About Estée Lauder Companies
The Estée Lauder Companies is the global leader in prestige beauty - delighting consumers with transformative products and experiences, inspiring them to express their individual beauty. We are the only company focused solely on prestige makeup, skin care, fragrance, and hair care with a diverse portfolio of 25+ brands sold in approximately 150 countries and territories. Infused throughout our organization is a passion for creativity and imagination - a desire to push the boundaries and invent the unexpected - as we continue the bold work of our founder Estée Lauder.
Who We Are
Do you want to be part of the team catalyzing digital innovation, harnessing the power of data, and transforming the fabric of security across the world's most prestigious beauty, skin-care, and luxury fragrance brands? Then join the information security and technology team, Enterprise Cybersecurity & Risk (ECR) at Estée Lauder Companies (ELC). ECR's security team fuels cyber defense, technology excellence, risk and compliance, and global resilience. We stay on the forefront of cyber threats to deliver fit-for-purpose tools, technologies, and processes that protect ELC's business operations and empower secure strategic growth. If you thrive in change-rich entrepreneurial environments, then this is the team for you. From our fast-paced delivery plans to our global team expansion, this is an exciting time to join us!
Want more jobs like this?
Get Computer and IT jobs in Kuala Lipis, Malaysia delivered to your inbox every week.
What You'll Do
You will be responsible for participating in the planning and management of the identification and testing of Information Technology (IT) SOX controls to ensure a strong internal control environment and compliance with regulatory requirements and corporate policy. You will work under the supervision of the Manager, IT SOX Compliance, with a routine communication and advisery to IT and Business Process and Control Owners related to control design adequacy, control gaps, impact procedures, remediation actions, and risk management. You will also serve as a laison for the internal & external auditors and will assist in coordinating SOX IT efforts between brands, regions, functions, key stakeholders and various audit teams.
You will be responsible for:
- Participating in the continued transformation of the SOX IT and controls maturation program and play a critical role with the function
- Maintainining a high level of visibility across the organization with various levels of Management and serve as a key point of contact for lines of business. Manage communications with key partners, including messaging of SOX IT objectives and requirements, managing request lists, and facilitating discussions on risk & controls.
- Facilitating the walkthrough process with Management and various audit team. Collaborate with IT partners to review SOX documentation (risk control matrices, narratives, flowcharts) and identify areas where control enhancements and/or documentation improvements are needed. Ensure SOX documentation is accurate and reflects current process.
- Completing and/or reviewing SOX assurance testing for key general IT controls (GITCs/ITGCs), IT application controls (ITACs), and key reports (IPE) identified in the walkthrough process. Coordinate testing approach and align expectations with internal & external auditors to ensure documentation and testing complies with industry standards (including PCAOB) and allows for reliance by the external auditors. Leverage knowledge of SOX methodology and industry requirements to ensure thorough workpapers are maintained.
- Supporting the team-oriented culture of the Tech GRC function. Mentor less experienced Tech GRC team members and contractors and review workpapers where appropriate for quality assurance.
- Assessing IT control deficiencies identified and work with Management for impact analysis and to identify an appropriate remediation action. Follow-up on remediation activities to verify appropriate resolution.
- Gathering details for in-scope SOX entities and assist in performing an annual SOX IT Risk, Scoping and Controls Assessment
- Providing advisory and when required, assess SOC 1 / SOC 2 reports to ensure appropriate controls are identified and operating effectively.
- Assisting and updating IT policies, standards, SOP's as needed
- Participating in cross domain trainings, awareness sessions, and on-the-job learning to further develop risk & controls knowledge across all cirical regulations beyond SOX (i.e. PCI, DI, Privacy / GDPR)
Qualifications
• You have a Bachelor's degree in a relevant field such as Management Information Systems, Computer Science, and/or Accounting
• You have 3-4 years of experience in IT Audit, SOX Compliance, or Information Systems
• You have relevant industry certifications (e.g., CISA, CISSP, CISM)
• You have a working knowledge of internal controls over financial reporting (ICFR), SEC standards, PCAOB standards, the NIST framework, COSO framework, and/or COBIT
• You are experienced in designing test plans, testing and concluding on the operating effectiveness of IT general controls, IT automated controls, key reports, and software development life-cycle controls
• You are experienced in documenting and evaluating deficiencies and assisting management with designing remediation plans
• You have experience with technologies such as SAP, Oracle, Unix/Linux, SAP GRC, and other cloud technologies, especially AWS and Azure
• You are a proven innovative problem solver who thrives in ambiguity
• You are comfortable performing as an individual contributor and teammate concurrently
• You have excellent written and verbal communication skills, interpersonal skills, and presentation skills that allow you to convey tough messages in a kind way
• You have strong personal integrity with the highest ethical standards
• You are extremely organized, have superior attention to detail and a dedication to putting forth high quality work
• Above all else, you are Bright, Kind and Motivated by Challenge
• You'll love solving problems, thinking creatively and trying new things
• You believe in autonomy & taking initiative
Job: Information Technology
Primary Location: Asia Pacific-MY-14-Wilayah Persekutuan
Job Type: Standard
Schedule: Full-time
Shift: 1st (Day) Shift
Job Number: 247050