GAM Compliance Analyst  

The GAM Compliance Analyst will be responsible for Global Access Management (GAM) governance over applicable information technology controls and compliance activities related to relevant policies and procedures across supported J&J organizations.

The GAM Compliance Analyst will also be responsible for performing reviews of system access for users of ERP and non-ERP systems. The analyst ensures there are appropriate mitigating controls for identified segregation of duties (SOD) conflicts and acts as Subject Matter Expert (SME) for GAM governance and related projects/ due diligence activities.

Key Responsibilities:

Risk Identification and Assessment

• Grant / Modify User Access: Manage user access requests, granting or modifying access as appropriate.

• IT Controls Effectiveness Review in Operations and Projects: assess the effectiveness of access controls execution.

• Re-certify Access (Access Appropriateness: Conduct periodic re-certification of access to ensure appropriateness and compliance.

Risk Mitigation and Controls

• Re-certify Access (SOD and Mitigating Controls): Conduct periodic re-certification of access to ensure appropriateness and compliance.

• Risk Controls Assessment: Review the effectiveness of current safety measures involving access, including assessing risk management and control appropriateness

Risk Monitoring and Reporting

• Monitor User Access (Privileged Access, Terminations, Transfers): Continuously monitor user access, including privileged access, terminations, and transfers.

• Monitor Access Approvers (Terminations, Transfers): Monitor termination and transfers within user access

Other Responsibilities:

Due Diligence and Projects

• Perform due diligence reviews (e.g., role mapping and SOD assessment) and manage access deployment to stakeholders in projects involving process migrations/transitions
• Support the business by monitoring risks related to organization, technology, and process changes to ensure that the system roles remain appropriate.
• Provide access management compliance support for new/existing systems

Other tasks that may be assigned

• University Degree in Finance, Business Management, IT or a related field
• Years of Experience: 0-2 Years
• Background in finance, audit, or IT is preferred.
• Professional Certification/s (e.g., CISA, CPA) is an advantage
• Experience working in a multi-national shared services corporation
• Basic skills in MS Office applications (Excel, Outlook, Powerpoint, Word) is required
• Strong Analytical skills
• Good English oral & written communication, presentation skills
• Basic understanding in the access management life cycle is a plus
• Experience with user access management in enterprise resource planning (ERP) systems such as SAP, involving access granting, terminations, and periodic access reviews is desirable.