Vaco

Vaco Boston has partnered with our client who is looking to add an ERP Risk and Controls Analyst to their team

Responsibilities:

• Assess, design, implement, and monitor internal controls within the ERP environment to ensure compliance with company policies and regulatory standards (e.g., SOX, GDPR, ISO).
• Collaborate with internal audit, finance, IT, and other stakeholders to identify ERP risks and recommend mitigation strategies.
• Participate in ERP implementation or upgrade projects to ensure proper controls are embedded in system design.
• Perform Segregation of Duties (SoD) analysis, user access reviews, and manage controls around role-based access in the ERP system.
• Conduct regular audits and control assessments, identify control deficiencies, and track remediation plans.
• Develop and maintain process documentation, including risk and control matrices (RCM), narratives, and flowcharts.
• Assist in the development and delivery of training and awareness programs related to ERP controls and compliance.
• Support external and internal audit activities by providing required documentation and responding to queries.
• Stay informed of regulatory changes, industry best practices, and emerging ERP risk trends.

Qualifications:

Education:

• Bachelor’s degree in Accounting, Finance, Information Systems, Business Administration, or related field.
• Professional certifications preferred: CPA, CIA, CISA, or similar.

Experience:

• 2-4 years of experience in risk management, internal controls, or audit, preferably within an ERP environment.
• Hands-on experience with one or more ERP systems (e.g., SAP, Oracle, NetSuite, Workday).
• Knowledge of control frameworks such as COSO, COBIT, or ITIL.
• Familiarity with compliance standards like SOX, GDPR, HIPAA, or ISO 27001 is a plus.

Skills:

• Strong analytical and problem-solving skills.
• Ability to communicate complex information clearly and effectively.
• Proficiency in Microsoft Excel, PowerPoint, and data analysis tools.
• Knowledge of GRC (Governance, Risk, and Compliance) tools is desirable.

Determining compensation for this role (and others) at Vaco/Highspring depends upon a wide array of factors including but not limited to the individual’s skill sets, experience and training, licensure and certifications, office location and other geographic considerations, as well as other business and organizational needs. With that said, as required by local law in geographies that require salary range disclosure, Vaco/Highspring notes the salary range for the role is noted in this job posting. The individual may also be eligible for discretionary bonuses, and can participate in medical, dental, and vision benefits as well as the company’s 401(k) retirement plan.