Lead - Audit & Compliance Specialist

Job Title Lead - Audit & Compliance Specialist Job Grade: G8/G9A Function: Information Technology Sub-function: Global IT Infrastructure Manager’s Job Title: Head – IT Assurance Skip Level Manager’s Title: Global Head – Infrastructure & Service Assurance Function Head Title: Global Head – Infrastructure & Service Assurance Location: Mumbai No. of Direct Reports (if any) 2-3 Areas Of Responsibility At Sun Pharma, we commit to helping you “Create your own sunshine” — by fostering an environment where you grow at every step, take charge of your journey and thrive in a supportive community. Are You Ready to Create Your Own Sunshine? As you enter the Sun Pharma world, you’ll find yourself becoming ‘Better every day’ through continuous progress. Exhibit self-drive as you ‘Take charge’ and lead with confidence. Additionally, demonstrate a collaborative spirit, knowing that we ‘Thrive together’ and support each other’s journeys.” Job Summary: The Lead – Audit & Compliance Specialist plays a strategic and hands-on role in managing IT audits, compliance requirements, and risk mitigation initiatives across Sun Pharma's global IT landscape. This role is responsible for planning, coordinating, and executing internal and external IT audits, ensuring adherence to global compliance standards including SOX, GxP, and other regulatory frameworks. The incumbent will work across functions and geographies to embed a culture of compliance, maintain audit readiness, and strengthen IT governance. Key Responsibilities Audit Lifecycle Management Lead and coordinate global IT audits, including preparation, evidence gathering, walkthroughs, and response submission. Manage the end-to-end lifecycle of audit findings, including tracking, remediation, and closure validation. Compliance & Regulatory Adherence Ensure IT compliance with GxP, SOX, ISO, and other applicable frameworks across infrastructure and service domains. Collaborate with internal stakeholders to implement global policies and ensure readiness for inspections. Documentation & Governance Maintain comprehensive documentation for IT controls, SOPs, risk registers, and mitigation actions. Establish audit dashboards and maintain compliance scorecards by geography and function. Internal Awareness & Training Drive audit and compliance awareness across IT teams through workshops, readiness drills, and role-based training. Continuous Improvement Identify compliance gaps and propose process enhancements or automation opportunities to reduce risk exposure. Specialized Knowledge Requirements Strong understanding of global regulatory standards including SOX, GxP, and ISO Experience with IT general controls (ITGC), audit frameworks, and risk management tools (e.g., Archer, ServiceNow GRC) Familiarity with ITSM/ITIL processes and audit mapping across Change, Incident, Problem, and Asset Management Exposure to Pharma or highly regulated industries is preferred Internal Stakeholders and Nature of Interaction CIO / Head of IT Service Assurance: Strategic guidance, audit governance, and risk updates Service Assurance, Infra, Cloud, and Application Leads: Evidence coordination, control implementation, RCA collaboration ITBPs, PMO, and HR Compliance: Policy alignment, audit readiness training, and data consistency External Stakeholders and Nature of Interaction Internal & External Auditors: Direct interaction during audit planning, walkthroughs, and evidence presentation Regulatory Inspectors: Respond to inspection findings and ensure documentation and controls are validated Consultants / Third-party Advisors: Best practices adoption, controls benchmarking, and co-sourcing guidance External Interaction % Approximately 30–40% of role involves active engagement with auditors, regulatory bodies, and external advisors Nature of Communication Highly structured communication involving formal documentation, audit reports, control narratives, and risk dashboards Strategic presentation of findings to senior leadership and external stakeholders Tactical and operational interactions across teams to ensure data accuracy and audit response readiness Role Played in Negotiations Key influencer in discussions around audit scoping, remediation timelines, and closure sign-off Collaborates with Legal and Compliance teams on the language and commitments in control response narratives Key Decision-Making Expected Assessment of audit risk severity and prioritization of remediation actions Selection and implementation of compliance tools or frameworks for specific geographies or domains Recommendation of policy updates based on new or evolving regulatory standards Key Challenges for the Role Managing diverse compliance obligations across multiple jurisdictions Ensuring consistent and timely audit responses across distributed IT teams Driving cultural shift toward proactive compliance ownership Addressing historical non-compliance in legacy systems Extent and Nature of Innovation Required for the Role High degree of innovation required in designing automation for compliance workflows, dashboards, and evidence management Leveraging analytics to detect non-compliance trends and trigger preventive controls Enhancing audit readiness using AI-enabled documentation checks and control testing tools Job Requirements Educational Qualification: Master's in Information Technology, Risk Management, or related field Certifications: CISA, CRISC, or equivalent certifications are preferred ITIL and GRC platform certification (ServiceNow, Archer, etc.) Experience: 8+ years of experience in IT audit, risk, and compliance roles Exposure to global audit environments and regulated industries (pharma/healthcare preferred) Skills: Risk-based audit planning and control design Cross-functional collaboration and stakeholder management Tools-based audit management and compliance analytics Travel Estimate 30% Job Scope Internal Interactions (within the organization) CIO, Lead – IT Infrastructure NAM, ITBPs, PMO, Digital CoE. Internal Stakeholders and Nature of Interaction CIO / Head of IT Service Assurance: Strategic guidance, audit governance, and risk updates Service Assurance, Infra, Cloud, and Application Leads: Evidence coordination, control implementation, RCA collaboration ITBPs, PMO, and HR Compliance: Policy alignment, audit readiness training, and data consistency External Interactions (outside the organization) External Stakeholders and Nature of Interaction Internal & External Auditors: Direct interaction during audit planning, walkthroughs, and evidence presentation Regulatory Inspectors: Respond to inspection findings and ensure documentation and controls are validated Consultants / Third-party Advisors: Best practices adoption, controls benchmarking, and co-sourcing guidance External Interaction % Approximately 30–40% of role involves active engagement with auditors, regulatory bodies, and external advisors Geographical Scope Global Financial Accountability (cost/revenue with exclusive authority) Cost of risk, quantification, remediation. Job Requirements Educational Qualification Masters in Information Systems, Engineering, or related field Specific Certification CISA, CRISC, or equivalent certifications are preferred. ITIL and GRC platform certification (ServiceNow, Archer, etc.) Skills Risk-based audit planning and control design. Cross-functional collaboration and stakeholder management. Tools-based audit management and compliance analytics Experience 12-15+ years of experience in IT audit, risk, and compliance roles. Exposure to global audit environments and regulated industries (pharma/healthcare preferred) Your Success Matters to Us At Sun Pharma, your success and well-being are our top priorities We provide robust benefits and opportunities to foster personal and professional growth. Join us at Sun Pharma, where every day is an opportunity to grow, collaborate, and make a lasting impact. Let’s create a brighter future together Disclaimer: The preceding job description has been designed to indicate the general nature and level of work performed by employee within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees as assigned to this job. Nothing herein shall preclude the employer from changing these duties from time to time and assigning comparable duties or other duties commensurate with the experience and background of incumbent(s).