GAM Compliance Lead

At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at https://www.jnj.com

Job Function:

Job Sub Function:

Job Category:

All Job Posting Locations:

Job Description:

PRIMARY RESPONSIBILITIES:

'• Compliance Management: Oversee and ensure compliance with industry regulations and standards.

• Risk Assessment & Analysis: Conduct thorough risk assessments and analyses to identify potential risks and vulnerabilities associated with projects.

• Risk Profiling: Develop and maintain risk profiles to inform project planning and execution strategies.

• S4 HANA Implementation: Manage projects related to S4 HANA, ensuring compliance with system controls and effective risk management practices.

• Reporting: Prepare and present regular reports on compliance and risk management activities to senior management and stakeholders.

• Project Go-live Support: Provide support during the project go-live phase, ensuring a successful transition.

• Hypercare Support: Offer ongoing support immediately following the go-live, resolving any issues that may occur.

• Role Design Support: Collaborate on the design of roles within the system to support effective access management.

• Review of SOD Conflicts: Analyze and resolve any segregation of duties conflicts identified during access reviews.

• Creation and Documentation of Mitigating Controls: Develop and document mitigating controls for identified risks.

• Validation of the Sufficiency of Mitigating Controls: Ensure that the implemented mitigating controls are effective and adequately address the risks.

• Partnership with Teams: Work closely with the Business Adoption Team, IT Security, and the Project Team to align on access management strategies.

• GRC Ruleset Review and Testing: Conduct reviews and testing of Governance, Risk, and Compliance (GRC) rulesets to ensure adequacy.

• Update of SOPs: Manage the updates to Standard Operating Procedures related to access management.

• Risk and Control Monitoring: Continuously monitor risk and control measures to ensure ongoing compliance.

• SOD Environment, Risk and Control Reporting: Prepare and present reports on the status of SOD environments and risk controls.

Access Management Responsibilities

• Define and Maintain Access Approvers: Establish and manage a list of access approvers for various roles.

• Request Assignment of Access Approvers: Manage requests for assignment of role approvers, compliance approvers, and mitigating control approvers.

• Define Access Risk and SOD Rulesets: Establish rulesets that define access risk and segregation of duties.

• Monitor Access Risk and SOD Rulesets for Changes: Keep track of any changes to access risk and SOD rulesets.

• Approve Access Risk and SOD Ruleset Changes: Review and approve any proposed changes to access risk and SOD rulesets.

• Execute Change Control and Testing: Implement change controls and perform testing related to access risk and SOD.

OTHER RESPONSIBILITIES:

Role Management Responsibilities

• Request Changes to Role Design: Manage requests for changes in role design to ensure compliance and efficiency.

• Perform Testing of Role Changes: Test changes to roles to ensure they meet compliance requirements.

• Grant/Modify User Access: Manage user access requests, granting or modifying access as appropriate.

• Monitor User Access: Continuously monitor user access, including privileged access, terminations, and transfers.

• Re-certify Access: Conduct periodic re-certification of access to ensure appropriateness and compliance.