Specialist IT SOX and SAP GRC Compliance

Career Category

Job Description

Join Amgen’s Mission of Serving Patients

At Amgen, if you feel like you’re part of something bigger, it’s because you are. Our shared mission—to serve patients living with serious illnesses—drives all that we do.

Since 1980, we’ve helped pioneer the world of biotech in our fight against the world’s toughest diseases. With our focus on four therapeutic areas –Oncology, Inflammation, General Medicine, and Rare Disease– we reach millions of patients each year. Amgen is advancing a broad and deep pipeline of medicines to treat cancer, heart disease, inflammatory conditions, rare diseases, and obesity and obesity-related conditions. As a member of the Amgen team, you’ll help make a lasting impact on the lives of patients as we research, manufacture, and deliver innovative medicines to help people live longer, fuller happier lives.

Our award-winning culture is collaborative, innovative, and science based. If you have a passion for challenges and the opportunities that lay within them, you’ll thrive as part of the Amgen team. Join us and transform the lives of patients while transforming your career.

Specialist IT SOX and SAP GRC Compliance

What you will do

Let’s do this. Let’s change the world. In this vital role, you will support the integrity, accuracy, and compliance of key reports and SAP GRC controls relied upon for SOX processes, helping ensure strong financial and IT control environments across the organization.

Key Responsibilities:

• Serve as a key contributor to the SOX Key Reports program, supporting reports relied upon for SOX controls.
• Perform detailed technical analysis of report logic, including code, queries, scripts, and data transformations, to understand how reports are generated.
• Validate report completeness and accuracy by reconciling report outputs to source systems and underlying data.
• Assess report logic and calculations to confirm alignment with control objectives and SOX requirements.

Technical Review & Reconciliation

• Partner with system owners and developers to review report design, logic, and dependencies.
• Review and understand the custom-developed and configurable code (e.g., SAP ABAP, SQL scripts, Oracle, Workday, custom financial systems) and annotate code logic.
• Perform report tie-outs between the report provided by the process owner and the independently generated output derived from code or query review.
• Recreate report outputs using reviewed SQL queries, application logic, or ERP report code to validate accuracy.
• Reconcile record counts, key data fields, and financial totals between the process owner’s report and the code-generated output.
• Confirm report logic, parameters, and date ranges used by the process owner align with the underlying code reviewed.
• Verify that no manual manipulation or post-extraction adjustments were applied to the report after system generation.
• Investigate, document, and resolve variances identified during tie-outs, ensuring explanations are reasonable, supported, and appropriately approved.
• Analyze and interpret technical artifacts such as SQL queries, stored procedures, ETL logic, and application code as needed.
• Identify gaps, defects, or risks related to report logic, data integrity, or system changes.
• Support remediation activities when report logic or outputs do not meet SOX expectations.

SOX Controls & Audit Support

• Ensure key reports meet SOX documentation and testing requirements, including report completeness, accuracy, and change management controls.
• Support internal and external audits by providing technical explanations, reconciliations, and evidence related to SOX key reports.
• Partner with SOX, compliance, and audit teams to respond to audit inquiries and testing requests.
• Participate in walkthroughs and auditor inquiries.
• Support remediation efforts and re-testing.

SAP GRC Support

• Support the design, implementation, and effectiveness of SAP GRC SOX ITGC controls (Logical Access, SoD, Emergency Access).
• Assist in establishing and maintaining control frameworks, standards, and procedures aligned with SOX and company policies.
• Support governance of SAP GRC processes, including Access Request, Risk Analysis, Role Management, and Emergency Access.
• Collaborate on SoD ruleset management and user access lifecycle activities, ensuring alignment with least privilege and role-based access principles.
• Support execution of key controls such as normal and critical role reviews, privileged access monitoring, and issue remediation.
• Partner with IT Security, Basis, and application teams to ensure proper implementation of security controls within SAP environments (ECC, S/4HANA, and other integrated systems).
• Partner with Internal and External Audit teams to support audit readiness and ensure quality of supporting evidence.
• Assist in remediation efforts, including root cause analysis and implementation of corrective actions.
• Contribute to continuous improvement, automation, and stakeholder alignment across IT, Security, and business teams.

What we expect of you

We are all different, yet we all use our unique contributions to serve patients. The professional we seek is an individual with these qualifications.

Basic Qualifications:

Doctorate degree

OR

Master’s degree and 2 years of Information Security experience

OR

Bachelor’s degree and 4 years of Information Security experience

OR

Associate’s degree and 8 years of Information Security experience

OR

High school diploma / GED and 10 years of Information Security experience

Preferred Qualifications:

• ServiceNow IRM experience.
• Prior policy exception, audit, and service management experience.
• Attention to detail: Ensure accuracy and thoroughness in policy exception and audit preparation.
• Adaptability: Adjust to changing regulatory requirements and security threats.
• Service orientation: Focus on stabilizing and enhancing the quality of security services.
• Collaboration: Work effectively with cross-functional teams, inform and educate stakeholders, and build strong relationships with stakeholders.
• Ability to independently manage priorities and meet deadlines in a fast-paced, virtual team environment.
• Superb communication, organization, and planning skills.
• Technical curiosity with strong logical, problem-solving, and decision-making skills.
• Driven and thorough, with the ability to deal with complexity and ambiguity.
• Working experience in an Agile or DevOps environment.
• Must be team-oriented, placing priority on the successful completion of team goals.
• Practical knowledge of information security standards and frameworks such as ISO 27001/27002, NIST, and others.

Preferred Certifications:

• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• CompTIA Security
• Certified Information Systems Security Professional (CISSP)
• SANS Global Information Assurance Certifications (GIAC)

Technical Skills:

• Experience with ERP systems is a must (SAP S/4 Hana, Oracle, Workday, PeopleSoft).
• Ability to review queries, scripts, or logic (ABAP, SQL, Python preferred).
• Experience with using the Alteryx tool or other similar tools (e.g., Python, Oracle SQL Developer, etc.).
• Understanding of data flows, access controls, and change management.
• Experience and knowledge in financial controls and reporting will be an added advantage.
• Big 4 IT Audit or SOX advisory experience is an advantage.
• Experience with other systems such as Anaplan and Model N is an advantage.
• Experience with GRC tools such as AuditBoard is an advantage.
• Experience with IT asset management tools, such as ServiceNow, is an advantage.

Key Competencies:

• Strong analytical and problem-solving skills.
• Attention to detail and excellent documentation skills.
• Ability to translate technical logic into business control language.
• Effective communication with IT, Finance, and Audit teams.
• Ability to manage multiple priorities under tight timelines.

What you can expect from us

As we work to develop treatments that take care of others, we also work to care for your professional and personal growth and well-being. From our competitive benefits to our collaborative culture, we’ll support your journey every step of the way.

The expected annual salary range for this role in the U.S. (excluding Puerto Rico) is posted. Actual salary will vary based on several factors including but not limited to, relevant skills, experience, and qualifications.

In addition to the base salary, Amgen offers a Total Rewards Plan, based on eligibility, comprising of health and welfare plans for staff and eligible dependents, financial plans with opportunities to save towards retirement or other goals, work/life balance, and career development opportunities that may include:

• A comprehensive employee benefits package, including a Retirement and Savings Plan with generous company contributions, group medical, dental and vision coverage, life and disability insurance, and flexible spending accounts
• A discretionary annual bonus program, or for field sales representatives, a sales-based incentive plan
• Stock-based long-term incentives
• Award-winning time-off plans
• Flexible work models where possible. Refer to the Work Location Type in the job posting to see if this applies

Apply now and make a lasting impact with the Amgen team.

careers.amgen.com

In any materials you submit, you may redact or remove age-identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information.

Application deadline

Amgen does not have an application deadline for this position; we will continue accepting applications until we receive a sufficient number or select a candidate for the position.

Sponsorship

Sponsorship for this role is not guaranteed.

As an organization dedicated to improving the quality of life for people around the world, Amgen fosters an inclusive environment of diverse, ethical, committed and highly accomplished people who respect each other and live the Amgen values to continue advancing science to serve patients. Together, we compete in the fight against serious disease.

Amgen is an Equal Opportunity employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or any other basis protected by applicable law.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. Amgen is an Equal Opportunity employer and will consider you without regard to your race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.

Salary Range