SOX IT Analyst
Grow your career with The Estée Lauder Companies!
The Estée Lauder Companies Inc. is one of the world's leading manufacturers and marketers of quality skin care, makeup, fragrance and hair care products. As the global leader in prestige beauty, we touch over half a billion consumers a year.
Our Company's products are sold in over 150 countries and territories under the following brand names AERIN, Aramis, Aveda, Bobbi Brown, Bumble and bumble, By Kilian, Clinique, Darphin, Donna Karan, DKNY, Dr. Jart , Editions de Parfums Frédéric Malle, Ermenegildo Zegna, Estée Lauder, GLAMGLOW, Jo Malone London, Kiton, La Mer, Lab Series, Le Labo, MAC, Michael Kors, Origins, Prescriptives,Smashbox, Tom Ford, Tommy Hilfiger and Too Faced.
Infused throughout our organization is a passion for creativity and innovation; a desire to push the boundaries and invent the unexpected.
The IT SOX Compliance Analyst/Sr. Analyst is responsible for helping to create and Estee Lauder’s IT General Control environment (ITGC) across all in scope SOX systems. This position will be responsible for ensuring that all ITGC control objectives are in place and operating and help coach control owners on changes that need to be made in the event a control is not operating. In addition, this role will assist with the daily and bi-monthly reporting and tracking of the SOX program. Candidates must have direct "hands-on" experience in IT audits and functional experience with various flavors of technology and have sound understanding of SOX requirements. This is a cross-functional role, working closely with all IT groups across Estee Lauder and other functional teams to ensure controls and compliance requirements are clearly defined and implemented. Effective communication and technical leadership is critical to the success of this role. Candidates must be able fluently speak both technical and business language interchangeably.
Primary responsibilities will include:
• Creates and/or remediates ITGC (IT General Controls) in support of meeting audit objectives for all ITGC SOX areas
- Designs IT testing procedures to identify and evaluate risk exposures and determine the effectiveness and efficiency of controls
• Assists with the creation of effective remediation solutions and/or exception documentation where applicable
• Assists project teams with creation and implementation of IT controls objectives
• Assists with the successful completion of the quarterly UAR (User Access Review) audit process
• Collaborates with Internal Audit in developing, testing, and devising solutions to effectively meet applicable IT control objectives
SOX 404: Facilitate documentation and validation of SOX 404 key controls; assist with assessing control deficiencies, identifying mitigating controls, and developing consistent, sustainable action plans; provide guidance, training, and support on SOX 404 matters.
- Perform SOX assurance work to evaluate controls effectiveness
- For identified control gaps / issues, perform impact procedures
- For identified control gaps / issues, algin on action plans with control owners
- Track / monitor remediation
- Perform remediation testing / validation
- Provide reporting on assurance testing (progress, issues, closures)
- Work with control owners throughout the year to assist with improving IT control processes
- Create cadences to facilitate Quarterly access reviews
- Collect supporting evidence
- Validate supporting evidence
- i.e., ‘Completeness & Accuracy’ of data points
- review confirmation
- change / removal of access as require
- Provide dashboard / reporting to LT
- Assist with reminders / escalations
Supporting IT Projects (SDLC controls) for IT SOX systems to ensure that implementations or major upgrades for SOX relevant systems are ELC’s IT control framework
- Data Conversion
- Confirm an approved data conversion plan was in place
- Documentation confirming migration was successful and data conversion was complete and accurate
- Confirm any exceptions list and evidence of investigation of exceptions
- Approval from management of the reconciliation
- Requirement Traceability
- Confirm a list of requirements for configurations, reports, and interfaces
- Confirm Technical / Functional design documents for configurations, reports, and interfaces, with appropriate approvals
- Confirm traceability to ensure each requirement was tested, approved and deployed accordingly
- Integration & User Acceptance Testing (UAT)
- Documentation confirming testing was completed successfully
- Confirm that unsuccessful tests were investigated, reflected in the issues tracker, resolved and documented
- Confirm approval for all User Acceptance Testing
- User Access Role Design
- Confirm list of security roles created, where the role is applicable (i.e.: application, server, DB), and specific permissions associated.
- Mapping of security roles to entitlements and/or role description.
- Approval of overall security design prior to go-live
- Issues / Defects Tracking
- Documentation of issues tracking monitoring and resolution
- Approved resolution plan for open issues
- Minimum of 2-4 years' work experience in IT Risk Management, SOX compliance and auditing with a strong background in IT controls.
- Strong understanding of Sarbanes-Oxley (SOX) and other compliance requirements that may impact compliance.
- Ability to effectively mentor other team members as needed.
- Experience in successful project implementation and follow-up.
- Strong conceptual, analytical, problem-solving, troubleshooting and resolution skills.
- Sound decision-making skills.
- Documentation and presentation skills catered to a diverse technical and business audience.
- Technical knowledge of IT landscapes and roadmaps.
- Expertise in MS Excel.
- Bachelor's Degree required
- Minimum Years of Experience: 3 years
- Excellent written and spoken English, and Portuguese
- Work shift: Monday to Friday. Business hours
- Contract-type: Full-Time Permanent.
- Location: Costa del Este, Panamá.