Application Controls Principal

Basic Function

An Application Controls Principal plays a vital role in managing the complex organization, execution, and optimization of the organization's SAP and non-SAP security controls. 

An Application Controls Principal must lead a team that has primary responsibility for end-to-end controls monitoring, validation, quality assurance, and improvement activities. In addition to the Application Controls Principal leading a dedicated IT Operations-based team, this role must act as a primary point of contact for all IT controls activities and be accountable to the Internal Controls, Governance/Risk/Compliance,  Audit departments, and Senior Leadership. 

This role will develop long-term strategies in partnership with Control Owners for controls execution and prioritize the team’s activities to ensure zero deficiencies in internal and external testing scenarios. This role will have ultimate responsibility for the remediation of areas of risk and is responsible for communicating status of IT controls, audit findings, remediation efforts, and long-term plans to senior leadership on a recurring basis. 

This role requires intensive collaboration to ensure successful execution of all continuous and periodic control activities.
 

Roles & Responsibilities

•    Accountable for the IT controls program direction and influence, including overarching IT controls approach (defining controls, rewriting as necessary, launching renewed IT controls execution, etc.).
•    Accountable for aligning non-SAP and SAP controls approach, harmonizing control automations, process efficiencies, and overall controls simplicity.
•    Accountable for all IT controls activities including monitoring, validation, quality assurance, and improvement activities.Champion adoption of comprehensive application security processes, procedures, and guidelines, ensuring adherence to security best practices.
•    Oversee the development of systems and integrations to drive greater automation and remove areas of human error.
•    Act as Subject Matter Expert on all IT controls with internal and external auditors during IT audits.
•    Regularly assess the program for effectiveness – continuously monitor defined metrics and indicators and quickly adapt to changing requirements.
•    Operationalize team activities to be able to scale with changing IT controls requirements (additional SOx-relevant applications, systems, etc.).
•    Prepare regular reports on team outcomes and initiatives for senior leadership or enterprise-wide distribution.
•    Review existing processes and product architectures for IT control security design gaps and vulnerabilities and consult with product teams and cyber security to remediate or mitigate cyber risk.
•    Provide strategic oversight to remediations proposed, influencing the technical direction of IT controls improvements.
•    Provide strategic leadership and creative thinking to help various technical delivery teams through the project lifecycle.
•    Manage a team of resources who proactively monitor IT security controls (data validation, authorization, encryption, audit logging, etc.) for key applications (on-premises and cloud-based) to identify weaknesses and potential vulnerabilities.

Min. Qualifications

•    Bachelor's degree in Information Technology, Computer Science, or a related field (preferred).
•    7+ years of experience in IT security controls analysis, IT audit, or a similar role.
•    Expert knowledge of IT security controls and best practices (data validation, authorization, encryption, audit logging, etc.).
•    Proven experience in identifying, analyzing, and remediating non-SAP control deficiencies.
•    In-depth understanding of security concepts, including authorization, segregation of duties, and user access review management
•    Experience with tools such as ServiceNow or security tools and technologies used for control monitoring and analysis
•    Understanding of cloud security concepts and technologies and on-prem technologies
•    SOX knowledge, in addition to experience of implementing/auditing against US SOx IT framework control.
•    3 years of experience supporting software security governance and compliance activities, i.e. metrics, assessments, audits, exercises, risk frameworks, and maturity models
•    Experience leading a team of resources and prioritizing complex activities and outcomes
•    Identity and Access Management exposure
•    Application Security Principles and Best Practices exposure 
•    Security Tools and Technologies exposure
•    Application cloud and on prem logic and data layer architecture, inc SQL, Oracle and Azure.

Preferred Qualifications

•    Experience with security automation tools and scripting languages (e.g., Python, PowerShell).
•    Experience with SharePoint and project management tools.
•    Familiarity with GAAP and financial reporting.
 

Competencies

We Offer

We offer an environment where we encourage personal and professional growth and where you will be rewarded for your performance and results. You will have the possibility to work with specialist on all fields to develop innovative solutions and to extend your national and international network. In addition, we offer you a competitive salary and benefits package.

The Company's Global Remote Work Policy allows eligible employees the option to work up to three days a week from home.

LyondellBasell is committed to advancing diversity, equity & inclusion (DEI) to ensure a positive experience for all employees.
 

Application & Contact

Please send us your resume via the application button.

If you would like to learn more, please feel free to contact Martyna Piechowiak, Talent Acquisition Specialist at martyna.piechowiak@lyondellbasell.com 

#LI-MP1  #LI-Hybrid