Lead - Audit & Compliance Specialist

Job Title

Lead - Audit & Compliance Specialist

Job Grade:

G8/G9A

Function:

Information Technology

Sub-function:

Global IT Infrastructure

Manager's Job Title:

Head – IT Assurance

Skip Level Manager's Title:

Global Head – Infrastructure & Service Assurance

Function Head Title:

Global Head – Infrastructure & Service Assurance

Location:

Mumbai

No. of Direct Reports (if any)

2-3

Areas Of Responsibility

At Sun Pharma, we commit to helping you "Create your own sunshine"— by fostering an environment where you grow at every step, take charge of your journey and thrive in a supportive community.

Are You Ready to Create Your Own Sunshine?

As you enter the Sun Pharma world, you'll find yourself becoming 'Better every day' through continuous progress. Exhibit self-drive as you 'Take charge' and lead with confidence. Additionally, demonstrate a collaborative spirit, knowing that we 'Thrive together' and support each other's journeys."

Job Summary:

The Lead – Audit & Compliance Specialist plays a strategic and hands-on role in managing IT audits, compliance requirements, and risk mitigation initiatives across Sun Pharma's global IT landscape. This role is responsible for planning, coordinating, and executing internal and external IT audits, ensuring adherence to global compliance standards including SOX, GxP, and other regulatory frameworks. The incumbent will work across functions and geographies to embed a culture of compliance, maintain audit readiness, and strengthen IT governance.

Key Responsibilities

1. 
   
2. Audit Lifecycle Management

• Lead and coordinate global IT audits, including preparation, evidence gathering, walkthroughs, and response submission.
• Manage the end-to-end lifecycle of audit findings, including tracking, remediation, and closure validation.

Compliance & Regulatory Adherence

• Ensure IT compliance with GxP, SOX, ISO, and other applicable frameworks across infrastructure and service domains.
• Collaborate with internal stakeholders to implement global policies and ensure readiness for inspections.

Documentation & Governance

• Maintain comprehensive documentation for IT controls, SOPs, risk registers, and mitigation actions.
• Establish audit dashboards and maintain compliance scorecards by geography and function.

Internal Awareness & Training

• Drive audit and compliance awareness across IT teams through workshops, readiness drills, and role-based training.

Continuous Improvement

• Identify compliance gaps and propose process enhancements or automation opportunities to reduce risk exposure.

Specialized Knowledge Requirements

• Strong understanding of global regulatory standards including SOX, GxP, and ISO 27001
• Experience with IT general controls (ITGC), audit frameworks, and risk management tools (e.g., Archer, ServiceNow GRC)
• Familiarity with ITSM/ITIL processes and audit mapping across Change, Incident, Problem, and Asset Management
• Exposure to Pharma or highly regulated industries is preferred

Internal Stakeholders and Nature of Interaction

• CIO / Head of IT Service Assurance: Strategic guidance, audit governance, and risk updates
• Service Assurance, Infra, Cloud, and Application Leads: Evidence coordination, control implementation, RCA collaboration
• ITBPs, PMO, and HR Compliance: Policy alignment, audit readiness training, and data consistency

External Stakeholders and Nature of Interaction

• Internal & External Auditors: Direct interaction during audit planning, walkthroughs, and evidence presentation
• Regulatory Inspectors: Respond to inspection findings and ensure documentation and controls are validated
• Consultants / Third-party Advisors: Best practices adoption, controls benchmarking, and co-sourcing guidance

External Interaction %

• Approximately 30–40% of role involves active engagement with auditors, regulatory bodies, and external advisors

Nature of Communication

• Highly structured communication involving formal documentation, audit reports, control narratives, and risk dashboards
• Strategic presentation of findings to senior leadership and external stakeholders
• Tactical and operational interactions across teams to ensure data accuracy and audit response readiness

Role Played in Negotiations

• Key influencer in discussions around audit scoping, remediation timelines, and closure sign-off
• Collaborates with Legal and Compliance teams on the language and commitments in control response narratives

Key Decision-Making Expected

• Assessment of audit risk severity and prioritization of remediation actions
• Selection and implementation of compliance tools or frameworks for specific geographies or domains
• Recommendation of policy updates based on new or evolving regulatory standards

Key Challenges for the Role

• Managing diverse compliance obligations across multiple jurisdictions
• Ensuring consistent and timely audit responses across distributed IT teams
• Driving cultural shift toward proactive compliance ownership
• Addressing historical non-compliance in legacy systems

Extent and Nature of Innovation Required for the Role

• High degree of innovation required in designing automation for compliance workflows, dashboards, and evidence management
• Leveraging analytics to detect non-compliance trends and trigger preventive controls
• Enhancing audit readiness using AI-enabled documentation checks and control testing tools

Job Requirements

Educational Qualification:

• Master's in Information Technology, Risk Management, or related field

Certifications:

• CISA, CRISC, or equivalent certifications are preferred
• ITIL and GRC platform certification (ServiceNow, Archer, etc.)

Experience:

• 8+ years of experience in IT audit, risk, and compliance roles
• Exposure to global audit environments and regulated industries (pharma/healthcare preferred)

Skills:

• Risk-based audit planning and control design
• Cross-functional collaboration and stakeholder management
• Tools-based audit management and compliance analytics

Travel Estimate

30%

Job Scope

Internal Interactions (within the organization)

CIO, Lead – IT Infrastructure NAM, ITBPs, PMO, Digital CoE. Internal Stakeholders and Nature of Interaction

• CIO / Head of IT Service Assurance: Strategic guidance, audit governance, and risk updates
• Service Assurance, Infra, Cloud, and Application Leads: Evidence coordination, control implementation, RCA collaboration
• ITBPs, PMO, and HR Compliance: Policy alignment, audit readiness training, and data consistency

External Interactions (outside the organization)

External Stakeholders and Nature of Interaction

• Internal & External Auditors: Direct interaction during audit planning, walkthroughs, and evidence presentation
• Regulatory Inspectors: Respond to inspection findings and ensure documentation and controls are validated
• Consultants / Third-party Advisors: Best practices adoption, controls benchmarking, and co-sourcing guidance

External Interaction %

• Approximately 30–40% of role involves active engagement with auditors, regulatory bodies, and external advisors

Geographical Scope

Global

Financial Accountability (cost/revenue with exclusive authority)

Cost of risk, quantification, remediation.

Job Requirements

Educational Qualification

Masters in Information Systems, Engineering, or related field

Specific Certification

CISA, CRISC, or equivalent certifications are preferred. ITIL and GRC platform certification (ServiceNow, Archer, etc.)

Skills

Risk-based audit planning and control design. Cross-functional collaboration and stakeholder management. Tools-based audit management and compliance analytics

Experience

12-15+ years of experience in IT audit, risk, and compliance roles. Exposure to global audit environments and regulated industries (pharma/healthcare preferred)

Your Success Matters to Us

At Sun Pharma, your success and well-being are our top priorities We provide robust benefits and opportunities to foster personal and professional growth. Join us at Sun Pharma, where every day is an opportunity to grow, collaborate, and make a lasting impact. Let's create a brighter future together

Disclaimer: The preceding job description has been designed to indicate the general nature and level of work performed by employee within this classification.  It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees as assigned to this job.  Nothing herein shall preclude the employer from changing these duties from time to time and assigning comparable duties or other duties commensurate with the experience and background of incumbent(s).

---