COMPANY

ZR Consultants (ZRC) is a successful business consulting firm specialising in Governance, Risk and Controls with a track record of delivering large scale projects which include SOX Compliance (Sarbanes Oxley), Business and IT Controls Transformation (SAP4/HANA, ORACLE Fusion Control & process design), Controls rationalisation and optimisation, Internal Audits, ESG, and regulatory compliance to clients all over Europe.
Established in 2003, we have expanded rapidly over the last 5 years and have amassed a number of global Blue-Chip clients. As we continue to grow, we remain dedicated to delivering high quality, cost-effective services to our clients and expanding our global reach. To learn more please visit zrconsultants.co.uk.

TECHNICAL & DELIVERY REQUIREMENTS:

• Experience in Risk Assessing Processes, Applications, Systems, Databases etc. to identify control gaps
• Experience of designing Controls and producing comprehensive Risk & Control Matrices (RACM’s) and Process flows
• Expertise in ICOFR/SOX controls to support the remediation and mitigation of ITGC deficiencies.
• Segregation of Duties (SoD) Remediation: Proven experience in identifying, resolving, and preventing SoD conflicts.
• Assessing JML procedures and User Access
• High-Quality Documentation: Capable of producing comprehensive, high-quality memos and test papers, including but not limited to: Mitigation Memos, Remediation Memos, Closure Memos, Process Flows, RACM’s.
• Access Management: Experience in resolving access management issues, including demonstrating the absence of unauthorised access over a defined period (e.g. the past year).
• Password Policies and Controls: Expertise in remediating password policy-related controls.
• Delivery Across Multiple Programs: Ensuring solutions are holistic and adaptable to diverse processes and systems while aligning with future operational needs.
• Presentation and Reporting: Strong skills in developing and delivering high-quality presentations and detailed reports to varied audiences.
• Senior Stakeholder Engagement: Proficient in mapping, tracking, and monitoring progress with senior stakeholders to maintain alignment and transparency.
• Agile Delivery: Ability to work at pace, meeting the stringent requirements of client auditors while managing competing priorities.

DESIRED SKILLS & EXPERIENCE:

• Extensive SOX and ITGC Expertise: 8+ years of experience in the private sector with a focus on ICOFR/SOX compliance, ITGC remediation, or ITGC transformation.
• Extensive Remediation & Mitigation Expertise: 8+ years experience of remediating and mitigating high volume deficiencies.
• Segregation of Duties (SoD): Demonstrated success in SoD remediation, including design and implementation as well as assessing any toxic combination and unauthorised access

ROLE OVERVIEW

In this role, you will lead the design and implementation of IT General Controls (ITGC) in an environment with minimal existing Risk and Controls frameworks.
You will collaborate with the Business Risk & Controls Team to walkthrough key processes (AP, P2P, R2R, Inventory, Fixed Assets, etc.), identifying critical systems and mapping end-to-end data flows. You’ll assess risks, evaluate existing controls, and highlight gaps across areas such as Access, SoD, Change Management, Backup & Recovery, and Incident Management.
Strong data analytics skills are essential to identify Access and SoD issues through system data. You’ll be responsible for producing Risk & Control matrices, process flows, and gap assessments.
The ideal candidate brings hands-on experience establishing governance, risk, and compliance (or SOX) programmes from the ground up, working closely with stakeholders through workshops and walkthroughs. You must be proactive, confident in engaging senior stakeholders, and able to manage evidence collection under tight timelines.
Significant experience in controls remediation, particularly around SoD and User Access deficiencies, is critical to succeed in this role.