Gsk
Assistant Manager- SOD Optimisation and Monitoring
Company
Role
Assistant Manager- SOD Optimisation and Monitoring
Location
India
Job type
Full time
Posted
2 days ago
Salary
Job description
JOB PURPOSE:
The SOD Optimisation and Monitoring role is responsible for designing, monitoring and continuously improving the Segregation of Duties (SOD) framework across global systems and processes in Finance. The role governs the global Segregation of Duties framework at GSK which includes managing the ERP risk ruleset with adequate mitigating controls and ensuring conflicting access risks are identified, mitigated and governed effectively, while enabling business operations through pragmatic, risk-based solutions that support SOX/ICFR compliance and a strong control environment.
The role is responsible to drive optimization opportunities on current SoD monitoring manual approach and contribute to a more effective and efficient management of users SoD conflicts, reducing cost of controls monitoring for GSK
Purpose: The SoD role is meant to be the only role in Finance that will determine the level of SoD risk for all Finance users across GSK. This is a high audit risk area and requires adequate risk management framework and oversight to ensure exposure level is maintained to an acceptable level
KEY ACTIVITIES/ RESPONSIBILITIES:
Own and govern the global ERP SOD framework, including SoD risk definitions, SoD risk rulesets, controls mapping and monitoring approach, responsible for defining and risk tolerance levels as well as user exception procedures, in collaboration with Tech Governance, Risk and Compliance team.
Identify, assess and monitor SOD conflicts across finance and business systems in line with SOX/ICFR requirements for all user groups globally.
Design and implement mitigating controls where SOD conflicts cannot be eliminated, ensuring they are effective and sustainable.
Partner with business, Tech and access management teams to drive acceptable level of SoD risk in the organization, influence ERP roles design to avoid unacceptable SoD risks and design and implement remediation plans for high-risk SOD issues.
Ensure SOD issues, exceptions and remediation actions are clearly documented and audit-ready.
Drive relationship with external and internal auditors regarding existing SoD risks and ensure GSK SoD risk management framework is within SOX compliance.
Provide SOD risk reporting and insights to senior management, including trends, root causes and control effectiveness.
Continuously optimise SOD risk management framework through role redesign, continuous controls automation and improved governance of risk ruleset.
Deliver continuous improvement programs for evolving SoD conflicts with a high-risk focus, leveraging understanding of processes risks and controls at the transactional level and leveraging digital solutions (e.g. Process Mining, Agentic AI, etc).
Identify and deliver further optimization opportunities to balance cost of compliance for GSK – from scoping, planning, monitoring and reporting on SOX / ICFR compliance programs
Design of risk management framework for SoD risk in ERP – in collaboration with GRC team in Tech – as GRC will execute any changes on the risk ruleset in SAP and any exceptions to be granted to users
Oversee overall level of SoD across all users for GSK and ensure maintained to an acceptable level for the enterprise, as this is part of the GSK control environment and high risk area.
Levering advanced technology – e.g. process mining – to monitor users conflicting transactions and ensure adequate risk mitigation for those and/or risk remediation going forward and provide visibility to senior management on major exposures and remediation plans for those, as well as to inform external auditors and other risk functions (e.g. Audit & Assurance) during their audit procedures and align on level of risk
Manage the exception process for ERP users with unacceptable SoD conflicts and ensure mitigation for those.
Ensure all of the above is evidenced and can be provided for any third-party audit review.
QUALIFICATIONS AND EXPERIENCE:
Chartered Accountant or master's in business administration and finance
Minimum 5years of professional experience required
Strong knowledge of SOX / ICFR compliance and internal control frameworks
Deep understanding of Segregation of Duties risks in ERP environments (SAP preferred)
Experience with GRC, risk rulesets, access controls, and mitigating controls
Audit management and regulatory risk governance
Technical & Analytical Skills
ERP SoD risk analysis and role design optimisation
Exposure to process mining, continuous controls monitoring, and automation
Strong data analysis, reporting, and risk insight generation
Why GSK?
Uniting science, technology and talent to get ahead of disease together.
GSK is a global biopharma company with a purpose to unite science, technology and talent to get ahead of disease together. We aim to positively impact the health of 2.5 billion people by the end of the decade, as a successful, growing company where people can thrive. We get ahead of disease by preventing and treating it with innovation in specialty medicines and vaccines. We focus on four therapeutic areas: respiratory, immunology and inflammation; oncology; HIV; and infectious diseases – to impact health at scale.
People and patients around the world count on the medicines and vaccines we make, so we’re committed to creating an environment where our people can thrive and focus on what matters most. Our culture of being ambitious for patients, accountable for impact and doing the right thing is the foundation for how, together, we deliver for patients, shareholders and our people.
Inclusion at GSK:
As an employer committed to Inclusion, we encourage you to reach out if you need any adjustments during the recruitment process.
Please contact our Recruitment Team at IN.recruitment-adjustments@gsk.com to discuss your needs.
Important notice to Employment businesses/ Agencies
GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.
It has come to our attention that the names of GlaxoSmithKline or GSK or our group companies are being used in connection with bogus job advertisements or through unsolicited emails asking candidates to make some payments for recruitment opportunities and interview. Please be advised that such advertisements and emails are not connected with the GlaxoSmithKline group in any way.
GlaxoSmithKline does not charge any fee whatsoever for recruitment process. Please do not make payments to any individuals / entities in connection with recruitment with any GlaxoSmithKline (or GSK) group company at any worldwide location. Even if they claim that the money is refundable.
If you come across unsolicited email from email addresses not ending in gsk.com or job advertisements which state that you should contact an email address that does not end in “gsk.com”, you should disregard the same and inform us by emailing askus@gsk.com, so that we can confirm to you if the job is genuine.