Job Description:

The GAM Compliance Specialist will be responsible for Global Access Management (GAM) governance over applicable information technology controls and compliance activities related to relevant policies and procedures across supported J& J organizations.

The GAM Compliance Analyst will also be responsible for performing reviews of system access for users of ERP and non-ERP systems. The analyst ensures there are appropriate mitigating controls for identified segregation of duties (SOD) conflicts and acts as Subject Matter Expert (SME) for GAM governance and related projects/ due diligence activities.

Implementation Access Risk Assessment

• Risk Assessment & Analysis: Conduct thorough risk assessments and analyses to identify potential risks and vulnerabilities associated with projects.
• Project Go-live Support: Provide support during the project go-live phase, ensuring a successful transition.
• Hypercare Support: Offer ongoing support immediately following the go-live, resolving any issues that may occur.
• Role Design Support: Collaborate on the design of roles within the system to support effective access management.
• Review of SOD Conflicts: Analyze and resolve any segregation of duties conflicts identified during access reviews.
• Creation and Documentation of Mitigating Controls: Develop and document mitigating controls for identified risks.
• Validation of the Sufficiency of Mitigating Controls: Ensure that the implemented mitigating controls are effective and adequately address the risks.
• Update of SOPs: Manage the updates to Standard Operating Procedures related to access management.
• Risk and Control Monitoring: Continuously monitor risk and control measures to ensure ongoing compliance.
• Support with creation and update of dashboards and presentation decks that offer visibility over the team's taxonomy and metrics.

Access Management Responsibilities

• Request Assignment of Access Approvers: Manage requests for assignment of role approvers, compliance approvers, and mitigating control approvers.
• Execute Change Control and Testing: Implement change controls and perform testing related to access risk and SOD.

Other Responsibilities:

Role Management Responsibilities

• Perform Testing of Role Changes: Test changes to roles to ensure they meet compliance requirements.
• Grant/Modify User Access: Manage user access requests, granting or modifying access as appropriate.
• Monitor User Access: Continuously monitor user access, including privileged access, terminations, and transfers.
• Re-certify Access: Conduct periodic re-certification of access to ensure appropriateness and compliance.

Skills and Competencies:

Live Our Credo

• Proactively raises risks and issues to leads for timely resolution.
• Responds to audit requirements with minimal support.
• Able to manage team timelines, and deliverables and communicate the objectives of project/DD Reviews
• Can share and assist others on learning the business process.

Connect Inclusively to Address Health Needs

• Requires minimal supervision in completing audit and base business-related activities.
• Provides timely feedback on progress to allow for remediation as needed.
• Can directly liaise with stakeholders with guidance from the lead.

Shape the Future of Health through Innovation

• Able to contribute improvements beyond the base business support and processes.
• Addresses impact of change to stakeholders.

Grow Self and Others to become their Best

• Nurtures good team dynamics. Understands career goals of direct reports (if any), and actively looks for opportunities to grow.
• Volunteers time and talent to support credo action plans.

Qualification:

• University Degree in Finance, Business Management, IT or related field
• At least 1-3 years
• Experience in audit/ compliance/ risk management or a similar job
• Experience working in a multi-national shared services corporation

Mandatory Technical Qualifications:

• Proficient in basic MS Office applications (Excel, Outlook, Powerpoint, Word)
• Experience working on complex projects, with variable stakeholders and within tight deadlines.
• Planning, time management skills.
• Good English oral & written communication, presentation & training skills
• Able to communicate in Korean, Spanish, Portuguese, Mandarin and/or Japanese.

Desirable Technical Qualifications:

• Knowledge in the access management life cycle
• Proficient in basic MS Power tools (Powerapps, PowerBI, PowerAutomate, UIPath, Alteryx)
• Working knowledge of SAP, GRC and S4 HANA