Mgr, Security Controls & Compliance

About The Position

Requirements

• Bachelor’s degree in Accounting, Finance, Business, Information Systems, IT, or related discipline (or equivalent experience) required
• 7 years of demonstrated experience leading internal controls, compliance, audit coordination, or risk management work in a complex business and technology environment
• Experience coordinating walkthroughs, testing, evidence collection, and remediation activities with auditors and control owners.
• Strong working knowledge of SOX/internal controls concepts and evidence standards
• Understanding of application security concepts, role-based access control (RBAC), and Segregation of Duties (SoD) risk
• Strong program/project management skills
• Ability to translate technical control/security topics into clear business-facing communications.
• Experience supporting Oracle Cloud ERP / Oracle ERP security or comparable software, roles/privileges governance, and/or GRC tooling (e.g., Oracle Risk Management or equivalent)
• Experience with change/release management controls and IPE/IUC testing coordination.

Responsibilities

• Lead and coordinate engagements with auditors and compliance stakeholders (Deloitte, Internal Controls & Compliance (ICC)/SOX, and Internal Audit).
• Organize and facilitate control walk-throughs; manage evidence requests and follow-up responses; maintain relationships with control owners/performers; and plan team work activities to minimize impact in the EF Agile environment.
• Oversee day-to-day execution and monitoring of the AFT control landscape across Enterprise Foundation (EF) applications (automated and manual controls, including logic access and change management).
• Assign work, remove blockers, and ensure consistent evidence quality.
• Discuss potential deficiencies with relevant stakeholders; document deficiencies; assign ownership; establish remediation timelines; and monitor remediation progress to completion.
• Partner with Security and Technology Enablement to support security management activities (role creation/modification, access approvals, and entity administration in Cool Compliance).
• Coordinate Segregation of Duties (SoD) questionnaires/assessments (including cross-application assessments) and support periodic access certification and improvements that shift from manual detective controls toward preventive/automated enforcement.
• Assess impacts of releases/patches/bug fixes and business process changes on controls for Key Financial Applications, ensuring required controls are tested/performed and operating as designed.
• Develop the team’s skillset and competency in Compliance & Controls and Security through standard work, cross-training, and coverage planning for key compliance cycles.
• Provide management oversight for day-to-day business access security operations, including Cool Compliance role access approvals across EF applications; entity administration for Oracle and business systems; role exception evaluation and documented risk assessments; user troubleshooting and access-needs determination; maintenance of role matrices, privilege change logs, and required evidence; and manual access provisioning when C2 automation is not feasible.
• Ensure clear separation of duties between requestor/approver/provisioner activities, adherence to defined approval routing, and alignment to the Oracle Business Access Security Approval RACI (Responsible vs Consulted).
• Establish and monitor service expectations and key metrics for access governance activities (e.g., approval cycle time, exception volume/aging, manual provisioning volume, and rework/quality trends).
• Ensure periodic access reviews/recertifications and SoD/risk-based reviews are completed on schedule and that audit-ready evidence is consistently retained for access approvals, role exceptions, entity administration, privilege changes, and manual provisioning (including required approvals and documentation when automation is not available).

Benefits

• Competitive base salary
• Annual incentive awards for eligible employees
• Health, welfare and retirement benefits designed to support physical, financial, and emotional/social well-being
• Additional compensation, such as an incentive program