Director/Senior Director, Risk & Compliance

Reporting to the Vice President, Risk & Compliance (R&C), the Director / Senior Director, R&C is responsible for the design, oversight, and continuous improvement of technology-enabled risk management and internal controls across SAP S/4 HANA (S/4) and associated financial boundary systems. While having the ground floor opportunity of bridging a multi-year S/4 finance transformation implementation with a post go-live compliance and advisory function, this role provides leadership in all aspects of Security, Risk, and Controls (SRC), which includes assessing job-based security roles, segregation of duties (SoD), and process-level risks and developing / maintaining a company-wide Risk & Control Matrix (RCM). The Director / Senior Director partners closely with the S/4 project team, Global Controllership across Global Financial Operations (GFO), Corporate, and Business Units; Operations & Technology (O&T); and various compliance groups to ensure risks are identified, mitigated, and appropriately controlled within an evolving financial systems landscape. This role is also responsible for helping to design, establish/maintain, and manage a robust risk and compliance framework for Global Controllership including Global Finance Operations (GFO) teams on and offshore. The framework should ensure that all enterprise-wide accounting compliance programs, processes and technologies are consistent with NBCUniversal’s policies and procedures as well as applicable laws and regulations. Our GFO model today encompasses three service towers; Purchase to Payable (PTP), Order to Cash (OTC), and Record to Report (RTR) and has ~100 FTE NBCU team members supported by ~350 FTE in offshore locations. Services are provided to a wide range of business groups in a large number of countries. A successful candidate must demonstrate a strong knowledge of standard SAP finance concepts, knowledge of business and IT Sarbanes-Oxley (SOX), and experience implementing a controls framework. This role will work closely with solution integrators to gain a deep understanding of suggested SAP best practices and evaluate in partnership with the Global Controllership Global Process Owners (GPOs) where we can mitigate risks. This position will help GPOs design processes that are risk compliant by access controls and monitor segregation of duties. Responsibilities: Security & Access Controls and SoD Governance for S/4 and associated boundary systems Govern and work closely with Project Teams, GPOs, and O&T to develop and maintain the ongoing global access control strategy and role design standards Help design and implement new roles that align with NBCU users’ job responsibilities Design post-go-live approval workflows and set policy for access provisioning, role and transaction code changes, SoD risk mitigation, and periodic access and SoD rule set reviews Act as the final design authority for critical and cross-functional / high-risk roles and help ensure SAP security design aligns with financial close, PTP, OTC, RTR control objectives, SOX compliance, and cyber, internal audit and external audit expectations Identify, analyze, and remediate SoD risks / rule sets Assess inherent and residual risks, with a focus on system-enabled risks and SoD exposures, and work directly with corporate / business units and process owners to understand end-to-end finance processes and mitigating SoD controls Design and implement effective mitigating controls including transactional monitoring where preventive controls are not feasible, ensuring they are practical, sustainable, and auditable Partner with IT, Security, and Cyber teams to ensure access controls align with business processes and internal control standards Risk & Control Framework Develop, maintain, and govern the Risk Control Matrix (RCM) for S/4 and finance-related boundary systems and consolidate with GFO RCM to ensure consistency and efficiencies Ensure key risks and controls are effective, clearly documented, tested, embedded in the business, and updated as people, processes & technology change / evolve Align the RCM with financial reporting, operational, and compliance requirements (e.g., SOX) Develop a plan to maintain NBCU company-wide control framework post go-live including Governance Risk Compliance (GRC) tool evaluation and implementation Perform risk assessment and develop compliance approach to help ensure processes and controls are operating effectively Functional Collaboration, Governance, and Continuous Improvement Help identify roles and responsibilities during Keystone implementation and post go-live Work closely with GPOs for all Finance areas including PTP, OTC, RTR, MDG and Reporting & Analytics Serve as a trusted advisor to Global Controllership, Finance, O&T, and various compliance groups on risk and control matters Liaison with internal audit, external audit, compliance, controllership, and finance leadership Support audit activities, including walkthroughs, control testing, and remediation efforts related to S4 and boundary systems Provide guidance during system enhancements, role redesigns, and process changes to proactively address risks Facilitate updates to executive management and various stakeholders to help ensure timely communication and be responsible for applicable S/4 SRC go-live readiness sign-off Establish standards and governance for access control reviews, control documentation, and risk assessments and develop SRC guidance and training as appropriate Drive continuous improvement in risk awareness, control design, and documentation quality and utilize Artificial Intelligence (AI) and continuous control monitoring as applicable Partner with Financial Technology Strategy Group as it relates to the technology evolution (i.e., AI, ML, Agentic AI) and impact on the control environment including embedding non-human processing and access into provisioning, access review, and SoD governance Provide strategic thinking based on subject matter expertise (SME) for S/4 and boundary system data design and migration Participate in Global Design workshops and interface with functional workstreams, the project leadership team, and solution integrators Eloquently translate finance functional requirements to technical teams for development Develop sustainable low maintenance solutions for system controls Build stakeholder consensus and ensure everyone is on the same page, in agreement, and can understand the solution being proposed