Specialist III Business Risk & Controls
Ahold Delhaize USA · Salisbury, NC · 1 wk ago
Hybrid$93k–$139k/yrFull-time
About the role
The Risk & Controls Manager is a core member of the Business Transformation Program Operations team and serves as the business authority for risk, controls, and segregation-of-duties (SoD) requirements across the ERP implementation.
Responsibilities
- Define, document, and govern business process controls across all in-scope ERP processes; ensuring controls reflect key business risks and align with ADUSA Risk & Controls frameworks and standards.
- Contribute to the design criteria and requirements for business process controls during process design, ensuring appropriate risk and control considerations are embedded.
- Own the design and maintenance of SoD rulesets from a business risk perspective, defining unacceptable conflicts, required mitigating controls, and process-driven access principles.
- Drive end-to-end mapping of controls to business process definitions, flows, and global templates, ensuring the control logic follows the process and is consistent across banners and functions.
- Develop and maintain business-owned components of the ERP control documentation, including RACMs, control narratives, process flows, test scripts, and evidence standards; ensuring alignment with ADUSA Risk & Controls documentation standards.
- Identify and communicate control gaps, redundancies, and optimization opportunities; support business owners and ADUSA R&C in developing practical remediation actions with clear timelines and risk prioritization.
- Govern the documentation and design of mitigating controls (including those supporting SoD conflicts) in accordance with ADUSA R&C guidance and business operating realities.
- Serve as the authoritative source of business control requirements for Tech, SAP Security, and GRC teams to translate into system-enforced controls, role design, and access governance processes.
- Review system role designs and access models to ensure alignment to business-defined SoD and control expectations.
- Audit & Assurance Alignment: Coordinate with ADUSA Risk & Controls to understand enterprise audit expectations and ensure business-owned control documentation supports effective audit readiness. Engage Internal Audit and External Audit as needed-via ADUSA R&C-to clarify expectations, understand upcoming assurance needs, and support pre-validation activities of business-owned control documentation and evidence.
- Support the planning and execution of business control testing during SIT/UAT in partnership with program testing teams and ADUSA R&C.
- Represent Business Controls in ERP design sessions, fit-gap workshops, and Business Transformation governance forums, ensuring risk and control requirements are intentionally embedded.
- Provide oversight and challenge to the System Integrator regarding control design completeness and process risk considerations.
- Provide program leadership with transparent reporting on business control readiness, risk exposure, and required decision-making.
- Maintain formal, ongoing alignment with central Risk & Controls team to ensure consistency in frameworks, methodologies, and enterprise audit expectations.
- Maintain cross-functional integration by ensuring business teams understand, adopt, and operate to the approved control designs as part of change readiness and operational transition.
Qualifications
- 8+ years of experience in internal controls, business process risk management, audit, or governance roles supporting end-to-end process transformation or ERP.
- Deep expertise in business process risk & control design within large-scale ERP transformations (preferably SAP), with the ability to translate business risks into control requirements and align documentation to an enterprise Risk & Controls framework.
- Experience collaborating with technology teams to translate business control requirements into system role, SoD principles, and security models.
- Strong knowledge of SOX, COSO, business process controls, and audit methodologies.
- Prominent communication, facilitation, documentation, and stakeholder management skills.
- Proven ability to influence in matrixed environments across business, finance, and technology.
- Ability to articulate risk and control implications of business process design decisions.
- Experience working with internal and external auditors on large transformation programs.
- Ability to manage multiple priorities in a large, fast-moving transformation program.
- Ability to travel up to 25%.
Preferred Qualifications
- Professional certifications: CPA, CIA, CRISC, or CFE.
- Retail grocery/CPG experience with exposure to store ops, merchandising, supply chain, and finance processes.
- Working knowledge of mitigating control design, access governance principles, and SoD frameworks.