SOX Senior IT Analyst

Brand: Estée Lauder Companies

Description

About Estée Lauder Companies

The Estée Lauder Companies is the global leader in prestige beauty — delighting consumers with transformative products and experiences, inspiring them to express their individual beauty. We are the only company focused solely on prestige makeup, skincare, fragrance, and hair care with a diverse portfolio of 25 brands sold in approximately 150 countries and territories. Infused throughout our organization is a passion for creativity and imagination — a desire to push the boundaries and invent the unexpected — as we continue the bold work of our founder Estée Lauder.

Who We Are

Do you want to be part of the team catalyzing digital innovation, harnessing the power of data, and transforming the fabric of security across the world’s most prestigious beauty, skincare, and luxury fragrance brands? Then join the information security and technology team, Enterprise Cybersecurity & Risk (ECR) at Estée Lauder Companies (ELC). ECR’s security team fuels cyber defense, technology excellence, risk and compliance, and global resilience. We stay at the forefront of cyber threats to deliver fit-for-purpose tools, technologies, and processes that protect ELC’s business operations and empower secure strategic growth. If you thrive in change-rich entrepreneurial environments, then this is the team for you. From our fast-paced delivery plans to our global team expansion, this is an exciting time to join us!

What You’ll Do

You will be responsible for participating in the planning and management of the identification and testing of Information Technology (IT) SOX controls to ensure a strong internal control environment and compliance with regulatory requirements and corporate policy. You will work under the supervision of the Manager, IT SOX Compliance, with routine communication and advisory to IT and Business Process and Control Owners related to control design adequacy, control gaps, impact procedures, remediation actions, and risk management. You will also serve as a liaison for the internal & external auditors and will assist in coordinating SOX IT efforts between brands, regions, functions, key stakeholders, and various audit teams.

You will be responsible for:

• Participating in the continued transformation of the SOX IT and controls maturation program and playing a critical role in the function.

• Maintaining a high level of visibility across the organization with various levels of Management and serving as a key point of contact for lines of business.Manage communications with key partners, including messaging of SOX IT objectives and requirements, managing request lists, and facilitating discussions on risk & controls.

• Facilitating the walkthrough process with Management and various audit teams.Collaborate with IT partners to review SOX documentation (risk control matrices, narratives, flowcharts) and identify areas where control enhancements and/or documentation improvements are needed.Ensure SOX documentation is accurate and reflects the current process.

• Completing and/or reviewing SOX assurance testing for key general IT controls (GITCs/ITGCs), IT application controls (ITACs), and key reports (IPE) identified in thewalkthrough process. Coordinate testing approach and align expectations with internal & external auditors to ensure documentation and testing comply with industry standards (including PCAOB) and allow for reliance by the external auditors.Leverage knowledge of SOX methodology and industry requirements to ensure thorough workpapers are maintained.

• Supporting the team-oriented culture of the Tech GRC function.Mentor less experienced Tech GRC team members and contractors and review work papers where appropriate for quality assurance.

• Assessing IT control deficiencies identified and working with Management for impact analysis and to identify an appropriate remediation action.Follow-up on remediation activities to verify appropriate resolution.

• Gathering details for in-scope SOX entities and assisting in performing an annual SOX IT Risk, Scoping, and Controls Assessment.

• Providing advisory and when required, assess SOC 1 / SOC 2 reports to ensure appropriate controls are identified and operating effectively.

• Assisting and updating IT policies, standards, SOP’s as needed.

• Participating in cross-domain training, awareness sessions, and on-the-job learning to further develop risk & control knowledge across all critical regulations beyond SOX (i.e. PCI, DI, Privacy / GDPR).

Qualifications

Who You Are

• You have a Bachelor’s degree in a relevant field such as Management Information Systems, Computer Science, and/or Accounting;

• You have 3-4 years of experience in IT Audit, SOX Compliance, or Information Systems;

• You have relevant industry certifications (e.g., CISA, CISSP, CISM);

• You have a working knowledge of internal controls over financial reporting (ICFR), SEC standards, PCAOB standards, the NIST framework, COSO framework, and/or COBIT;

• You are experienced in designing test plans, testing and concluding on the operating effectiveness of IT general controls, IT automated controls, key reports, and software development life-cycle controls;

• You are experienced in documenting and evaluating deficiencies and assisting management with designing remediation plans;

• You have experience with technologies such as SAP, Oracle, Unix/Linux, SAP GRC, and other cloud technologies, especially AWS and Azure;

• You are a proven innovative problem solver who thrives in ambiguity;

• You are comfortable performing as an individual contributor and teammate concurrently;

• You have excellent written and verbal communication skills, interpersonal skills, and presentation skills that allow you to convey tough messages in a kind way;

• You have strong personal integrity with the highest ethical standards;

• You are extremely organized, have superior attention to detail and a dedication to putting forth high quality work;

• Above all else, you are Bright, Kind and Motivated by Challenge;

• You'll love solving problems, thinking creatively and trying new things;

• You believe in autonomy & taking initiative.

Job: Information Technology

Primary Location: Europe, Middle East, Africa-RO-B-Bucharest

Job Type: Standard

Schedule: Full-time

Shift: 1st (Day) Shift

Job Number: 245658