We are currently seeking a Manager of Controls Integration.
The Manager of Controls Integration will report to the Director of Controls Integration and will be primarily respon-sible for assessing and driving the effectiveness of IT and Business Process controls across the enterprise. This role will support Control Owners within the Stericycle Business Units across the globe with the use of leading class monitoring tools and practices. The Controls Integration Manager will also conduct gap analysis to identify potential gaps and recommend specific actions to correct process gaps, and design enhancements for internal controls such as segregation of duties, production change management, software management, cyber security, incident handling, identity access, and transmission integrity. The Controls Integration shall work closely with IT, Audit, Business functions, Privacy group, steering committees, and other key stakeholders to ensure strict compliance with global regulatory requirements, standards and policies (i.e. SOX, ASC 606, GDPR, HIPPA, PCI, etc.)
Key Position Activities:
Builds and maintains positive working relationships with stakeholders, including application, process, and control owners along with management in support of IT Risk and Compliance processes and prac-tices.
Gain knowledge and understanding of SAP S/4, SuccessFactors, SalesForce, Descartes, Coupa, Concur and other system configurations as it relates to the design and implementation of automated controls.
Performs targeted risk assessments and provide recommendations to Control Owners (both within IT and business functions).
Maintains the global repository of controls and related controls design and build documentation.
Participates in controls integration scoping activities for IT systems changes and business transformation projects.
Contributor to the design and implementation of enhancements for internal controls such as segregation of duties, change management, access management, workflow, application configuration, etc.
Performs segregation of duties analysis and coordinates remediation efforts with the Business and SAP Security.
Maintains global access control rule sets across SAP, Fiori and various cloud platforms.
Facilitates user entitlement reviews using SAP GRC User Access Review (UAR).
Identifies, communicates and coordinates efforts to resolve control exceptions.
Further implements and deploys continuous control monitoring with SAP GRC Process Controls (PC).
Reviews deficiencies identified during audit or internal assessments and collaborates with the IT Risk & Compliance team to develop and execute remediation plans.
Acts as a liaison to internal/external auditors, fulfilling audit requests and coordinating audit activities with IT stakeholders.
Monitors and reports on the progress of risk mitigation efforts, ensuring target dates are met and extensions are granted.
Participates in weekly team meetings and internal initiatives to review outstanding issues and/or to discuss new trends or projects.
Develops and delivers training workshops, sessions, materials, and presentations to assist process owners, employees, and management with the transition to new processes and controls.
Contributes to various project efforts relating to Vendor Management, External Audit, Information Security, and Enterprise Risk Management.
Develops status reports and key metrics to support the IT Risk and Compliance function.
• Bachelor's degree in Information Systems, Computer Science, Business or related technical discipline (or equivalent)
• 7+ years of relevant work experience
• Familiar with leading practice IT controls frameworks and audit methodologies
• Strong understanding of regulatory concerns impacting SAP environments, including Sarbanes Oxley.
• Intermediate knowledge of evaluating internal controls, developing recommendations, designing and im-plementing solutions
• Past experience with at least 1 full cycle ERP implementation preferred
• SAP functional knowledge a plus
• SAP GRC Access Controls and Process Controls implementation or administration experience preferred
• Background in SAP Security or Identity & Access Management a plus
• Working knowledge of Cyber and Information Security regulatory requirements a plus
• Working knowledge of General Data Privacy Regulation (GDPR) a plus
• IAPP and or CISA certifications a plus
• Experience in conducting SOC report reviews for SaaS or managed service providers a plus
• PC skills and hands-on experience building tools and presentations with Microsoft Word, Excel, PowerPoint, Project, Access
• Basic knowledge of project management principles (planning, organizing, and managing assessment pro-cess)
• Strong interpersonal skills with the ability to work effectively in a matrixed organization
• Ability to work with teams that are geographically distributed and work across different time zones
• Able to work in a fast-paced environment, both independently and as part of a team
• Ability to manage and collaborate with onshore and offshore cross-functional teams
• Strong analytical ability, judgment and problem analysis techniques
• Excellent communication skills (verbal, written, and listening)
• Excellent time management, prioritization and multi-tasking skills