Job Description Summary

The IT SOx Senior Analyst will report to the IT SOx Manager and will collaborate to execute GEHC’s SOx Program with specific focus on IT Controls. The Role holder will be a member of the team responsible for the execution of overall IT SOx program that supports GEHC’s SOx certification.

The Role holder will work collaboratively with other team members, broader IT organization of CIOs, IT Process/ Control Owners, IT Risk Leader and his team, External Auditors, and with the Business Process SOx team. GE HealthCare is an $18 B publicly traded, healthcare technology company that spun off from General Electric Company in January of 2023. We are expanding the capabilities of the current Internal Controls function by adding roles to support its expanded SOX program and other internal controls monitoring related activities. GEHC SOx team is an integrated team, managing both Business Process & IT Sox.

GE HealthCare is a leading global medical technology and digital solutions innovator. Our purpose is to create a world where healthcare has no limits. Unlock your ambition, turn ideas into world-changing realities, and join an organization where every voice makes a difference, and every difference builds a healthier world.

Job Description

Roles and Responsibilities

• For all assigned controls, schedule and attend walkthroughs to develop a deeper understanding of Company’s IT assets and how they support Business Processes, test, and document the results based on work paper guidance or review as assigned.

• Take responsibility of the quality of deliverables to ensure they meet or exceed established standards. Overall accountability of the quality of the documentation the Role holder produces will rest with the Role holder.

• Escalate all identified defect to the IT SOx Manager. Participate in the discussion with the Control/ Process Owners in confirming if identified defects are control deficiencies and agreeing with remediation actions and timelines.

• Ensure, impact is assessed for all identified deficiencies, including identifying mitigating controls, if any.

• Support report out to Leadership teams regarding the status of the progress vs plan as requested.

• Ensure, all assigned deficiency remediation testing is completed, and remediated control is evaluated for the design and operational effectiveness and is reviewed before it could be closed.

• Anything else that the IT SOx Manager requests in furtherance of program execution and/ or enhancement.

Required Qualifications

• 5 plus years of experience in IT audit, IT SOX compliance, or a related field.

• Bachelor's degree from an accredited university in Information Systems, Accounting, Finance, Computer Science, or a related field.

• In-depth knowledge of IT general controls and related scoping and testing techniques, including the following control areas:

• Access management

• Change management,

• IT operations,

• System development life cycle (SDLC),

• Third-party SOC reports,

• Application controls,

• System interface controls,

• Key report / IPE validation testing.

• Familiarity with risk and control frameworks (e.g., COSO, COBIT, NIST, ISO).

• Experience drafting IT risks, controls, testing procedures, deficiencies, and remediation recommendations.

• Experience participating in the annual SOX compliance cycle, including process walkthroughs, control testing, workpaper quality assurance, control remediation and certification processes.

• Experience reviewing control testing work for quality assurance.

• Integrity: Accepting and adhering to high moral, ethical, and personal values in decisions, communications, actions and when dealing with others.

• Self-starter/Independent- shows initiative and works responsibly even without close supervision

• Quick learner- shows ability to absorb and apply new knowledge.

• Is fluent in English, both written and verbal.

Desired Characteristics

• Progressing toward receiving Certified Information Systems Auditor (CISA) or equivalent certification.

• Experience with project planning, status tracking, and reporting.

• Strong communication, interpersonal, analytical, and problem-solving skills, with service and collaborative attitude

• Has very good understanding of risks and controls and is able to apply it in the context of achieving business objectives and overall SOx certification requirements.

• Adaptable/ Flexible: Ability to work beyond role boundaries or with uncertainty & fluid situations- able to embrace change in response to new information, unexpected or different circumstances and ambiguous situation.

Inclusion and Diversity

GE HealthCare is an Equal Opportunity Employer where inclusion matters. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.

We expect all employees to live and breathe our behaviors: to act with humility and build trust; lead with transparency; deliver with focus, and drive ownership – always with unyielding integrity.

Our total rewards are designed to unlock your ambition by giving you the boost and flexibility you need to turn your ideas into world-changing realities. Our salary and benefits are everything you’d expect from an organization with global strength and scale, and you’ll be surrounded by career opportunities in a culture that fosters care, collaboration and support.

Additional Information

Relocation Assistance Provided: Yes