Global Finance IT and SOD Controls Manager

The Finance IT & SoD Controls Manager plays a key role in strengthening the organization’s IT governance and internal control environment by leading the design, implementation, and continuous improvement of Segregation of Duties (SoD) and Sensitive Access frameworks. 

WHO WE ARE

At Avolta (SIX: AVOL), our people are at the driving force behind our success. With a team of over 76,000 individuals representing more than 150 nationalities, we are a truly global company driven by passion, innovation, and excellence.

Avolta is the world’s leading travel experience player. With a traveler-centric philosophy and a geographically diverse network, the travel retail and F&B company addresses the needs of up to 2.3 billion passengers each year, with 5,500 outlets in more than 75 countries across six continents. Guided by their Destination 2027 strategy and boosted by their recent combination with travel F&B giant Autogrill, the company is well positioned to realize their ambition to create a Travel Experience Revolution through their many locations at airports, motorways, cruise lines, seaports and railway stations amongst others.

PURPOSE OF THE ROLE

The Finance IT & SoD Controls Manager plays a key role in strengthening the organization’s IT governance and internal control environment by leading the design, implementation, and continuous improvement of Segregation of Duties (SoD) and Sensitive Access frameworks. This role supports risk mitigation, regulatory compliance, and the integration of robust access controls across systems and processes. As part of the Global Finance ICS team, the Finance IT & SoD Controls Manager collaborates with cross-functional stakeholders to enhance control effectiveness, support audit readiness, and drive automation across IT and business operations.
The position reports to the Global Finance ICS Head and can be based in either Madrid, ES or Basel, Switzerland.

RESPONSIBILITIES

• Conduct risk assessments of IT systems, processes, and controls to identify vulnerabilities, weaknesses, and areas for improvement. Review and analyze user access rights, permissions, and roles in enterprise systems to ensure compliance with Segregation of Duties (SoD) requirements and least privilege principles
• Develop and maintain a comprehensive Sensitive Access and SoD framework, including procedures, and guidelines, to ensure identification of sensitive access and the separation of incompatible duties across business processes and systems
• Collaborate with key stakeholders, including IT, Security, Finance, Human resources, and operational teams, to deploy the SA/SoD framework, allowing to detect conflicts, identify mitigating controls and develop appropriate resolutions
• Collaborate with IT and Security teams to integrate segregation of duties and sensitive access controls within access management program, including definition and configuration of supporting GRC tools
• Develop and contribute to implement IT internal control policies, procedures, and guidelines to ensure compliance with regulatory requirements, industry standards, and best practices
• Collaborate in designing and implementation of IT General Controls and Business Process automation, as well as risk mitigation strategies and action plans to address identified risks and strengthen internal controls
• Document process narratives, flowcharts, control matrices, and other documentation related to IT internal controls
• Coordinate with internal and external auditors to facilitate IT General Control and SoD compliance audits including planning, testing, reporting, and remediation
• Promote a culture of compliance and accountability. Develop and deliver SoD/ITGC training and awareness programs for employees and stakeholders
• Stay informed about changes in regulatory requirements, industry standards, and best practices related to SoD controls and access management as well as about emerging trends, technologies, and regulatory developments in the IT governance and internal control landscape
• Participate in cross-functional projects and initiatives to enhance IT and business processes and controls, including system implementations, automations, and migrations.
• Provide guidance and support to process owners and teams on moving from manual to automated controls by developing the specific design of the controls and supporting their implementation
• Prepare reports and presentations on the status of IT internal controls, SoD compliance, audit findings, and remediation efforts for senior management and the Audit Committee

WHAT WE ARE LOOKING FOR 

• Bachelor's degree in information technology, computer science, business administration, or a related field; advanced degree (e.g., MBA) preferred
• Certified Information Systems Auditor (CISA, CISSP) or other relevant certifications in IT governance, risk, and compliance preferred
• Proven experience (5+ years) in SoD management, access controls, IT internal control, or IT audit, preferably in a regulated industry or public company environment
• Strong understanding of IT controls frameworks, such as COBIT, ITIL, and NIST, and their application to IT processes and systems
• Knowledge of regulatory requirements related to IT governance and security, such as SOX, GDPR, HIPAA, and PCI DSS
• Experience with Governance, Risk & Compliance tools, identity and access management (IAM) systems, and enterprise resource planning (ERP) systems preferred
• Experience with IT audit methodologies, tools, and techniques for assessing IT controls and conducting IT audits
• Excellent analytical, problem-solving, and project management skills, with attention to detail and accuracy
• Strong communication and interpersonal skills, with the ability to collaborate effectively with IT teams, business stakeholders, and auditors
• Proficiency in Microsoft Office Suite, including Excel, Word, and PowerPoint