing the review.
  • Provide trainings to process owners (users and reviewers) on the processes to request, review and manage user access for the systems they use including SOD assessment. This is to ensure they understand the process and are performing the control appropriately.
  • Ensure compliance with all Sarbanes‐Oxley and all other internal control & regulatory requirements
  • Ensure successful internal and external audits in the area of user access & segregation of duties.
  • Support the Go Lives/Transitions/Due Diligence process to ensure compliant user access & segregation of duties processes & controls.
  • Maintain the standardized Sarbanes‐Oxley Documentation package for user access & segregation of duties and ensure alignment with global initiatives.
  • Communicate to operations ensuring appropriate mitigating controls exist and are operating effectively to mitigate the SOD risk.
  • Work with operations to ensure the mitigating controls are documented and mapped to the SOD conflicts found on the access request.
  • Look to optimize user management related processes / operations through Continuous Improvement.
  • Continuously identify opportunities to standardize and centralize UASOD processes and controls.
    Access Approver Management
  • Provide training to the designated Access Approvers to ensure they  understand the approval workflow process, and are performing the control appropriately.  
  • Assess if access approver is appropriate for the role  and scope of the request.
  • Perform approver review and provide positive confirmation on the appropriateness of access and any changes required.
    Access Risk & SOD Ruleset Governance
    -  Monitor and Approve Access Risk and SOD Rulesets for changes
    -  Execute Change Control and Testing of Access Risk and SOD Rulesets changes
    -  Communicate Changes and Train Access Approvers
    Role Design Governance
  • Support the business by monitoring risks related to  organization, technology, and  process changes to ensure that the system roles remain appropriate over time.
  • Act as a compliance approver for role creation or  changes to ensure  to ensure critical access and SOD conflicts are identified and remediated before implementation.

Why you should apply for a job to Johnson & Johnson:

  • Ranked as one of the Best Companies for Women in 2020

  • 4.2/5 in overall job satisfaction

  • 4.2/5 in supportive management

  • 71% say women are treated fairly and equally to men

  • 88% would recommend this company to other women

  • 84% say the CEO supports gender diversity

  • Ratings are based on anonymous reviews by Fairygodboss members.
  • Global parental leave for all new parents (maternal, paternal, adoptive or surrogacy-assisted).

  • Global exercise reimbursement.

  • Two weeks off (one of them fully paid) for volunteer work.