Share this Job

Controls & Compliance Senior Analyst

Apply now »

Date: Sep 29, 2021

Location: Budapest, HU, 1117

Company: Corning

Over the course of the past several years, Corning’s Global Finance Organization has transformed into an insights driven, world-class Finance organization, focused on supporting our businesses’ strategic growth initiatives across all regions of the world.  At Corning, our Finance organization plays an essential leadership role in all strategic business decisions.  We deliver value through our focus on business partnership with an emphasis on providing actionable insights that deliver strong cash and liquidity performance, high returns on invested capital, and optimized efficiency and effectiveness of business process operations.  Corning Finance is launching into another exciting phase of change focused on integrating digital transformation into all areas of the organization, including updates to core ERP systems, data, analytics, reporting and best of breed emerging tech including expansion of RPA, AI and chatbot capabilities.  As our Corning businesses grow and evolve, so will Corning Finance – always being ready to meet the needs of our partners - driving shareholder value, and providing world-class financial stewardship to the enterprise at large.


Corning’s office in Budapest, Hungary, is home to the group’s EMEA Shared Services hub and Global Supply Management team. The Budapest office is responsible for credit-to-cash, payroll, procure-to-pay, and record-to-report for all of Corning’s EMEA business operations. Globally, the office supports master data management, intercompany activities, purchase-order management, lease administration, and liquidity management.

The Controls and Compliance Senior Analyst will be the RCCOE’s key subject matter expert for SAP S/4 HANA control automation and Pathlock GRC champion inclusive of access governance policy, process and procedures.  The role will serve as back-up resource for Access Governance.  Specific responsibilities include:

  • Continual assessment of ~150 SAP S/4 HANA configurable controls including stakeholder reviews and maintaining Corning’s enterprise blueprint design
  • Lead the Corning impact/ benefit analysis and change management planning with engagement of GPOs and other key stakeholders
  • Build configurable controls implementation process into design, configuration and testing plan of all SAP S/4 HANA implementations
  • Assist with all aspects of Corning configurable control rollouts
  • Support development of configurable controls Playbook for Corning
  • Lead configurable control rollouts (lead localization of controls, identify gaps against Control Baseline and effectively communicate to resolve issues
  • Learn how Pathlock GRC platform can monitor configured controls and automate IT General Controls and participate in development of strategy and roadmap for Transaction Monitoring in those areas
  • Support SOD Ruleset set up/ customization work, initially for SAP S/4 HANA and subsequently for legacy ERPs ECC6 and PeopleSoft
  • Assist with development and integration of new application security policies, processes, roles and responsibilities and lead establishment of operating procedures for the RCCOE
  • Lead/ support identification of mitigating controls for each SOD function in the new global rulesets to develop Pathlock library of mitigating controls
  • Ensure that key mitigating controls are assigned to users with SOD and that the key controls are effective, efficient and being tested
  • Review the controls configured in the Pathlock Transaction Monitoring module and provide guidance about future controls to automate
  • Lead Pathlock Transaction Monitoring response process
  • As time permits, roll out Governance standards to Non-ERP systems
  • From 2022 this role is expected to be ~25% program deployments, ~25% control effectiveness testing and ~50% Pathlock operations including primary back up for Access Governance.


  • Strong functional/ technical and analytical skills as well as attention to detail required for managing this complex area of SAP S/4 HANA and Fiori security administration
  • Can influence without authority and engage effectively with stakeholders across the organization.

Required Education and Experience:

  • Bachelor’s degree in relevant discipline (e.g., Accounting, Information Systems, Finance, Economics or Business)
  • 5 - 7 years’ relevant experience in SAP security administration, consulting, shared services, business operations (finance, supply chain or payroll) or audit / compliance / assurance / support.
  • Experience working with multiple groups and cross functional teams

Required Knowledge & Skills:

  • Understanding of key risk management concepts
  • Knowledge of SAP solution design and key elements of SAP role security architectures
  • Knowledge and experience with SAP security in S/4HANA with embedded Fiori
  • Technical and functional knowledge of access management tools (e.g. Greenlight, SAP Access Control, Security Weaver) processes, roles, and responsibilities
  • Experience leading a workstream within complex SAP projects working with cross-functional teams of Business, IT, and Compliance
  • Experience with one or more commonly used internal control frameworks, risk frameworks and compliance methodologies:
    • COSO
    • Sarbanes-Oxley (SOX) compliance programs
    • AICPA Trust Criteria/ SOC Reports, NIST
    • CMMC
    • COBIT
    • General Data Protection Regulation (GDPR)


  • Skills with at least one business processes and controls operation or audit, including opportunities for automation and standardization (Six Sigma, LEAN, DMAIC Belt Certifications a plus)
  • Strong business acumen
  • Strong analytical and strategic thinking abilities
  • Effective organization and planning skills with the ability to handle changing priorities
  • Demonstrated advanced skills in Microsoft Excel, Access and SharePoint
  • Excellent communications, interpersonal and influencing skills
  • Execution mindset
  • Customer focus
  • Ability to work in a matrix environment
  • Cross-cultural sensitivity