TODO LO QUE NECESITAS ES SER TÚ.
MAKE MAGIC HAPPEN.

The primary purpose of this role is to ensure the organization’s IT systems and processes comply with CCEP’s internal policies and procedures and that we are aligned to Sarbanes-Oxley Act (SOX) requirements. The professional will be responsible for developing, implementing, and maintaining IT security policies, procedures and controls to safeguard the integrity, confidentiality, and availability of our information assets. This role involves conducting regular 2nd line review activities such as; risk assessments/audits and compliance checks to identify and mitigate potential security threats and vulnerabilities. The professional will collaborate with various departments to ensure that all IT-related activities align with regulatory standards and best practices, thereby supporting the organization’s overall governance, risk management, and compliance objectives.

Key responsibilities:

• Ensuring that our IT system landscape is managed in line with our control framework, policies and procedures and our SOX requirements as well as our other compliance frameworks
• Ensuring that future system integrations as part of our transformational projects are CCEP and SOX compliant.
• Identifying opportunities and improvements and drive for change to implement improvement processes and improved controls
• Engaging and supporting the IT organization and business to align priorities and plans with key business objectives while ensuring that our key risks and controls are addressed
• Acting as an empowered representative of the information security office during IT planning initiatives to ensure that security measures are incorporated into strategic IT plans and that service expectations are clearly defined
• Responsible for working with business and IT stakeholders to balance real-world risks with business drivers such as speed, agility, flexibility and performance. As such, the candidate is responsible to build strong relationships at all levels and across all business units and organizations, and understand business imperatives  

Experience (On the Job)

Overall, extensive hands-on experience with SOX compliance, including conducting risk assessments, project improvements and implementing controls, including but not limited to:

• Monitoring of IT General control initiation, execution, quality and compliance with (different) requirements
• Conducting and managing SOX compliance audits, including IT General Controls (ITGC) and application controls
• Performing risk assessments to identify potential security threats and vulnerabilities
• Developing and implementing remediating and mitigating strategies to address identified risks
• Working closely with various departments, including finance, internal audit, and IT, to ensure alignment with SOX compliance requirements
• Leading the transformation and transition of control ownership to the appropriate departments (structure, setup and support transition)
• Educating control owner on effective compliance processes and the importance of maintaining robust controls
• Maintaining comprehensive documentation of compliance activities, audit results and risk assessments
• Reporting to senior management and external auditors
• Strong understanding of business applications, including ERP and financial systems

Qualifications

• At minimum, 6-8 years of experience in IT Security, Compliance or audit roles with relevant SOX auditing and/or Risk Management experience
• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related field.
• Advanced degrees (e.g., Master’s) in relevant fields is a pre
• Relevant and recent working experience with a BIG-4 firm is a pre
• Hands-on SAP (ECC, GRC, HANA) experience in running detailed analysis through SAP default t-codes, programs or reports
• Experience with management and implementation of information security risk management standards e.g. NIST or ISO
• Certifications such as ‘Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Sarbanes-Oxley Expert (CSOE) or similar