Associate Director – Trusted ERP Controls Architect (SAP)

About the Team

KPMG’s Technology Risk & Cyber practice helps organisations build trust, resilience and confidence in their most critical technology platforms. Within this capability, Trusted ERP is a specialist area focused on ensuring enterprise ERP systems — particularly SAP — are secure, compliant, auditable and well‑controlled once implemented.

Trusted ERP works alongside large‑scale ERP transformations, providing deep ERP risk and controls expertise to ensure ERP systems operate safely and securely in live environments. This team is distinct from programme assurance or implementation delivery and sits squarely within technology risk, ERP controls assurance and system integrity.

Your Opportunity

The Associate Director – ERP Controls Architect plays a critical leadership role in the design, governance, and operationalisation of preventative and automated controls within large‑scale ERP transformation programs (e.g. SAP S/4HANA and other Tier‑1 ERPs).

The role acts as the design authority for ERP control architecture, translating business, regulatory, audit and cyber risks into practical, system‑enabled control responses that are embedded into ERP solutions by design.

This role is hands‑on and delivery‑focused, with accountability for leading engagements end‑to‑end, ensuring high‑quality outcomes across ERP risk, security and controls. You will support Directors and Partners by contributing to business development initiatives, including lead generation, proposal development and client conversations.

This opportunity is ideal for someone who brings deep ERP risk and controls expertise and is ready to step into a senior leadership role with responsibility for people leadership, delivery excellence and client impact — without owning overall capability strategy.

Key Responsibilities

In this role, you will:

Control architecture & design authority

• Establish and govern the ERP controls architecture for transformation programs, aligned to organisational risk appetite, regulatory obligations, and audit expectations.
• Act as the design authority for preventative and automated controls, including access controls, SoD, business process controls, configuration‑based controls, and GRC‑enabled controls.
• Define how controls should be embedded into ERP process and solution design, reducing reliance on manual and detective controls.
• Provide authoritative guidance on control patterns, design standards, and good practice architectures for ERP programs.

Integration with ERP delivery

• Scrutinise ERP process and solution designs (Vision through Deploy) to identify control implications and ensure appropriate control responses are designed and implemented.
• Work closely with ERP solution architects, security leads, functional leads, and system integrators to ensure controls are practical, implementable, and sustainable.
• Ensure control design is appropriately reflected in key artefacts (e.g. solution design, role design, configuration, testing strategies).

Risk, audit and assurance alignment

• Translate risk, audit and compliance requirements into clear, system‑based control designs, without assuming risk ownership.
• Support external and internal audit engagement by explaining control design intent, maturity, and reliance models.
• Provide senior‑level input into assurance activities (e.g. Gateway reviews, design effectiveness assessments, go‑live readiness).

Leadership & capability development

• Act as a trusted advisor to senior client stakeholders on ERP controls strategy and maturity uplift.
• Mentor and guide Security and Controls leads, specialists, and analysts across ERP engagements.
• Contribute to the development of Trusted ERP / Controls capability, including methods, role definitions, and reusable assets.
• Support go‑to‑market activity through thought leadership, proposals, and client conversations where deep controls expertise is required.

Experience

To be successful in this role, you will bring:

• Extensive experience in ERP controls, security, and risk architecture, ideally across SAP S/4HANA and/or other Tier‑1 ERPs.
• Deep understanding of:
  • ERP access controls, SoD, privileged access
  • Business process controls and configuration‑based controls
  • GRC tooling and automated controls
  • Audit reliance models and regulatory expectations
• Proven experience operating as a design authority on large, complex transformation programs.
• Strong ability to engage credibly with C‑suite, audit, risk, IT and ERP delivery leaders.
• Consulting experience strongly preferred, with evidence of shaping work, not just delivering it.