Senior IT Auditor
At Bristol Myers Squibb, we are inspired by a single vision – transforming patients’ lives through science. In oncology, hematology, immunology and cardiovascular disease – and one of the most diverse and promising pipelines in the industry – each of our passionate colleagues contribute to innovations that drive meaningful change. We bring a human touch to every treatment we pioneer. Join us and make a difference.
Bristol-Myers Squibb (BMS) is a global Biopharma company committed to a single mission: to discover, develop, and deliver innovative medicines focused on helping millions of patients around the world in disease areas such as oncology, cardiovascular, immunoscience, and fibrosis.
Join us and make a difference. We hire the best people and provide them with a work environment that places a premium on diversity, integrity, collaboration and personal development. Through a culture of inclusion, we create a better, more productive work environment. We believe that the diverse experiences and perspectives of all our employees help to drive innovation and transformative business results.
Global Internal Audit & Assurance (GIA) is viewed within BMS as a source of key diverse organizational talent, with alumni holding various roles, including leadership positions in business and IT operations. In this role, the Senior IT Auditor will receive broad exposure to BMS’ Information Technology (IT) and business operations.
The Senior IT Auditor in GIA will work in a team environment to plan and execute dynamic risk-based audits and identify value-added recommendations to strengthen Company processes and controls. Audits will include U.S.-based operations, international Company subsidiaries, strategic initiatives, critical business processes, and key third-party outsourcing arrangements. Throughout the audits, the Senior IT Auditor will have the opportunity to interact with senior management and enhance oral and written communication skills.
Work collaboratively with audit teams to execute IT, operational and integrated audits
Conduct planning activities to identify significant risks and develop appropriate risk-based audit procedures
Research applicable policies, guidance, and regulations to drive assigned sections of the audit with high quality and within deadlines
Collect and analyze necessary data for audits, evaluate information and draw logical conclusions
Design and execute standalone data analytics to support audit findings and business requests
Interview key personnel to assess business processes and the strength of their control environments
Identify meaningful value-added recommendations for management to improve the adequacy, effectiveness, and efficiency of controls and related processes
Lead meetings involving various levels of management to effectively communicate audit status, align on significant audit issues and recommended corrective actions
Prepare clear, detailed audit documentation evidencing the results of actual testing procedures in accordance with BMS and the Institute of Internal Auditors (IIA) standards
Prepare audit reports, including clearly written, concise audit observations that effectively communicate identified issues and their related corrective actions to key stakeholders
Participate in departmental projects as assigned (e.g., audit lessons learned, training, continuous improvement) and annual audit training
Following skills and experience are essential:
A BA/BS degree in Information Sciences, Computer Sciences, Data Sciences, Accounting, Finance, or other business discipline
A minimum of 3 years of prior IT / Operational audit and/or IT related experience (e.g., Business Analysis, IT Project Management, IT Operations, IT Compliance, Information Security / Cybersecurity)
Strong knowledge of IT General Controls, System Development Life Cycle, COBIT and IIA standards
Strong verbal and written communication skills
Proficiency with Excel/Word/PowerPoint
Ability to travel approximately 15% for NJ based resources/approximately, including international travel for up to three weeks at a time
Following skills and/or experiences are an advantage:
Professional certification (i.e., CISA, CIA, CISSP)
Experience in auditing system implementation/ERP, cybersecurity, data privacy, digital transformation, and other emerging technologies
Experience with Internal Audit, and/or Big Four/other consulting firms
Data analytics experience
Quick Learner: Able to identify risk and quickly develop an understanding of complex processes. Works effectively in ambiguous situations and adapts quickly in a rapidly changing environment.
Action-Oriented: Pursues tasks with a sense of urgency. Shows accountability by taking ownership of assigned responsibilities and completing them on time, with the highest quality.
Critical Thinking: Gathers relevant information and critically evaluates it to define next steps and propose a solution.
Effective Communicator: Displays excellent ability to communicate across various levels of management, including with executives, to explain identified issues and related corrective actions.
Project Management: Demonstrates speed and innovation to get things done; can simplify complex processes; knows of and can leverage resources to drive tasks/projects forward across functions and within the function.
Team Player: Works well in a team environment, fostering inclusion and building effective relationships with both team members and customers.
Development-Oriented: Committed to and actively works toward continuous improvement, including self-development.
Integrity: Exhibits passion for the work that they do and demonstrates the ethical behavior expected of an internal audit function.
Around the world, we are passionate about making an impact on the lives of patients with serious diseases. Empowered to apply our individual talents and diverse perspectives in an inclusive culture, our shared values of passion, innovation, urgency, accountability, inclusion and integrity bring out the highest potential of each of our colleagues.
Bristol Myers Squibb recognizes the importance of balance and flexibility in our work environment. We offer a wide variety of competitive benefits, services and programs that provide our employees with the resources to pursue their goals, both at work and in their personal lives.
Physical presence at the BMS worksite or physical presence in the field is an essential job function of this role which the Company deems critical to collaboration, innovation, productivity, employee well-being and engagement, and enhances the Company culture.
To protect the safety of our workforce, customers, patients and communities, the policy of the Company requires all employees and workers in the U.S. and Puerto Rico to be fully vaccinated against COVID-19, unless they have received an exception based on an approved request for a medical or religious reasonable accommodation. Therefore, all BMS applicants seeking a role located in the U.S. and Puerto Rico must confirm that they have already received or are willing to receive the full COVID-19 vaccination by their start date as a qualification of the role and condition of employment. This requirement is subject to state and local law restrictions and may not be applicable to employees working in certain jurisdictions such as Montana. This requirement is also subject to discussions with collective bargaining representatives in the U.S.
Our company is committed to ensuring that people with disabilities can excel through a transparent recruitment process, reasonable workplace adjustments and ongoing support in their roles. Applicants can request an approval of accommodation prior to accepting a job offer. If you require reasonable accommodation in completing this application or if you are applying to a role based in the U.S. or Puerto Rico and you believe that you are unable to receive a COVID-19 vaccine due to a medical condition or sincerely held religious belief, during or any part of the recruitment process, please direct your inquiries to email@example.com. Visit careers.bms.com/eeo-accessibility to access our complete Equal Employment Opportunity statement.
Any data processed in connection with role applications will be treated in accordance with applicable data privacy policies and regulations.