System Access Risk Manager

Your role: We are seeking a highly skilled and experienced System Access Risk Manager to lead the design, governance and oversight of Segregation of Duties (SOD) and related business risks and rules to enhance the SOD integrity of Ingram Micro's key finance systems. This role sits within Corporate Controllership and is responsible for working closely with the IT organization and key business leaders in developing, implementing, and overseeing SOD policies, job family risk profiles, access controls, and user permissions to ensure SOD risks in key financial systems are properly managed. The role partners closely with IT's Information Security Teams ("Infosec"), who are responsible for the technical implementation, execution, monitoring, and enforcement of access controls across all enterprise systems, including key financial systems. Own and govern SOD frameworks, policies, and control standards across financial reporting-relevant systems and processes, including central finance systems (i.e. Impulse, SAP) and supporting upstream, downstream, and reporting systems. In collaboration with Infosec, establish financial control requirements and risk-based guardrails for access management (e.g., provisioning, certification, de-provisioning). Define and govern transaction populations and SOD risk coverage across key financial processes, including high-risk areas such as manual journal entries, payments, and master data changes, ensuring completeness and alignment with financial reporting controls (ICFR). Establish and govern processes to evaluate new or changed system transactions (e.g., SAP T-codes, other financial system equivalents) for inclusion in financial reporting control scope, ensuring ongoing completeness and accuracy of in-scope populations. Partner with business, IT, and functional stakeholders to assess SOD risks, align access requirements, and implement appropriate mitigating controls across financial reporting-relevant systems. Assess SOD risks and access configurations regularly, including conflicting transactions and critical access, and provide second-line oversight of monitoring activities (e.g., firefighter IDs, super users), including review of outputs from Infosec to support remediation and audit readiness. Serve as a subject matter expert on SOD and access risk management, advising senior management and stakeholders on financial control risks, governance practices, and remediation priorities. Drive continuous improvement of SOD and access risk frameworks, incorporating leading practices, regulatory expectations, and lessons learned from audits, transformations, and control remediation efforts. What you bring to the role: Bachelor's degree in Business, Accounting, Finance, Information Systems, or related field. Certifications such as CPA, CIA, CISA, or CRISC preferred (CISSP/CISM optional, not primary). 8-10 years of experience in internal controls, audit, or risk management, with strong focus on financial reporting controls (ICFR), including access risk, segregation of duties, and journal entry-related risks in SOX-regulated environments. Strong understanding of ERP-based financial processes (e.g., SAP), including risks related to transaction populations, access, and segregation of duties impacting financial reporting. Strong understanding of access risk management and segregation of duties frameworks within ERP environments, and their impact on financial reporting and ICFR compliance. Strong knowledge of SOX, ICFR, and COSO frameworks, with familiarity of ITGC concepts and access control principles in support of financial reporting controls. Familiarity with SAP and access governance tools (e.g., SAP GRC) with emphasis on segregation of duties and financial control alignment is a plus. Excellent leadership, communication, and stakeholder management skills, with the ability to influence cross-functional teams and drive alignment on control design and risk mitigation. Proven track record of leading access risk and SOD initiatives in complex environments, including ERP transformations and control remediation programs, with measurable impact on risk reduction and audit outcomes. #LI-LB2