Senior Analyst SoD GRC

Key responsibilities :

• Process and system expertise from SOD (Segregation of duty) perspective, continuously enrich process knowledge through partnering with IT, Business and FC&C community.
• Explore automation opportunity during the SoD team and drive the project with digital tools such as Microsoft Power Automate, BOTs, Power BI, and Alteryx etc.
• Risk Reduction- work closely with the Risk Owners / Process Owners to complete User Access Review, Segregation of Duties and Critical Action reviews effectively and timely.
• Collaborate with stakeholders to evaluate the Segregation of Duties conflicts in SAP and other applications and consult with business units in reducing the SoD conflicts and/or implementing mitigation controls to address risk.
• Perform quarterly SOD certifications with respective risk owners and drive continuous access controls improvement, define, and implement solutions. Continuously share the latest access controls updates, best practices, and access controls learnings with both FC&C as well as non-FC&C community, train role owners and risk owners on access controls.
• Drive automations across the SoD and Access Control area to continuously improve the process and challenge the status quo.
• Ensure transparent, reliable, and agile stakeholder management People management, incl. ensuring a high-performance work culture. Ensure workload balancing of the team supporting multiple initiatives, strong focus on Continuous Improvement initiatives, support transitions and knowledge transfer, monitoring critical deliverables.
• Support in ensuring Low number of internal control deficiencies, Timely reporting of the control deficiencies to local and global stakeholders, Maintain and improve customer service, Adherence to SOX timelines and SOX 404 attestation processes, Internal and external audits, if required and support for remediation of agreed action

Essential requirements:

• B tech, MBA or Equivalent/University Degree
• 3-8 years of post-qualification experience (incl. IT Application Controls and SAP GRC, SAP security concepts)
• Expert with SAP GRC Access Controls and SAP authorization concepts primarily in ECC, S/4 HANA.
• Expert on SAP role design, SAP transactions, Authorization Objects, Org Values, Risk & Role Ownership, and have a good understanding of business processes in SAP environment from access and process controls perspective.
• Project management skills with focus on driving performance and productivity.
• Information System Auditor (CISA) / Information Security Manager (CISM) Certification

Desirable requirements:

• SAP GRC AC Certified
• Having prior experience in process automation and digital tools such as Microsoft Power Automate, BOTs, Power BI, and Alteryx would be added advantage.
• Prior working experience in a large Audit firm, preferably Big-4 Internal/Statutory/ SOX 404 Audit.
• Ability To Influence Key Stakeholders, Compliance and Controls, Data Cleansing Normalization.
• Data Visualization using Alteryx, Power BI etc.
• Employee Engagement, Financial and Management Reporting.

Why Novartis: Helping people with disease and their families takes more than innovative science. It takes a community of smart, passionate people like you. Collaborating, supporting and inspiring each other. Combining t achieve breakthroughs that change patients’ lives. Ready to create a brighter future together?https://www.novartis.com/about/strategy/people-and-culture

Benefits and rewards: Read our handbook to learn about all the ways we’ll help you thrive personally and professionally: https://www.novartis.com/careers/benefits-rewards

Commitment to Diversity and Inclusion:

Novartis is committed to building an outstanding, inclusive work environment and diverse teams' representative of the patients and communities we serve

Join our Novartis Network: Not the right Novartis role for you? Sign up to our talent community to stay connected and learn about suitable career opportunities as soon as they come up: https://talentnetwork.novartis.com/network