Key responsibilities:

• Process and system expertise from SOD (Segregation of duty) perspective, continuously enrich process knowledge through partnering with IT, Business and FC&C community.
• Risk Reduction- work closely with the Risk Owners / Process Owners to complete User Access Review, Segregation of Duties and Critical Action reviews effectively and timely.
• Collaborate with stakeholders to evaluate the Segregation of Duties conflicts in SAP and other applications and consult with business units in reducing the SoD conflicts and/or implementing mitigation controls to address risk.
• Perform quarterly SOD certifications with respective risk owners and drive continuous access controls improvement, define, and implement solutions.
• Continuously share the latest access controls updates, best practices, and access controls learnings with both FC&C as well as non-FC&C community, train role owners and risk owners on access controls.
• Drive automations across the SoD and Access Control area to continuously improve the process and challenge the status quo.
• Ensure transparent, reliable, and agile stakeholder management People management, incl. ensuring a high-performance work culture. Ensure workload balancing of the team supporting multiple initiatives, strong focus on Continuous Improvement initiatives, support transitions and knowledge transfer, monitoring critical deliverables.
• Support in ensuring Low number of internal control deficiencies, Timely reporting of the control deficiencies to local and global stakeholders, Maintain and improve customer service, Adherence to SOX timelines and SOX 404 attestation processes, Internal and external audits, if required and support for remediation of agreed action

Essential Requirements:

• B.Com/B.Tech/MBA/CA
• 3-8 years of post-qualification experience (incl. IT Application Controls and SAP GRC, SAP security concepts)
• Expert with SAP GRC Access Controls and SAP authorization concepts primarily in ECC, S/4 HANA.
• Expert on SAP role design, SAP transactions, Authorization Objects, Org Values, Risk & Role Ownership, and have a good understanding of business processes in SAP environment from access and process controls perspective.
• Prior working experience in a large Audit firm, preferably Big-4 Internal/Statutory/ SOX 404 Audit.
• Information System Auditor (CISA) / Information Security Manager (CISM) Certification

Desirable Requirements:

• Having prior experience in process automation and digital tools such as Microsoft Power Automate, BOTs, Power BI, and Alteryx would be added advantage.