Controls, Risk and Compliance Manager

HCL Job Level

(Risk and Compliance Manager)

Function/ Domain

Controls, Risk and Compliance Manager

Role Location

Noida

Positions

1

Experience

10-12 years

Objective of the Role

1. Strategic risk mgmt. link between processes/functions and stakeholders [Client Controllers; Corp. R&C Internal/External Auditors, Business LT etc.]
2. Responsible for providing guidance & oversight to the first LOD & challenge them to ensure all aspects relating to OR&C are understood, owned & managed appropriately.
3. Proactive monitor, testing & remediate risks and/or other vulnerabilities to ensure policy, procedures and processes are working as intended. This includes and not limited to Operational Risk, InfoSec, Regulatory Compliance [e.g. GDPR, PCI DSS, Cybersecurity, Availability, Processing Integrity, Confidentiality and Privacy]

Job Profile/ Roles and Responsibilities

1. Oversee and work with internal and external stakeholders to effectively manage the controls provided by client to meet control expectations.
2. Provides general controls advisories and guidance to Delivery Managers, Supervisors and Resources
3. Works closely with Controls, Risk and Compliance Team across zones to ensure that clients business and controls objectives are reached in a cost-effective way, and in particular leveraging common tools & industry wide best practices.
4. Spearheading R&C meetings and stewardship, sharing of Controls best practices, key learnings and help develop common tools to better serve the client.
5. Designing, Implementing, Operating, Monitoring, Documenting and Reporting of all Risk & Compliance related activities as part of the engagement. That includes and not limited to SOP, Operational Risk Dashboard, Risk Assessments, Privacy Impact Assessments, Control inventory/catalogs, Error analysis, RCA/CAPA, Change Management, SOX control testing, General operational control testing, and conducting Control related trainings etc.
6. Assist in performance multiple external/internal audits e.g., Sarbanes-Oxley (SOX) audits; Service Organization Control (SOC external mandatory audits), Client internal audits etc.
7. Perform test of controls – TOD and TOE (test of design and effectiveness testing)
8. Pro-actively liaison with client and operations team to maintain a robust R&C environment
9. To assist/suggest/advise the leaders regarding the implementation of compliance programs and trainings
10. Perform process risk assessments and monitor identified risks
11. Actively involved in client/stakeholder interactions and reporting
12. Create and manage effective action plans in response to audit discoveries and compliance violations
13. Regularly audit/review procedures, policies, practices and documentation (e.g. Risk Inventory, SOP, Work Instructions or Job aids, Job Handovers) to identify possible weaknesses and risks

Required Skills/ Experience

1. A seasoned R&C practitioner with sufficient knowledge and background in Finance and Accounting functional domains [e.g. Account Payables, Receivables, Order to Cash, Procure to Pay, and/or Record to Report)
2. Strong communication and coordination skills
3. Ability to effectively communicate and advise senior management
4. Ability to influence without formal authority
5. Ability to work in cross functional organization
6. Exposure to Controls (e.g., prior audit experience, participated in external/internal audits including SOC & SOX audits, etc.); the range of controls experience and exposure might vary.
7. Good to have a CIA, CISA, CISSP certifications.
8. Preferred industry background: Travel, Tourism, Leisure, and Holiday (TTLH) sector

Educational Qualification

• Graduate in any stream

Shift

• Should be ready to work in rotational shifts

Key words: used for profile shortlisting in whatever search engine

Highlighted TOP 5-6 skills in Yellow

• SOX Controls

• SOC Attestation

• Risk Assessment

• Risk Review

• Risk Management
• Governance
• Risk & Compliance
• Policy compliance
• Compliance Review

• Internal & External audit

• Order to Cash

• Accounts Payable

• Finance & Accounting

• Test of controls

• Control design testing
• Control Effectiveness testing
• Legal Compliance
• Change Management
• Quality Assurance
• Third Party Risk
• Vendor Risk Management
• Enterprise Risk Management
• GRC
• Global Risk Compliance
• ITGC
• IT control testing
• Risk governance framework
• CIA
• CISA
• R2R
• P2P
• O2C
• AR