Job Summary

Job Description

We are seeking a highly skilled Sr. Manager, IT Internal Controls, to lead Medline's IT Internal Controls program. This person will play a critical role in ensuring our IT systems and processes comply with regulations and industry best practices. This person will collaborate with cross-functional teams, including IT, finance, and internal audit, to identify changes to the internal controls landscape and address any potential compliance risks and issues. A successful candidate will have a proven track record of implementing and managing effective and efficient IT internal controls programs at large public companies.

Major Responsibilities:

• Develop and implement a comprehensive IT internal controls compliance strategy and program to ensure adherence to regulations and industry best practices.

• Oversee and manage all aspects of IT compliance with internal control requirements, including designing, implementing, and testing IT controls and processes.

• Collaborate with IT, finance, and other cross-functional teams to identify and document key IT controls and processes that are subject to compliance.

• Oversee the creation and maintenance of IT controls environment documentation (e.g., process flows, narratives, control matrices, role security matrices, etc.).

• Consult on new business initiatives, system implementations, and IT policy changes, and assess the impact of the changes on the IT internal controls environment.

• Conduct regular assessments and audits of IT internal controls to ensure compliance with regulatory requirements and identify any potential compliance risks or issues.

• Identify control gaps, evaluate risk, and develop corrective action plans to address deficiencies, enabling sustainable control processes.

• Develop and implement IT compliance policies, procedures, and guidelines to ensure adherence to regulations and industry standards.

• Serve as Medline's IT liaison to internal and external auditors with respect to IT internal controls; collaborate with auditors to ensure effective and efficient audits and facilitate the timely delivery of necessary documentation and evidence.

• Stay up-to-date with industry trends and changes in internal controls regulations to ensure ongoing compliance and implement necessary updates to IT controls and processes.

• Lead strategy and adoption of GRC tools to facilitate IT internal controls initiatives.

• Evaluate the IT internal controls program for efficiencies and continuous improvement opportunities.

• Collaborate with cross-functional teams to develop, implement, and remediate IT internal controls. Develop and manage relationships with IT and cross-functional stakeholders.

• Track control effectiveness and other program key performance indicators via metrics and dashboards. Prepare and present program updates to senior management.

• Lead and mentor a global team of IT internal controls professionals, fostering a collaborative and high-performance culture.

Minimum Job Requirements:

Education:

• Bachelor's degree in Information Technology, Information Security, Computer Science, Business, Accounting, or related field, or equivalent work experience.

Work Experience:

• Minimum of 8 years of experience in IT internal controls, external audit, internal audit, or related role.
• Minimum of 3 years of leadership or management experience in a relevant discipline.
• Experience leading large IT internal controls programs, with a strong knowledge of SOX regulations and their application to IT systems and processes.
• Proven track record of implementing or maturing effective IT compliance programs at public companies with large, complex IT environments, including:
  • defining and designing new IT control requirements,
  • deploying new policies and controls
  • documenting and maintaining risk control matrices and process flow narratives
  • training control owners on expectations and audit processes
  • liaising with internal and external auditors
  • testing the operating effectiveness of IT internal controls
  • identifying IT control gaps, developing remediation plans, and tracking issues to resolution

Knowledge / Skills / Abilities:

• Familiarity with using modern GRC tools to effectively manage IT internal control execution and testing
• In-depth understanding of IT General Controls (i.e., Change Management, Access, IT Operations), SDLC, and application controls
• Knowledge of SOX audit scoping, testing, and sampling methodologies
• Experience developing and maintaining IT internal control documentation (e.g., risk control matrices, narratives, process flows, etc.)
• Familiarity with SOC 1 report reviews and documenting complementary user entity controls
• Knowledgeable on managing and mitigating segregation of duties violations
• Strong written and verbal skills, including a demonstrated ability to translate complex or technical information into concepts that are easily understood
• Proven ability to effectively interact with and influence stakeholders and promote internal controls and control awareness across a large, complex enterprise
• Experience creating training content and delivering training on internal controls
• Strong analytical, problem solving, and critical thinking skills, including the ability to anticipate issues and to design appropriate solutions
• Detail and deadline oriented, with the ability to manage multiple tasks and priorities simultaneously with limited supervision
• Strong leadership and people management skills, with the ability to inspire and motivate a team
• Proficient with Microsoft Office Suite (Word, Excel, PowerPoint, SharePoint, Visio)

Preferred Job Requirements:

Education:

• Master's degree in an information technology or business discipline.
• CISA, CISSP, CIA, CPA, CRISC, or CISM

Work Experience:

• Experience designing SAP controls
• Experience using AuditBoard SOXHUB module
• Experience configuring and deploying modern GRC tools
• Experience auditing or consulting for a Big 4 firm

DISCLAIMER

All duties and requirements are subject to possible modification to reasonably accommodate individuals with disabilities.

This position description in no way states or implies that these are the only duties to be performed by an employee occupying this position. Employees will be required to follow any other job-related instructions and to perform any other job-related duties requested by their supervisor(s)/manager(s).

This document does not create an employment contract, implied or otherwise, other than an "at will" employment relationship.

Medline Industries, LP, and its subsidiaries, offer a competitive total rewards package, continuing education & training, and tremendous potential with a growing worldwide organization.

The anticipated salary range for this position:

The actual salary will vary based on applicant's location, education, experience, skills, and abilities. This role is bonus and/or incentive eligible. Medline will not pay less than the applicable minimum wage or salary threshold.

Our benefit package includes health insurance, life and disability, 401(k) contributions, paid time off, etc., for employees working 30 or more hours per week on average. For a more comprehensive list of our benefits please click here. For roles where employees work less than 30 hours per week, benefits include 401(k) contributions as well as access to the Employee Assistance Program, Employee Resource Groups and the Employee Service Corp.

Every day, we're focused on building a more diverse and inclusive company, one that recognizes, values and respects the differences we all bring to the workplace. From doing what's right to delivering business results, together, we're better. Explore our Diversity, Equity and Inclusion page here.

Medline Industries, LP is an equal opportunity employer. Medline evaluates qualified applicants without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity or expression, protected veteran status, disability/handicap status or any other legally protected characteristic.