Job Purpose:
The role is accountable for designing, governing, and continuously enhancing the Segregation of Duties (SoD) framework across global Finance systems and processes at GSK.
This role serves as the central authority for SoD risk management within Finance , ensuring that access-related risks are proactively identified, mitigated, and governed in line with SOX/ICFR requirements. It balances robust control oversight with business enablement by driving pragmatic, risk-based solutions that support an efficient control environment.
A key focus is to transform and optimise the current SoD monitoring approach , reducing manual effort and cost of compliance while strengthening risk visibility and control effectiveness through automation and advanced analytics.
Given the high audit sensitivity of SoD, this role provides strategic oversight of enterprise-wide SoD exposure , ensuring risks are maintained within acceptable thresholds and aligned with GSK’s global control standards.
Key Responsibilities:
SoD Governance & Framework Ownership
Own and govern the global ERP SoD framework, including risk definitions, rulesets, control mappings, and monitoring methodologies
Define SoD risk tolerance levels and exception handling protocols in collaboration with Tech Governance, Risk, and Compliance (GRC) teams
Act as the single point of accountability within Finance for determining and overseeing SoD risk
Risk Identification, Monitoring & Mitigation
Identify, assess, and monitor SoD conflicts across Finance and business systems globally in line with SOX/ICFR requirements
Design and implement sustainable mitigating controls where conflicts cannot be eliminated
Manage and oversee the exception process for users with residual SoD risks, ensuring appropriate mitigation measures are in place
Stakeholder Management & Influence
Partner with business, Tech, and Access Management teams to drive acceptable levels of SoD risk
Influence ERP role design to proactively prevent high-risk conflicts
Lead remediation planning and execution for critical SoD risk exposures
Audit & Compliance
Ensure all SoD risks, exceptions, and remediation activities are documented, auditable, and compliant
Act as a key interface with internal and external auditors, ensuring alignment with SOX compliance expectations
Support audit processes by providing clear evidence, insights, and risk transparency
Reporting & Insights
Deliver regular SoD risk reporting to senior leadership, including trends, root causes, and control effectiveness
Provide data-driven insights to support decision-making and risk prioritisation
Continuous Improvement & Transformation
Drive optimisation of the SoD framework through:
Role redesign and simplification
Continuous controls monitoring (CCM)
Automation and digital solutions (e.g., Process Mining, AI/Agentic tools)
Identify opportunities to balance risk coverage with cost efficiency across compliance programs
Lead initiatives to modernise SoD monitoring, reducing manual intervention and enhancing scalability
Technology & Advanced Analytics
Leverage advanced tools (e.g., process mining, analytics platforms) to monitor user activity and detect conflicting transactions
Provide visibility of key risk exposures and remediation progress to leadership and audit stakeholders
Qualified Chartered Accountant (CA)
7years of experience in risk management, internal controls, audit, or compliance
Functional Expertise
Strong knowledge of SOX/ICFR compliance frameworks
Deep understanding of SoD risks within ERP environments (SAP preferred)
Experience with GRC tools, risk rulesets, access controls, and mitigating controls
Exposure to audit management and regulatory risk governance
Technical & Analytical Skills
Expertise in SoD risk analysis and ERP role design optimisation
Experience with process mining, continuous controls monitoring, and automation
Strong data analysis, reporting, and insight generation capabilities
Skills
Financial Reporting Controls, Internal Control Over Financial Reporting (IFCR), SOD Analysis, SOX Compliance Audit
Why GSK?
Uniting science, technology and talent to get ahead of disease together.
GSK is a global biopharma company with a purpose to unite science, technology and talent to get ahead of disease together. We aim to positively impact the health of 2.5 billion people by the end of the decade, as a successful, growing company where people can thrive. We get ahead of disease by preventing and treating it with innovation in specialty medicines and vaccines. We focus on four therapeutic areas: respiratory, immunology and inflammation; oncology; HIV; and infectious diseases – to impact health at scale.
People and patients around the world count on the medicines and vaccines we make, so we’re committed to creating an environment where our people can thrive and focus on what matters most. Our culture of being ambitious for patients, accountable for impact and doing the right thing is the foundation for how, together, we deliver for patients, shareholders and our people.
Inclusion at GSK:
As an employer committed to Inclusion, we encourage you to reach out if you need any adjustments during the recruitment process.
Please contact our Recruitment Team at [email protected] to discuss your needs.
Important notice to Employment businesses/ Agencies
GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.
It has come to our attention that the names of GlaxoSmithKline or GSK or our group companies are being used in connection with bogus job advertisements or through unsolicited emails asking candidates to make some payments for recruitment opportunities and interview. Please be advised that such advertisements and emails are not connected with the GlaxoSmithKline group in any way.
GlaxoSmithKline does not charge any fee whatsoever for recruitment process. Please do not make payments to any individuals / entities in connection with recruitment with any GlaxoSmithKline (or GSK) group company at any worldwide location. Even if they claim that the money is refundable.
If you come across unsolicited email from email addresses not ending in gsk.com or job advertisements which state that you should contact an email address that does not end in “gsk.com”, you should disregard the same and inform us by emailing [email protected] , so that we can confirm to you if the job is genuine.
