Specialist IT SOX and SAP GRC Compliance

• Serve as a key contributor to the SOX Key Reports program, supporting reports relied upon for SOX controls.
• Perform detailed technical analysis of report logic, including code, queries, scripts, and data transformations, to understand how reports are generated.
• Validate report completeness and accuracy by reconciling report outputs to source systems and underlying data.
• Assess report logic and calculations to confirm alignment with control objectives and SOX requirements.

Technical Review & Reconciliation

• Partner with system owners and developers to review report design, logic, and dependencies.
• Review and understand the custom-developed and configurable code (e.g., SAP ABAP, SQL scripts, Oracle, Workday, custom financial systems) and annotate code logic.
• Perform report tie-outs between the report provided by the process owner and the independently generated output derived from code or query review.
• Recreate report outputs using reviewed SQL queries, application logic, or ERP report code to validate accuracy.
• Reconcile record counts, key data fields, and financial totals between the process owners report and the code-generated output.
• Confirm report logic, parameters, and date ranges used by the process owner align with the underlying code reviewed.
• Verify that no manual manipulation or post-extraction adjustments were applied to the report after system generation.
• Investigate, document, and resolve variances identified during tie-outs, ensuring explanations are reasonable, supported, and appropriately approved.
• Analyze and interpret technical artifacts such as SQL queries, stored procedures, ETL logic, and application code as needed.
• Identify gaps, defects, or risks related to report logic, data integrity, or system changes.
• Support remediation activities when report logic or outputs do not meet SOX expectations.

SOX Controls & Audit Support

• Ensure key reports meet SOX documentation and testing requirements, including report completeness, accuracy, and change management controls.
• Support internal and external audits by providing technical explanations, reconciliations, and evidence related to SOX key reports.
• Partner with SOX, compliance, and audit teams to respond to audit inquiries and testing requests.
• Participate in walkthroughs and auditor inquiries.
• Support remediation efforts and re-testing.

SAP GRC Support

• Support the design, implementation, and effectiveness of SAP GRC SOX ITGC controls (Logical Access, SoD, Emergency Access).
• Assist in establishing and maintaining control frameworks, standards, and procedures aligned with SOX and company policies.
• Support governance of SAP GRC processes, including Access Request, Risk Analysis, Role Management, and Emergency Access.
• Collaborate on SoD ruleset management and user access lifecycle activities, ensuring alignment with least privilege and role-based access principles.
• Support execution of key controls such as normal and critical role reviews, privileged access monitoring, and issue remediation.
• Partner with IT Security, Basis, and application teams to ensure proper implementation of security controls within SAP environments (ECC, S/4HANA, and other integrated systems).
• Partner with Internal and External Audit teams to support audit readiness and ensure quality of supporting evidence.
• Assist in remediation efforts, including root cause analysis and implementation of corrective actions.
• Contribute to continuous improvement, automation, and stakeholder alignment across IT, Security, and business teams.

Doctorate degree

OR

Masters degree and 2 years of Information Security experience

OR

Bachelors degree and 4 years of Information Security experience

OR

Associates degree and 8 years of Information Security experience

OR

High school diploma / GED and 10 years of Information Security experience

Preferred Qualifications:

• ServiceNow IRM experience.
• Prior policy exception, audit, and service management experience.
• Attention to detail: Ensure accuracy and thoroughness in policy exception and audit preparation.
• Adaptability: Adjust to changing regulatory requirements and security threats.
• Service orientation: Focus on stabilizing and enhancing the quality of security services.
• Collaboration: Work effectively with cross-functional teams, inform and educate stakeholders, and build strong relationships with stakeholders.
• Ability to independently manage priorities and meet deadlines in a fast-paced, virtual team environment.
• Superb communication, organization, and planning skills.
• Technical curiosity with strong logical, problem-solving, and decision-making skills.
• Driven and thorough, with the ability to deal with complexity and ambiguity.
• Working experience in an Agile or DevOps environment.
• Must be team-oriented, placing priority on the successful completion of team goals.
• Practical knowledge of information security standards and frameworks such as ISO 27001/27002, NIST, and others.

Preferred Certifications:

• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• CompTIA Security
• Certified Information Systems Security Professional (CISSP)
• SANS Global Information Assurance Certifications (GIAC)

Technical Skills:

• Experience with ERP systems is a must (SAP S/4 Hana, Oracle, Workday, PeopleSoft).
• Ability to review queries, scripts, or logic (ABAP, SQL, Python preferred).
• Experience with using the Alteryx tool or other similar tools (e.g., Python, Oracle SQL Developer, etc.).
• Understanding of data flows, access controls, and change management.
• Experience and knowledge in financial controls and reporting will be an added advantage.
• Big 4 IT Audit or SOX advisory experience is an advantage.
• Experience with other systems such as Anaplan and Model N is an advantage.
• Experience with GRC tools such as AuditBoard is an advantage.
• Experience with IT asset management tools, such as ServiceNow, is an advantage.

Key Competencies:

• Strong analytical and problem-solving skills.
• Attention to detail and excellent documentation skills.
• Ability to translate technical logic into business control language.
• Effective communication with IT, Finance, and Audit teams.
• Ability to manage multiple priorities under tight timelines.

The expected annual salary range for this role in the U.S. (excluding Puerto Rico) is posted. Actual salary will vary based on several factors including but not limited to, relevant skills, experience, and qualifications.

In addition to the base salary, Amgen offers a Total Rewards Plan, based on eligibility, comprising of health and welfare plans for staff and eligible dependents, financial plans with opportunities to save towards retirement or other goals, work/life balance, and career development opportunities that may include:

• A comprehensive employee benefits package, including a Retirement and Savings Plan with generous company contributions, group medical, dental and vision coverage, life and disability insurance, and flexible spending accounts
• A discretionary annual bonus program, or for field sales representatives, a sales-based incentive plan
• Stock-based long-term incentives
• Award-winning time-off plans
• Flexible work models where possible. Refer to the Work Location Type in the job posting to see if this applies

At Amgen, if you feel like youre part of something bigger, its because you are. Our shared missionto serve patients living with serious illnessesdrives all that we do. Since 1980, weve helped pioneer the world of biotech in our fight against the worlds toughest diseases. With our focus on four therapeutic areas Oncology, Inflammation, General Medicine, and Rare Disease we reach millions of patients each year. Amgen is advancing a broad and deep pipeline of medicines to treat cancer, heart disease, inflammatory conditions, rare diseases, and obesity and obesity-related conditions. As a member of the Amgen team, youll help make a lasting impact on the lives of patients as we research, manufacture, and deliver innovative medicines to help people live longer, fuller happier lives. Our award-winning culture is collaborative, innovative, and science based. If you have a passion for challenges and the opportunities that lay within them, youll thrive as part of the Amgen team. Join us and transform the lives of patients while transforming your career. Specialist IT SOX and SAP GRC Compliance What you will do Lets do this. Lets change the world. In this vital role, you will support the integrity, accuracy, and compliance of key reports and SAP GRC controls relied upon for SOX processes, helping ensure strong financial and IT control environments across the organization., As an organization dedicated to improving the quality of life for people around the world, Amgen fosters an inclusive environment of diverse, ethical, committed and highly accomplished people who respect each other and live the Amgen values to continue advancing science to serve patients. Together, we compete in the fight against serious disease., We are all different, yet we have this in common: our mission to serve patients. This sense of shared purpose is key to our becoming one of the world's leading biotechnology companies. It guides us as we continue to launch new medicines and reach millions of patients worldwide. We live the mission. We win together. We thrive on continual challenge. Our team of 22,000+ scientists and professionals worldwide bring distinct perspectives and experiences to all we do. We leverage our global talent to achieve together-to research, manufacture and deliver ever-better products and greater depth to our mission. At Amgen, there is a strong correlation between our high level of diversity and performance. Because addressing issues with a wider range of perspectives and approaches leads to more creative problem-solving. Together, we're transforming the promise of science and biotechnology into therapies that have the power to restore health. Connect with us to explore how you can Win, Live, and Thrive at Amgen.