Job Purpose:

The role is accountable for designing, governing, and continuously enhancing the Segregation of Duties (SoD) framework across global Finance systems and processes at GSK.

This role serves as the central authority for SoD risk management within Finance, ensuring that access-related risks are proactively identified, mitigated, and governed in line with SOX/ICFR requirements. It balances robust control oversight with business enablement by driving pragmatic, risk-based solutions that support an efficient control environment.

A key focus is to transform and optimise the current SoD monitoring approach, reducing manual effort and cost of compliance while strengthening risk visibility and control effectiveness through automation and advanced analytics.

Given the high audit sensitivity of SoD, this role provides strategic oversight of enterprise-wide SoD exposure, ensuring risks are maintained within acceptable thresholds and aligned with GSK’s global control standards.

Key Responsibilities:

SoD Governance & Framework Ownership

• Own and govern the global ERP SoD framework, including risk definitions, rulesets, control mappings, and monitoring methodologies

• Define SoD risk tolerance levels and exception handling protocols in collaboration with Tech Governance, Risk, and Compliance (GRC) teams

• Act as the single point of accountability within Finance for determining and overseeing SoD risk

Risk Identification, Monitoring & Mitigation

• Identify, assess, and monitor SoD conflicts across Finance and business systems globally in line with SOX/ICFR requirements

• Design and implement sustainable mitigating controls where conflicts cannot be eliminated

• Manage and oversee the exception process for users with residual SoD risks, ensuring appropriate mitigation measures are in place

Stakeholder Management & Influence

• Partner with business, Tech, and Access Management teams to drive acceptable levels of SoD risk

• Influence ERP role design to proactively prevent high-risk conflicts

• Lead remediation planning and execution for critical SoD risk exposures

Audit & Compliance

• Ensure all SoD risks, exceptions, and remediation activities are documented, auditable, and compliant

• Act as a key interface with internal and external auditors, ensuring alignment with SOX compliance expectations

• Support audit processes by providing clear evidence, insights, and risk transparency

Reporting & Insights

• Deliver regular SoD risk reporting to senior leadership, including trends, root causes, and control effectiveness

• Provide data-driven insights to support decision-making and risk prioritisation

Continuous Improvement & Transformation

• Drive optimisation of the SoD framework through:

  • Role redesign and simplification

  • Continuous controls monitoring (CCM)

  • Automation and digital solutions (e.g., Process Mining, AI/Agentic tools)

• Identify opportunities to balance risk coverage with cost efficiency across compliance programs

• Lead initiatives to modernise SoD monitoring, reducing manual intervention and enhancing scalability

Technology & Advanced Analytics

• Leverage advanced tools (e.g., process mining, analytics platforms) to monitor user activity and detect conflicting transactions

• Provide visibility of key risk exposures and remediation progress to leadership and audit stakeholders

Required Qualifications & Experience:

• Qualified Chartered Accountant (CA) 

• 7years of experience in risk management, internal controls, audit, or compliance

Functional Expertise

• Strong knowledge of SOX/ICFR compliance frameworks

• Deep understanding of SoD risks within ERP environments (SAP preferred)

• Experience with GRC tools, risk rulesets, access controls, and mitigating controls

• Exposure to audit management and regulatory risk governance

Technical & Analytical Skills

• Expertise in SoD risk analysis and ERP role design optimisation

• Experience with process mining, continuous controls monitoring, and automation

• Strong data analysis, reporting, and insight generation capabilities

Skills

Financial Reporting Controls, Internal Control Over Financial Reporting (IFCR), SOD Analysis, SOX Compliance Audit

 

 

Why GSK?

Uniting science, technology and talent to get ahead of disease together.

GSK is a global biopharma company with a purpose to unite science, technology and talent to get ahead of disease together. We aim to positively impact the health of 2.5 billion people by the end of the decade, as a successful, growing company where people can thrive. We get ahead of disease by preventing and treating it with innovation in specialty medicines and vaccines. We focus on four therapeutic areas: respiratory, immunology and inflammation; oncology; HIV; and infectious diseases – to impact health at scale.

People and patients around the world count on the medicines and vaccines we make, so we’re committed to creating an environment where our people can thrive and focus on what matters most. Our culture of being ambitious for patients, accountable for impact and doing the right thing is the foundation for how, together, we deliver for patients, shareholders and our people.

Inclusion at GSK:

As an employer committed to Inclusion, we encourage you to reach out if you need any adjustments during the recruitment process.

Please contact our Recruitment Team at [email protected] to discuss your needs.

Important notice to Employment businesses/ Agencies

GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.

It has come to our attention that the names of GlaxoSmithKline or GSK or our group companies are being used in connection with bogus job advertisements or through unsolicited emails asking candidates to make some payments for recruitment opportunities and interview. Please be advised that such advertisements and emails are not connected with the GlaxoSmithKline group in any way.

GlaxoSmithKline does not charge any fee whatsoever for recruitment process. Please do not make payments to any individuals / entities in connection with recruitment with any GlaxoSmithKline (or GSK) group company at any worldwide location. Even if they claim that the money is refundable.

If you come across unsolicited email from email addresses not ending in gsk.com or job advertisements which state that you should contact an email address that does not end in “gsk.com”, you should disregard the same and inform us by emailing [email protected], so that we can confirm to you if the job is genuine.