The Estee Lauder Companies Senior Analyst, IT Compliance in Long Island City, New York
Senior Analyst, IT Compliance
Brand: Estée Lauder Companies
ELC prizes the confidentiality of its consumers and therefore places a premium on cybersecurity. As the business world becomes increasingly digital and cyber threats grow in number and in sophistication, ELC will continue to invest and develop a proactive people-centered, cybersecurity program. The Global Information Risk and Security (GIRS) team spearheads these efforts.
The GIRS Risk and Compliance Senior Analyst will drive Compliance initiatives, including evaluation of IT-related risks, assessment of control effectiveness, and control owner achievement of effective control environments for continued compliance.
This role necessarily deals with highly confidential and sensitive information, and the role is expected to both define appropriate handling of such information for the enterprise and to implement best handling practices.
Impact the GIRS Risk and Compliance function, including collaboration with Internal Audit, Legal, Human Resources, Global Communications, Corporate (Physical) Security, other Information Technology (IT) teams, and leadership across brands, regions, and functions. Responsibilities will include, but not be limited to:
Perform an annual SOX IT Risk Assessment, including gathering information for in-scope SOX entities and facilitating pre-implementation audit reviews.
Coordinate with internal and external auditors to facilitate creation of and collection of Document Request Lists (DRLs), to review supporting documentation, to proactively identify control gaps, to schedule/facilitate IT walkthroughs, to coordinate control tests, and to support control owners throughout the audit processes.
Track all audit timelines, pending audit requests, audit testing status, and results.
Track and ensure timely/comprehensive remediation of IT control deficiencies from internal and external auditors, including reviewing/evaluating control gaps or deficiencies and performing root cause analysis.
Collaborate with process/control owners to establish remediation action plans, including achievable due dates; then review and evaluate remediated controls.
Guide control owners in the execution of IT controls, including meeting supporting documentation requirements.
Build and maintain executive-level reporting for IT audit work streams, including timelines, issues, severity/impact, and remediation dates.
Update IT policies, standards, and Standard Operating Procedures.
Collaborate with IT project leads and team members to assess scope, objectives, and deliverables for Compliance-related programs and projects.
Review IT controls within project life cycle/system implementation, including identification of projects/system implementations with regulatory impacts. Establish IT controls for gaps/deficiencies identified. Establish control checklists for project teams to complete to ensure tasks/deliverables are reviewed and approved for each milestone and to determine readiness to move to future phases.
Ensure business requirements/functionalities are tested, reviewed, and approved; liaise with project sponsors/vendors/suppliers. Regularly report project progress/system implementation status to ensure progress and on-time completion. Evaluate and report any IT risks of projects, including the development of contingency plans.
Assess vendor’s IT control environments for regulatory-related hosting and/or services.
Participate in M&A due diligence and integrations to review IT controls, to identify potential gaps, to design controls, and to ensure continued compliance.
Practical experience in technology risk and control or IT audit (audit firm experience is a plus), including experience in project governance/management and understanding of business processes, key IT risk/controls, organizations, markets, retail, and/or manufacturing.
Strong communication skills, influence/negotiation skills, attention to detail, conflict management experience, analytical skills, and measurement/visualization ideas. Ability to problem-solve, think creatively, challenge the status quo, and manage ambiguity.
Ability to communicate complicated or technical information to executives, including proven ability to work both independently and as part of a team, with stakeholders at all levels.
Proficient in Microsoft Excel, Word, and PowerPoint, including data visualization. Proficient in English as a business language.
Experience handling, securing, and communicating highly confidential and sensitive information.
Job: Information Technology
Primary Location: Americas-US-NY-Long Island City
Job Type: Standard
Shift: 1st (Day) Shift
We are an equal opportunity employer. Minorities, women, veterans, and individuals with disabilities are encouraged to apply.
Job Number: 192137