At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.
The SOx IT Audit Readiness Lead is responsible for the oversight of IT SOx compliance as it relates to validated and materially significant computer systems at Lilly. This includes establishing and maintaining the SOx-related IT General Control (ITGC) requirements for computer systems subject to SOx requirements; consulting with Financial and Tech@Lilly areas on the interpretation and application of SOx compliance requirements; monitoring the SOx inspection-ready state of the Tech@Lilly assets; identifying and managing key relationships within Financial, Corporate Audit Services, Ernst & Young (E&Y, external auditor), suppliers, and Tech@Lilly SMEs to influence and drive key decisions; and external benchmarking of SOx controls for Tech@Lilly applications and infrastructure services based on the obligations and standards set forth by the external regulating and oversight organizations (i.e. PCAOB).
Key Objectives/Deliverables:
SOx Compliance Program Operations/Delivery
Serve as the IT member of SOx Program Management Office (Financial), SOx Sub-Committee and SOx Steering Committee.
Determine IT SOx scope annually based on Financial SOx scope.
Continuously enhance and operate SOx compliance program.
Maintain and communicate SOx metrics and trends.
Interpret and remediate significant SOx compliance gaps.
Lead and regularly collaborate with a group of SOx Functional Coordinators.
Ensure the year-end reporting/certification obligations are fulfilled.
Manage and assist EY’s engagements, including US and OUS audits.
Conduct SOx assessments on newly in-scope or high risk Tech@Lilly assets.
Ensure SOx requirements are met by third party service providers in scope for SOx.
Partner with multiple Tech@Lilly teams (US and OUS) to identify potential SOx risks and mitigate risks before the audit (i.e. Tech@Lilly Outsourcing, BPO, new system implementations, etc.).
Grow Capabilities and Knowledge
Increase the SOx awareness to the Tech@Lilly organization.
Stay abreast of the changes in SOx requirements, PCAOB standards, E&Y’s Primary Controls, Corporate Audit Services’ audit practice, etc. to ensure the SOx program meets all requirements and expectations in the most efficient way.
Develop training materials / programs and train IT SOx Functional Coordinators and control owners for their responsibilities in overseeing SOx IT assets.
Participate in field audits (SOx or non-SOx) periodically to assess the audit program and the Tech@Lilly operations at various sites (Lilly or non-Lilly) .
Identify opportunities to automate control activities where appropriate and support the business in exploring options to drive automation and intelligent workflows.
Maintain Inspection Readiness
Provide guidance to SOx Functional Coordinators and system owners/custodians to help ensure positive SOx compliance and audit outcome.
Partner with CSQA to ensure the appropriate control design is implemented, understood by control owners, and accurately documented for in-scope IT assets.
Partner with business process owners to ensure key vendors’ (existing or potential) IT environment are operating in control.
Create and maintain inspection-readiness information for system owners and custodians.
Identify and improve inspection-ready activity.
Escalate issues and observations with business owners, FCO and SOx committee timely and support remediation activities when needed.
Drive Operational Efficiency and Business Value
Understand and maximize business value of SOx controls for Tech@Lilly.
Understand customer, company, and Quality priorities.
Provide consulting and right-sizing of SOx-related activities based on risk.
Identify and pursue opportunities for streamlining and right-sizing, including potential automation of manual control processes.
Identify systemic issues and trends and drive improvement activity.
Understand the external environment/best practices and bring external learning back to Lilly.
Minimum Requirements:
Bachelor’s degree in technology-related field, such as Computer Science, Engineering, Mathematics, or Life Sciences; or equivalent experience (i.e., 7+ years’ experience)
5+ years of IT Audit experience (internal.external)
Demonstrated understanding of Sarbanes-Oxley requirements for computer systems
Demonstrated understanding of financial business processes
Additional Preferences:
Certified IT Auditor (e.g., CISA, CIA)
Demonstrated understanding of Tech@Lilly internal controls and Sarbanes-Oxley requirements
Experience working with and influencing quality practices of third parties
Understanding of process development and/or improvement (e.g. Six Sigma)
Proficiency with Tech@Lilly systems development life cycle
Knowledge and experience with data lakes, control automation, multiple systems and platforms
Established relationships with internal CAS or external E&Y audit groups
Proficiency with Lilly Computer Systems Validation requirements
Other Information:
Position is hybrid work located at Lilly Corporate Center, Indianapolis IN. Employees are expected to be in the office most days, with up to four days per month flexible to work remotely.
Travel may occasionally be required, no more than 5% of time.
Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form (https://careers.lilly.com/us/en/workplace-accommodation) for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response.
Lilly is proud to be an EEO Employer and does not discriminate on the basis of age, race, color, religion, gender identity, sex, gender expression, sexual orientation, genetic information, ancestry, national origin, protected veteran status, disability, or any other legally protected status.
Our employee resource groups (ERGs) offer strong support networks for their members and are open to all employees. Our current groups include: Africa, Middle East, Central Asia Network, Black Employees at Lilly, Chinese Culture Network, Japanese International Leadership Network (JILN), Lilly India Network, Organization of Latinx at Lilly (OLA), PRIDE (LGBTQ+ Allies), Veterans Leadership Network (VLN), Women’s Initiative for Leading at Lilly (WILL), enAble (for people with disabilities). Learn more about all of our groups.
Actual compensation will depend on a candidate’s education, experience, skills, and geographic location. The anticipated wage for this position is
$111,000 - $162,800Full-time equivalent employees also will be eligible for a company bonus (depending, in part, on company and individual performance). In addition, Lilly offers a comprehensive benefit program to eligible employees, including eligibility to participate in a company-sponsored 401(k); pension; vacation benefits; eligibility for medical, dental, vision and prescription drug benefits; flexible benefits (e.g., healthcare and/or dependent day care flexible spending accounts); life insurance and death benefits; certain time off and leave of absence benefits; and well-being benefits (e.g., employee assistance program, fitness benefits, and employee clubs and activities).Lilly reserves the right to amend, modify, or terminate its compensation and benefit programs in its sole discretion and Lilly’s compensation practices and guidelines will apply regarding the details of any promotion or transfer of Lilly employees.
#WeAreLilly