SOPs, Internal Controls & SOX Subject Matter Expert (SME)

Do you want to build a better future?

About Enfinity Global

Enfinity Global is a purpose-driven company focused on making a positive impact on the planet by helping companies, governments, and individuals transition to a carbon-free and sustainable economy. As a leading Independent Power Producer (IPP), we develop, finance, build, operate, and own renewable energy assets throughout Europe, Asia, and the Americas from our offices in the USA, Spain, Italy, UK, Netherlands, India, and Japan.

Our diverse team, composed of over 350 committed professionals, has extensive experience across various stages of the project life cycle. We pride ourselves on being creative, innovative solution providers to our customers and partners.

Job Description

The Subject Matter Expert – SOPs, Internal Controls & SOX is the designated authority within the Shared Service Center (SSC) for the design, documentation, governance, and continuous monitoring of standard operating procedures and the internal control environment. Operating under the mandate of the Global Controllership team, the SME ensures that process activities executed in the SSC are performed consistently, are fully documented, are aligned with corporate accounting policies, and are supported by an effective system of internal controls compliant with SOX 404, the COSO framework, and applicable statutory requirements.

This role is the bridge between Global Controllership (policy and control design) and SSC operations (execution), and serves as the primary point of contact for internal audit, external audit, and SOX program management on all control matters.

The SME is accountable for ensuring that, across every entity and process:

Documented SOPs exist, are current, and reflect both corporate policy and the actual process executed; key controls are designed effectively, operate consistently, and are evidenced in line with SOX requirements; segregation of duties (SoD) is enforced and monitored; deficiencies, observations, and audit findings are tracked, root-caused, and remediated on schedule; the SSC maintains audit-readiness at all times for internal audit, external audit, and statutory reviews.

Key Responsibilities

SOP & Process Documentation Governance.

• Own the global SOP framework, including templates, naming conventions, version control, review cycles, and approval workflows.
• Drive the creation, review, and refresh of SOPs across all processes (P2P, OTC, R2R, Treasury, Intercompany).
• Ensure SOPs reflect the as-is process, embed required controls, reference applicable corporate policies, and meet quality standards.
• Maintain a centralized, accessible knowledge repository, ensuring that documentation is the single source of truth for SSC operators, auditors, and stakeholders.
• Coordinate annual or event-driven reviews (process change, system change, policy change, organizational change).

Internal Controls – Design & Operation.

• Partner with Global Controllership and the SOX Program Office to design and implement key controls covering risks: completeness, accuracy, validity, cut-off, presentation, authorization, and SoD.
• Document controls in line with the corporate Risk and Control Matrix (RCM) – including risk statement, control description, frequency, control owner, evidence, and key/non-key designation.
• Ensure each in-scope control has a defined operator, reviewer, evidence standard, and retention requirement.
• Embed controls within SOPs and operational tools (NetSuite, BlackLine) so they are executed by design rather than as bolt-ons.

SOX Compliance & Program Execution.

• Serve as the SSC lead for the global SOX program, coordinating directly with corporate controllership team.
• Plan and execute the annual SOX cycle scoping, walkthroughs, design assessments, test of design (ToD), test of operating effectiveness (ToE), management testing, and deficiency remediation.
• Maintain RCMs, narratives, flowcharts, and control evidence; ensure ITGC dependencies, automated controls, and IPE (Information Produced by the Entity) requirements are properly addressed.
• Track and report control performance, deficiencies, and remediation status to Global Controllership and the SOX PMO.
• Lead the response to control failures: root-cause analysis, compensating controls, remediation plans, retesting, and lessons learned.

Internal & External Audit Liaison.

• Serve as the primary interface for internal audit, external audit (SOX 404 auditors), and statutory auditors operating across the SSC's footprint.
• Coordinate PBC list management, walkthroughs, evidence delivery, and audit query resolution within agreed timelines.
• Manage audit findings end-to-end: review, agree management response, drive remediation, validate closure, and report status.
• Prepare the SSC for audit visits and regulatory inspections; ensure documentation, controls, and evidence are inspection-ready at all times.

Segregation of Duties & Access Governance.

• Partner with IT, Identity & Access Management, and SOX teams to define role designs and SoD rulesets in core ERP and supporting systems.
• Monitor SoD violations and access conflicts; drive remediation and mitigating controls.
• Review periodic user access certifications for applications and approve role changes within the assigned domain.

Risk Assessment & Continuous Monitoring.

• Conduct ongoing risk assessments to identify emerging risks (new entities, system changes, process migrations, M&A activity, policy changes) and update controls accordingly.
• Implement continuous controls monitoring (CCM) and analytics where feasible (e.g., journal entry analytics, reconciliation aging dashboards, exception reporting).
• Provide periodic risk and control dashboards to Global Controllership, SSC leadership, and the SOX PMO.

Capability Building & Training.

• Develop and deliver mandatory training on SOPs, internal controls, SOX requirements, and audit-readiness for all accounting staff.
• Run targeted refreshers following policy changes, audit findings, or process incidents.
• Coach control owners and operators on evidence standards, IPE requirements, and remediation expectations.