At GAF, we cover more than buildings. We cover each other. No matter what role, tenure, or track, under this roof you are empowered to be there for your teammates, your customers, and especially your community. Under this roof, we don’t back down from hard work– we support one another in pursuit of something bigger. We define the future while leading the present. And under this roof, we own our opportunities. Becoming the market leader only happens when everyone feels they have the opportunity, and the support, to thrive. We are GAF. And under this roof, we protect what matters most.
Job Summary
We are seeking an experienced Director of Policy & SAP Role Governance to lead the development, implementation, and oversight of corporate policies while ensuring robust governance of role security within SAP. This role requires a strong blend of expertise in policy management, internal controls, compliance, and enterprise system security.
The ideal candidate will have extensive experience in governance frameworks, risk management, and SAP security, ensuring that company policies and user access controls align with regulatory, audit, and business requirements.
Essential Duties
• Develop, implement, and maintain corporate policies and procedures to ensure compliance with internal controls, financial regulations, and operational best practices.
• Establish a policy governance framework, ensuring policies are regularly reviewed, updated, and communicated across the organization.
• Collaborate with senior leadership, legal, finance, and compliance teams to develop policies that align with business objectives and regulatory requirements (e.g., SOX, GDPR, IFRS, GAAP).
• Monitor and assess regulatory changes to ensure company policies remain compliant with industry and legal standards.
• Oversee the training and communication strategy for policies, ensuring employees understand and adhere to established guidelines.SAP Role Security & Governance:
• Lead the governance and administration of SAP role security, ensuring appropriate user access management in line with segregation of duties (SoD) and audit requirements.
• Establish role-based access controls (RBAC) within SAP to mitigate risks related to unauthorized access and data integrity.
• Collaborate with IT and internal audit teams to monitor and audit SAP security configurations, addressing any role conflicts or security gaps.
• Develop and enforce SAP access policies, ensuring compliance with internal controls, SOX, and IT security frameworks.
• Work with business process owners to define and implement role security requirements that align with operational needs.
• Provide oversight on user provisioning, de-provisioning, and periodic access reviews to ensure proper governance of SAP roles.
• Partner with IT to support SAP security updates, enhancements, and system integrations while maintaining compliance.Risk & Compliance Management:
• Implement and oversee controls to ensure compliance with financial, IT, and operational policies.
• Conduct risk assessments related to policy governance and SAP security, identifying potential vulnerabilities and mitigation strategies.
• Support internal and external audits by providing documentation, evidence, and remediation plans related to policy compliance and SAP security.
• Develop dashboards and reporting mechanisms to track policy adherence and SAP security governance effectiveness.Cross-Functional Collaboration & Leadership:
• Work closely with Finance, IT, Internal Audit, HR, and Legal teams to ensure alignment on policy and security governance initiatives.
• Provide leadership, training, and guidance on policy implementation and SAP security best practices.
• Develop and present executive reports on policy effectiveness, security compliance, and risk mitigation strategies.
Qualifications Required
Required10+ years of experience in policy governance, compliance, risk management, or accounting.5+ years of experience in SAP security governance, user access management, and role-based security.Experience working with IT teams on enterprise security, risk management, and internal controls.Strong understanding of regulatory frameworks, including SOX, GDPR, and financial reporting standardsStrong knowledge of SAP role security, SoD principles, and access controlsCPA, CIA, CISA, or other relevant certifications Preferred
General Knowledge, Skills and Abilities
Qualifications Preferred
GAF complies with federal, state, and local disability laws and makes reasonable accommodations for applicants and employees with disabilities. If a reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact HR Services at 833-HR-XPERT.
We believe our employees are our greatest resource. We offer competitive salary, benefits, 401k, and vacation packages for all full time permanent positions. We are proud to be an equal opportunity workplace and GAF, Standard Logistics, SGI, and Siplast are proud to be affirmative action employers. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. If you have a disability or special need that requires accommodation, please let us know. If applying for positions in the U.S., must be eligible to work in the U.S. without need for employer sponsored visa (work permit).