Pfizer IT Senior Auditor in Escazu, Costa Rica
This IT audit opportunity provides work/life integration where colleagues are able to integrate personal life and demands of a career while balancing competing priorities at work and home optimally.
The work/life balance is attained through a flexible Work Arrangement that includes working from auditor's base office (Costa Rica) and working from home for up to 2 days a week while the colleague is not on an audit engagement.
The position base office is Costa Rica but reporting to direct manager in the United States.
Auditors have primary responsibility for conducting financial and IT audits as part of a team at Pfizer locations worldwide, as well as conducting risk oversight activities. Auditors also participate on strategic and operations teams within Corporate Audit.
Conduct independent evaluations of Pfizer's Information Systems and compliance control processes worldwide to ensure Pfizer's risks are properly managed.
Present the results of audits in English to senior site and division management, including practical recommendations to address identified risks, requiring strong negotiation and influence skills.
Prepare formal written reports in English setting forth recommendations for local, division and Corporate management to strengthen and improve operations, as well as identify cost or efficiency savings.
Actively participate on departmental and/or cross-functional teams addressing internal and external issues that support the department's operations and strategy. This may include updating our audit approach for ensuring compliance with the FCPA, Healthcare Compliance and Sarbanes-Oxley rules and regulations.
Education: MA/MS/MBA preferred
Discipline(s): Information Systems Auditing required, SAP Experience preferred
Certification(s): Certified Information Systems Auditor(CISA), Certified Public Accountant(CPA) ,Certified Internal Auditor(CIA) or Chartered Accountant (CA) preferred
Other skills: Fluency in the English language is required
Minimum range of years experience: 2-5 years
Type of industry/organizations: Public accounting and/or internal auditing required; multi-national pharmaceutical experience a plus; international experience a plus; large corporation experience preferred but not required
Candidate must be able to work independently with minimal supervision by testing IT controls from Costa Rica while reporting and interacting with Audit Manager in the United States. Also, Candidate must be able to travel internationally when required.
Candidates should have solid technical skills in one or, preferably, several technical areas below:
Review and evaluate IT and Process controls in compliance with the Sarbanes-Oxley Act of 2002
Strong understanding of SAP, SAP Security and best practices solutions for SAP upgrades and implementations. SAP security knowledge should include but is not limited to SAP Authorization Concepts, Roles, Users Administration, SOD conflict resolution, SAP Access Controls, & SAP GRC Suite.
Knowledge of Quality Assurance and Quality Management principles, including an understanding of computer system validation practices as they apply to the Life Sciences and Pharmaceutical industry.
Information Systems Audit and Control Association (ISACA) IT Standards, Guidelines and Procedures for Auditing and Control and Code of Professional Ethics.
Control Objective for IT (COBIT) standards or equivalent.
IT security and control practices for relevant platforms and systems such as Distributed (Unix, Windows) environments, Web-based technology, and LAN/WANs.
Experience in evaluating security through Active Directory and/or Unix layer security.
Experience in auditing cloud, robotic automations, data analytics, AI tools, and blockchain is a plus.
Proficient is using Microsoft Office tools, especially in Excel and PowerPoint (maybe append to the existing bullet pint regarding collecting and analyzing complex data...).
Experience required in auditing ITGCs, IT Application Controls (including key reports and configurations), and system development procedures.
Strong multitasking skills required.
Preferred experience in auditing job scheduling systems, electronic password management tools and network device management tools.
Preferred experience in auditing database security for SQL, Oracle and HANA databases
GxP regulations, guidelines, and industry standards as they apply to computer systems used within the Life Sciences and Pharmaceutical industry, including FDA regulations 21 CFR Part 11 electronic records/electronic signatures and EU Annex 11
Candidates should also have solid audit skills in all areas below:
Planning and project management while meeting multiple deadlines.
Collecting and analyzing complex data, evaluating information, and drawing logical conclusions.
Conducting reviews of all products of audit work performed by staff (work papers, testing and sampling plans, status reports, draft issues, etc.).
Effective verbal and written communications, including active listening and presenting findings and recommendations in a clear and concise manner, and resolving issues that may arise in a professional manner
Establishing and maintaining good working relationships with co-workers, staff and external contacts, and working effectively in a professional team environment in a matrixed organization.
Performing timely and constructive staff reviews.
International business travel is required.
Pfizer is an equal opportunity employer and complies with all applicable equal employment opportunity legislation in each jurisdiction in which it operates.
Finance & Accounting