Internal Controls Manager

Description

Purpose of role:

Lead the execution of SOX compliance for key financial processes operating within the Budapest Shared Services Center. Partner with SSC process owners to design document and enhance controls driving timely remediation of any deficiencies. Support the standardization automation and scaling of controls as new processes and entities transition into the SSC ensuring a robust and efficient control environment.

Essential Responsibilities:

Main responsibilities

• Plan and execute SOX compliance activities for all in-scope SSC-owned processes aligning with the global SOX scoping and testing strategy.
• Guide and support SSC control owners and process leads on control design documentation (RACMs/flowcharts) and effective operation; ensure all testing evidence is audit-ready.
• Coordinate extensively with the IT SOX team on IT-dependent controls key report/IPE (Information Produced by Entity) validations and automated controls operating within the SSC.
• Act as the primary SOX liaison for the Budapest SSC coordinating with External Audit during all phases of walkthroughs and testing and with Internal Audit to ensure efficient coordination.
• Support the quarterly SOX 302 certification process by providing SSC-level attestations and inputs on control effectiveness.
• Hands on leader/expert to ensure high-quality work is performed and timely completion of testing plans.

Tasks

• Perform end-to-end walkthroughs of SSC processes; update process maps and flowcharts; confirm key controls control owners and testing sample sizes.
• Test the design and operating effectiveness of key controls; thoroughly document results and conclusions in the SOX repository/tool.
• Raise track and validate control deficiencies and remediation plans with SSC process owners.
• Support the validation of User Access Reviews (UARs) Joiner/Mover/Leaver (JML) processes and privileged access reviews performed by the SSC and IT teams.
• Ensure GDPR-compliant handling of all personal data evidence and coordinate with Hungarian HR/Legal on any local compliance matters as needed.
• Conduct regular check-ins and provide training on SOX methodologies and best practices for junior Analyst(s) and SSC control owners.

Main interfaces/ stakeholders:

• Internal:SSC Leadership; SSC Process Leads (R2R P2P O2C); Global Process Owners (GPOs); Finance/Business leaders of supported entities; IT SOX; Internal Audit.
• External:External Auditors.

Key Performance Indicators and Role Dimensions:

• On-time and audit-ready completion of all SSC-related SOX walkthroughs testing and quarterly submissions.
• % of SSC key controls operating effectively (>95%); reduction in repeat deficiencies.
• Timeliness of UAR and termination access reviews (as applicable to SSC processes).
• Average time to close remediation plans; quality scores on testing documentation.
• Progress on control standardization and automation initiatives within the SSC.

Qualifications / Requirements:

• Key professional project or leadership experience:
  • 57 years of progressive experience in SOX/ICFR external audit or internal audit within a large multi-national public company.
  • Experience in a Shared Services (SSC) or BPO within global manufacturing environment is highly desirable.
  • Strong knowledge of COSO 2013 framework SEC SOX 302/404 requirements and PCAOB auditing standards.
  • Proven experience guiding control owners and improving control environments.
  • Strong familiarity with large-scale ERP systems (e.g. SAP Oracle) and GRC/SOX management tools.
  • Excellent stakeholder management and communication skills.
• Academic requirements:
  • Bachelors degree in Accounting Finance or a related field.
  • Professional certification (e.g. CPA CIA CISA ACCA) is a significant plus.
• Languages:
  • Fluency in English (written and verbal) is required.
  • Hungarian or other European languages (e.g. German) are a plus.

Job specific knowledge:

• Advanced SOX testing methodologies (sampling attribute testing).
• IPE and key report validation techniques.
• Understanding of IT-dependent manual controls and automated controls.
• GDPR principles for handling sensitive data.
• (Helpful but not required) Basics of Hungarian labor law as it may apply to internal processes.