The Finance team’s goal is to be a trusted and collaborative partner to all the businesses and functional teams that we work with, bringing business acumen, financial expertise and insights to aid decision-making and deliver value to our stakeholders. We strive to generate value through providing specialist advice and making recommendations to optimize decision making, delivering transparent processes and implementing governance and controls to mitigate risk.
Let's talk about the team and you
As a Specialist within the Internal Audit function, the IT Audit and Assurance team’s goal is to be a trusted and collaborative partner to all Business and IT teams that we work with, bringing IT Risk and Compliance expertise, and insights to aid decision-making and deliver value to our stakeholders. We strive to generate value through providing specialist advice and making recommendations to optimize decision making, delivering transparent processes, and help implementing IT Governance and Controls to mitigate IT risks.
Being a global leader in health technology and connected care, ResMed’s complex IT environment is continuously evolving. The primary role of Internal IT Audit is to assess IT risks throughout the organization, within various information systems and tools, and independently test and document controls to ensure IT risks are appropriately mitigated, both for our internal business process supporting information systems, as well as our customer facing solutions (e.g. MyAir / AirView).
As an IT Auditor / IT Risk analyst, you will work closely with the other five members of the IT Audit team (based in Sydney, Kuala Lumpur, and San Diego) to perform IT risk assessments and provide advice that will help the company manage IT risks as it continues on its Digital Transformation journey.
This role can be based either in San Diego or Central Europe (UK/Ireland).
Let’s talk about Responsibilities
- Participate in, and perform IT risk assessments with a focus on SOX, SOC2, HITRUST, GDPR and other privacy-related assessments in scope for ResMed’s global organization. You will be responsible for assessing the full IT environment including application, platform and infrastructure.
- Participate in, and advise on various IT projects, e.g. cloud migrations, RPA initiatives, system or software implementations, operational audits, M&A integration efforts and data security/privacy compliance audits.
- Examine IT controls, evaluate the design and operational effectiveness, determine exposure to risk and assist Business and IT to develop remediation plans.
- Follow-up on IT control deficiencies and improvement opportunities to ensure remediation is undertaken and performed in a timely manner.
- Help facilitate and coordinate audit activities undertaken by ResMed’s external auditors.
Let’s talk about Qualifications and Experience
- Bachelor’s Degree in ICT/ Technology/ System Security or a relevant discipline required. Equivalent combination of education and experience will be considered.
- Relevant industry certifications e.g., CISSP, CCSP, CISM, CISA, or willingness to obtain these as needed.
- Minimum of 2 years of experience in IT Audit, IT Administration, Information Security or other Computer system related field.
- Effective interpersonal, written, and verbal communication skills
- Ability to work independently, attention to detail , and a high level of personal accountability for accuracy, task prioritization, and timely completion.
- The ideal candidate will have demonstrable operational knowledge of and experience with managing IT risks and controls (implementing, executing, or auditing) in cloud environments e.g. Oracle Fusion, Microsoft Azure, Amazon Web Services (AWS) and/or SaaS platforms.
- Working knowledge of ISO27001, ISO27002, ISO9001, Sarbanes Oxley, HIPAA, GDPR, FDA Quality System Regulation, 21 CFR Part 11, 21 CFR Part 820, CSA CCM, SOC Audit requirements.
- Demonstrable operational knowledge of and experience with ERP systems (Oracle E-Business Suite, Oracle Fusion, NetSuite), HR systems (Workday), and/or Warehouse Management Systems (Scale / HighJump).
- Understanding of ePHI and Cloud platform security and privacy controls.
- Familiarity with / experience using analytics automation (e.g. Alteryx) and GRC/e-workpaper (e.g. AuditBoard SoxHub) solutions.
- Familiarity with / experience using Robotic Process Automation solutions (e.g. AutomationAnywhere)
- Workshop and facilitation skills to support risk and control assessments.
- Experience working at Big 4 Firm, or internal audit function of a public company in the Medical Device or Manufacturing industry.
Joining us is more than saying “yes” to making the world a healthier place. It’s discovering a career that’s challenging, supportive and inspiring. Where a culture driven by excellence helps you not only meet your goals, but also create new ones. We focus on creating a diverse and inclusive culture, encouraging individual expression in the workplace and thrive on the innovative ideas this generates. If this sounds like the workplace for you, apply now!