Senior Manager, IT Audit in Cambridge

BeOne continues to grow at a rapid pace with challenging and exciting opportunities for experienced professionals. When considering candidates, we look for scientific and business professionals who are highly motivated, collaborative, and most importantly, share our passionate interest in fighting cancer.

General Description: BeiGene is seeking an experienced Senior IT Audit Manager to join our growing internal audit (IA) function, who will be responsible for IA assurance activities from a business, technology, and security perspective across the organization. This person will support the achievement of the Company’s business objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of the company’s risk management, control, and governance processes related to technology areas. This position will liaise across business groups, including but not limited to IT, Finance, Legal, Compliance, external auditors, and other stakeholders to execute the Internal Audit Plan and SOX 404 assurance work.

Essential Functions of the job:

• Strategic Business Partnership and Risk Assessment
  • Support Associate Director, IT Audit to develop and maintain strategic partnerships to improve risk management and control processes.
  • Engage in the risk assessment process by identifying and evaluating technology-related risks that could affect the achievement of business objectives, ensuring alignment with company goals.
  • Implement and maintain risk management strategies for Internal Audit, monitor and report on risk status, ensure compliance with regulations, and collaborate with internal control teams to maintain a robust IT environment.
• Audit Leadership
  • Lead complex and/or global financial, compliance, and operational audits and advisory initiatives to assess process and control effectiveness, encompassing all audit cycle phases: planning, execution, issue escalation, documentation, reporting, and remediation follow-up.
  • Develop risk-based, tailored audit programs across a wide variety of IT risks, including but not limited to areas such as Cybersecurity, System Implementations, Data Privacy, Active Directory, etc.
  • Conduct on-site fieldwork to assess the Company’s information system and security related processes and controls. Ensure all audit program steps are completed, transactions are thoroughly evaluated, and work papers are properly documented for audit conclusions.
  • Craft accurate, concise and compelling audit and advisory reports, and support or deliver presentations of findings and recommendations to internal and external management, including senior leadership.
  • Coordinate with external auditor and management in leading the annual planning of Sarbanes-Oxley (SOX) 404/C-SOX compliance requirements.
  • Collaborate with co-source and external auditors to support global Sarbanes-Oxley 404 compliance by assessing and testing ITGC and ITAC internal controls, ensuring adequate test work, documentation, and audit quality to drive more reliance.
  • Coordinate and collaborate with business leaders, external auditors, and other control and monitoring disciplines (i.e., IT, Compliance and Legal) to facilitate audits and ensure effective and efficient coverage of Company-wide risks.
• Project Management
  • Allocate resources for internal audits and manage third-party work to ensure timely and high-quality completion.
  • Monitor audit projects proactively, addressing issues promptly to ensure smooth progress.
  • Ensure all audit activities comply with internal audit standards and methodologies, maintaining rigor and professionalism.
• Additional Assignments
  • Support any additional assignments or special projects as required including but not limited to Quality Assurance and Improvement Program (QAIP), External/Internal Quality Assessment to enhance the effectiveness and efficiency of the Internal Audit function.
  • Stay updated on industry trends and best practices in internal auditing and relevant subject matter expertise areas.
• Supervisory Team Development
  • Provide coaching and mentoring to team members on audit projects, ensuring they develop the necessary skills and knowledge to excel in their roles.
  • Cultivate a collaborative and supportive team environment, promoting open communication, mutual respect, and a shared commitment to achieving audit objectives.
  • Identify the developmental needs of team members and facilitate targeted training opportunities, foster continuous professional growth and enhance overall team performance.
• Computer Skills:
  • Strong Microsoft Office skills (particularly Excel and PowerPoint).
  • Knowledge of various operating systems like Windows, Linux, and Unix.
  • Understanding of database management systems such as SQL, Oracle, and NoSQL databases.
  • Familiarity with network infrastructure, protocols, and security measures.
  • Proficiency in audit software tools like AuditBoard, ACL, Tableau, PowerBI and other data analytics tools.
  • Skilled users of SAP and Generative AI.

Education Required: Bachelor’s degree in computer science, Management Information Systems, Cybersecurity, or related field of study from an accredited university.

Other Qualifications:

• 7-12 years of progressive experience in performing and independently leading complex information technology and cybersecurity audits. (Big Four Experience Preferred)
• Expert knowledge across all IT domains including cloud security, DevOps, secure software development, application security, databases, and operating systems.
• Expert knowledge of authentication, authorization, and credential management.
• Strong SOX/C-SOX ITGC and application control testing audit experience, and proficient in COSO, NIST CFS, ISO27001 etc. Standards.
• Strong verbal and written communication skills.
• Professional Certification, (e.g. CISA, CRISC, CISSP, IAPP, CISM,) required; CIA preferred.
• Pharmaceutical industry experience and knowledge preferred.

Travel/Other Requirements: 10%, as required. Availability to meet during flexible hours on zoom/conference calls with colleagues in different U.S. time zones, Europe, and China.

Global Competencies When we exhibit our values of Patients First, Driving Excellence, Bold Ingenuity and Collaborative Spirit, through our twelve global competencies below, we help get more affordable medicines to more patients around the world.

• Fosters Teamwork
• Provides and Solicits Honest and Actionable Feedback
• Self-Awareness
• Acts Inclusively
• Demonstrates Initiative
• Entrepreneurial Mindset
• Continuous Learning
• Embraces Change
• Results-Oriented
• Analytical Thinking/Data Analysis
• Financial Excellence
• Communicates with Clarity

Salary Range: $129,400.00 - $174,400.00 annually. BeOne is committed to fair and equitable compensation practices. Actual compensation packages are determined by several factors that are unique to each candidate, including but not limited to job-related skills, depth of experience, certifications, relevant education or training, and specific work location. Packages may vary by location due to differences in the cost of labour. The recruiter can share more about the specific salary range for a preferred location during the hiring process. Please note that the listed range reflects the base salary or hourly range only. Non-Commercial roles are eligible to participate in the annual bonus plan, and Commercial roles are eligible to participate in an incentive compensation plan. All Company employees have the opportunity to own shares of BeOne Medicines Ltd. stock because all employees are eligible for discretionary equity awards and to voluntarily participate in the Employee Stock Purchase Plan. The Company has a comprehensive benefits package.