SOD Internal Controls Consultant

Contract Duration: 12 Months Contract (possible extension) Location: Pune, Maharashtra Position is for 12 months duration with the possibility to extend but not guaranteed. Highlights on the requirements 7-10+ years of relevant experience – technical SAP security as well as business process knowledge to support SOD, able to support system implementations Must be based in Pune India (in office – as per Client policies) and able to cover US Eastern time zones through 11am (the known SOD related projects will be the Kenvue NAS4 integration, EMEA ES4, LAOES4, maybe COUPA…….more western coverage/meetings will be needed) Collaboration with global teams across multiple time zones crossing North America, Europe, Latin America and Asia Pacific Ability to work independently in an international environment Working Model & Expectations Candidates must be based in Pune India and able to cover US Eastern time zones through 11am Collaboration with global teams across multiple time zones crossing North America, Europe, Latin America and Asia Pacific Ability to work independently in an international environment 12 month contract role with potential for extension based on business needs Customers: This role engages with Finance and IT Internal Control teams, Process Owners, Control Owners, SAP Security, Other IT teams, and Internal and External Audit stakeholders across global functions and business units. Position Purpose: This role leads Segregation of Duties (SDD) risk management with accountability for strengthening the design, governance, and monitoring of Segregation of Duties processes.

As an SOD Internal Controls Consultant, you will collaborate with various teams to identify and resolve SOD and sensitive access-related risks, evaluate system user role designs and user assignments, design and maintain the SOD rulesets, and recommend improvements that enhance SOD control effectiveness while supporting operational needs. You will be working primarily in SAP ERP environments, as well as other financial systems, and with Saviynt and Pathlock SOD tools. You will advise stakeholders on access governance matters and SOD risks and ruleset design during process changes, system implementations, robotics and automation initiatives, and organizational or shared service center transitions.

In addition, you will support audit and compliance activities related to ruleset design, role design, provisioning, and SOD monitoring and resolution; provide guidance on remediation of SOD issues; and help ensure the Segregation of Duties framework remains aligned with financial risk and control requirements and company policy. You will be expected to serve as a trusted business partner and contribute to or lead cross-functional initiatives related to Segregation of Duties risk and control design. Key Risk Areas to be managed: Segregation of Duties conflicts arising from inadequate role design or inappropriate user role combinations that provide access beyond job responsibilities or business need.

Sensitive/critical access that allows users to modify master data, override controls, post high-risk transactions, or influence financial reporting outcomes. Deficiencies in SOD ruleset design, role ownership, or access governance processes that reduce the effectiveness of risk prevention and monitoring. Insufficient mitigating controls or delayed remediation of identified access and SOD issues.

Key Controls Responsibilities: Lead SOD risk management activities related to role design, user access, and access governance processes, including oversight of and approvals for the SOD COE team activities. Provide guidance and decision making to business, IT, and SAP Security teams on SOD conflicts, sensitive access, role design, and remediation strategies. Review and assess proposed access changes, role changes, SOD ruleset changes.

Partner with stakeholders to design, implement, and monitor preventive and mitigating controls for access-related risks. Support internal and external audit activities related to SOD governance, access controls, and remediation efforts. Prepare KPI reporting, analysis, and recommendations to support efficient resolution and decision making of SOD conflicts and continuous improvement in access risk management.

Qualifications/Skills Required: Strong knowledge of SOD concepts, sensitive access risk, user provisioning, and SAP role design principles, including SAP Transaction codes, their authorization objects, and how the values in the objects determine the risk level of transaction codes. Understanding of core business processes, financial controls, and how process risk translates into SOD rules and access control requirements. Experience evaluating or supporting access controls within SAP ERP or enterprise systems environments, including collaboration with business and technical teams to align role design with job responsibilities and control requirements.

Strong communication, judgment, and stakeholder management skills, with the ability to clearly explain access risks, SOD or sensitive access conflicts and be accountable for resolutions. Ability to identify SOD and sensitive access risks within user roles and access assignments and recommend practical remediation actions. Experience performing SOD and critical access risk assessments and designing and maintaining SOD and sensitive access rulesets.

Experience supporting system implementations, process changes, or transformation initiatives with a focus on access risk and SOD control requirements. Capability to write realistic and comprehensive test scenarios and test cases for system implementations and experience in end-to-end execution and review of user acceptance testing. Strong ownership, accountability, and ability to independently deliver high-quality results within tight deadlines and competing priorities.

Effective written and verbal communication skills and the ability to build strong cross-functional relationships. Adaptability and sound judgment in managing evolving business needs and regulatory expectations. Education/Experience Required: 7-10+ years of relevant experience in internal controls, audit, compliance, IT security, access governance over access governance and SOD risk management.

Bachelor's degree in accounting, finance, business, information systems, or a related field. Demonstrated ability to lead or influence global cross-functional teams in addressing access governance and SOD risk matters Knowledge of internal control and access governance frameworks such as SOX including ITGC, COSO, and COBIT and the ability to apply them to SOD and user access risk scenarios. Experience with SAP ERP security, SOD ruleset management, and role remediation Experience working in a global organization with complex operations and system landscapes Experience with SOD and access governance tools, experience with Saviynt or Pathlock preferred