AM.S03800
Function
Responsibilities
The IT Compliance Analyst's primary responsibility within Komatsu is to ensure regulatory compliance and manage risks in Komatu’s IT infrastructure. This encompasses overseeing internal controls to align with Sarbanes-Oxley (SOX) regulations for Japan (J-SOX). Additionally, you play a crucial role in evaluating and maintaining supplier security to meet legal and internal standards, while also facilitating the purchase-to-pay process within the EU ICT department. Furthermore, you contribute to projects like setting up the ISO 27001 audit framework and implementing a Governance, Risk, and Compliance (GRC) tool, aiming to streamline processes and enhance overall organizational efficiency. In essence, your role is to maintain compliance, mitigate risks, and enhance IT governance across Komatsu.
Tasks:
- Internal Control – J-SOX :
- Conducting tests of design and operational effectiveness.
- Assessing and updating required documentation to ensure compliance with Sarbanes-Oxley (SOX) regulations.
- Supplier Security (Information Security):
- Assisting in evaluating new and existing suppliers to ensure their ability to meet ongoing compliance with legal and internal policy and standards.
- Ensuring that information security requirements are addressed when the organization engages (new) suppliers by reviewing and determining the appropriate information security clauses included in contracts with third parties.
- Purchase-to-Pay Process (within EU ICT):
- Initiating requests based on the needs of Business Analysts, Systems Engineers, etc.
- Completing necessary documentation (Financial Authorization, Purchase Orders, contracts, delivery notes).
- Reviewing and processing purchase invoices in the Invoice Service Provider (ISP) system.
- Internal Audit – ISO 2700:
- Assisting in setting up the ISO 27001 audit framework.
- Helping to complete internal ISO 27001 audits for all in-scope European entities.
Profile
Background and experience
- A bachelor's or master's degree in IT, computer science, information systems, cybersecurity, compliance, or a related field.
- Basic understanding of relevant laws and regulations, such as GDPR, SOX, ISO 27001, and so on.
- Willingness to learn and further develop in the field of compliance standards and regulations.
- Fundamental understanding of IT systems, networks, databases, and infrastructure.
- Experience with tools and technologies used for compliance monitoring and reporting, such as GRC (Governance, Risk, and Compliance) tools, vulnerability management tools, and so forth.
Competences
- Analytical and solution-oriented
- Thinking outside the box
- Communicative
Languages
Proficiency in both English and Dutch is preferred. However, proficiency in English alone is also acceptable.
Offer
- You will be actively involved in establishing supplier security and ensuring ISO 27001 compliance for European entities under Komatsu Europe from the outset.
- Lots of growth and training opportunities and freedom within the role.
- International Environment: You will work in a dynamic environment, with colleagues all over Europe;
- Dedicated budget for IT, covering technical and Komatsu-specific in-company programs, as well as theoretical education.
- Structured Framework: Clear expectations, processes, and a transparent path for career development within Komatsu.
- Komatsu is renowned for producing high-quality and durable machinery and equipment used in various industries.
- The company emphasizes innovation in its product development, incorporating advanced technology to enhance efficiency, safety, and environmental sustainability.
- The company focuses on developing eco-friendly technologies and machinery, aiming to reduce environmental impact through efficient fuel consumption and emissions reduction.