The position summary states the general nature and purpose of the job. Overall accountabilities are defined in this section.
The IT Compliance Manager will be responsible for maintaining the IT Risk Control Framework and Sarbanes Oxley (SOX) IT General Controls (ITGC) across all divisions and various technology platforms including SAP and JD Edwards ERP systems.
The Manager must be familiar with the ITGC control framework, assessing and testing all aspects of ITGC controls including Change Management, Logical Access, Program Development and Computer Operations in all technology layers – Application, Database, Operating System and Network.
The IT Compliance Manager will have a direct reporting responsibility and accountability to the Assistant Vice President of IT Planning and Administration and will work closely with Business Compliance and Internal Audit.
By leveraging his/her experience, leadership skills, positive attitude as well as understanding of Smithfield’s Risk Control Framework and IT General Controls (ITGC), the IT Compliance Manager will be responsible to ensure that Smithfield’s IT environments achieve compliance to Smithfield’s Internal Control over Financial Reporting (ICFR).
Responsibilities and tasks are written as follows:
- Perform annual IT Risk Assessment including the following: identification of all systems supporting key financial processes; assessment of controls (general and application) for key financial systems; assessment and/or development of test procedures, including assessment of control testers.
- Maintain IT Risk Control Matrix to document all key financial systems, controls and testing procedures.
- Ensure proper accounting of SOX documentation for ITGC to include IT Risk Control Matrix, ITGC Process Narratives, ITGC testing, issue evaluation and reporting.
- Coordinate and assist with testing and evaluating IT systems and controls for SOX compliance in a predominately SAP environment.
- Provide ITGC training and documentation as needed.
- Work with the IT teams and business units in remediating control deficiencies
- Evaluate third party SSAE 16 (SOC 1) reports for compliance to system control requirements.
- Make recommendations for enhancement of IT system controls and process improvements.
- Guide the project teams on IT risk and control / compliance requirements for new systems.
- Maintain timely and complete communications within the IT department, Internal Audit and Compliance including identification of ITGC issues and exceptions.
- Serve as liaison to internal and external auditors for ITGC testing.
- Ability to work on multiple projects, balancing a mix of resources, due dates and requirements.
- Develop and foster effective working relationships within IT at each of the Divisions as well as key Business,Internal Audit and Compliance personnel.
- Work closely with the Director of IT Security on Cyber Security strategy and implementation.
- Work closely with owners of the Access Control, Release Management, Change Management and Vendor Management processes to ensure compliance with the ITGC Framework.
The above statements are intended to describe the general nature and level of work being performed by peopleassigned to this job. They are not intended to be an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. May perform other duties as assigned.
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals to perform the essential functions.
- Bachelor's Degree from a regionally accredited four-year college or university in Computer Science, Business, Accounting or related field and 5+ years of relevant experience in IT Audit/Compliance; or equivalent combination of education and experience.
- MBA, Preferred.
- In-depth knowledge of business processes as well as process controls and risks and an understanding on how this relates to the IT environment and audit procedures.
- Big 4 IT Audit background and consumer packaged goods industry (SAP ERP) experience is a plus.
- One or more of the following is desired:
- Certified Information Systems Auditor (CISA)
- Certified Public Accountant (CPA)
- Certified Internal Auditor (CIA)
- Understanding of IT control frameworks and standards such as COBIT.
- Managed IT general computing controls risk / SOX / compliance process including updates to the annual testing, test execution, review of test results, recommending solutions to gaps and addressing gaps with control owners.
- Broad knowledge of IT infrastructure and architecture of computer systems as well as exposure to a variety of platforms such as operating systems, networks, databases and ERP systems.
- Experience with SAP’s ECC, BW, SCM, PI/PO, TM and BOBJ applications and services.
- Experience with SAP’s GRC Access Control tool along with Segregation of Duty (SOD) analysis and sensitive administrative T-Codes and privileged user access.
- Familiarity with JD Edwards ERP systems.
- Experience with project management.
- Proven experience in navigating complex organizations, creative problem solving and effective relationship management.
- Ability to translate complex technical topics into easy to understand concepts and the ability to manageescalations and communications.
- Strong verbal and written communication skills with ability to effectively communicate with peers andexecutive leadership.
- Strong leadership and management skills that align with the Smithfield culture. Specific skills include facilitating change, driving operational excellence, and striving for continuous improvement.
This job has no supervisory responsibilities.
The physical demands described here are representative of those an employee should possess to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities toperform the essential functions.
- Occasionally required to stand; walk; and reach with hands and arms.
- Regularly required to talk and hear.
- Frequently required to sit and use hands to handle, or feel. Occasionally required to lift and/or move up to25 pounds.
- Specific vision abilities required by this job include close vision.
The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals withdisabilities to perform the essential functions.
- Occasionally required to work in wet or humid conditions (non-weather); work near moving mechanical parts; fumes or airborne particles.
- Noise level in the work environment is usually moderate.
- Although the majority of the time work will be performed in an office environment, must be able to visit andwork in a plant, warehouse, distribution center or other manufacturing facility.
Smithfield is an Equal Opportunity/Affirmative Action (EEO/AA) Employer. All qualified applicants will receive consideration without regard to race, color, national origin, sex, sexual orientation, gender identity, religion, age, statusas a protected veteran, status as an individual with disability, or any other protected group status or non-job related characteristic as directed by law.