About this Internal Controls & Compliance Lead role at Bosta
Job Responsibilities:
• Map all critical business processes end-to-end, identify control gaps, and build a prioritized remediation roadmap with clear owners and timelines.
• Develop and maintain the Risk-Control Matrix (RCM) covering financial reporting, operations, and compliance risks.
• Prepare management representation letters, process narratives, and flowcharts for auditor review.
• Support the Audit Committee (once established) with reporting, risk assessments, and control testing results.
• Coordinate internal audit activities — planning, fieldwork, reporting, and remediation tracking.
• Monitor regulatory compliance requirements across operating jurisdictions and ensure Finance processes meet local and international standards (IFRS, tax, labor law, social insurance).
• Design preventive controls to detect policy violations before they reach Finance.
• Work with IT and Operations to embed controls into existing systems (ERP, HRIS, payment platforms) rather than relying solely on detective controls.
• Establish KPIs for control effectiveness and report quarterly to the Head of FP&A and CFO.
Job Qualifications:
• 7–10 years of experience in internal audit, internal controls, or risk & compliance, with at least 3 years in a senior/lead role.
• Experience in a Big 4 firm or equivalent (Deloitte, PwC, EY, KPMG), ideally in their risk advisory or audit practice.
• Direct involvement in at least one major control transformation project.
• Strong understanding of IFRS, COSO, and control testing methodologies.
• Professional certification: CIA strongly preferred.
• Industry experience in logistics, e-commerce, or high-growth technology companies.
• Multi-country experience is a plus
• Familiarity with ERP systems (SAP, Oracle, NetSuite) and data analytics tools for continuous monitoring.
• Structured thinker: Can take a chaotic, undocumented process and turn it into a clear flowchart with controls, owners, and exception-handling procedures.
• Diplomatically relentless: Pushes for compliance without creating adversarial relationships with Operations and HR. Understands that controls must work with the business, not against it.
• Comfortable with ambiguity: need to be energized, not paralyzed, by embracing ambiguity.
• Communication range: Can write a board-ready risk report and also explain to a hub manager why a new approval step matters.
• Ownership mentality: Doesn't wait for the auditor to find the problem. Finds it first, fixes it, and
documents the fix.