Business Oversight Manager

The Business Oversight Manager is a senior second-line-of-defense leader accountable for the structural integrity of the organization’s governance, risk, and control environment. This role independently evaluates the effectiveness of Governance, Risk & Compliance (GRC) outputs and ensures that controls across all business units are:
• Structurally sound
• Scalable with growth
• Embedded into operational workflows
• Consistently adhered to

Primary Accountabilities:

1. Enterprise Control Architecture Oversight
• Own and continuously refine the company-wide internal control framework.
• Ensure alignment with recognized standards (COSO, ISO 31000, Three Lines Model).
• Design preventive, automated, and scalable controls.
• Standardize control taxonomy and governance structures across departments and geographies.
• Define control maturity targets and monitor progression.

2. Independent Review of GRC Outputs
• Critically assess risk registers, control assessments, incident logs, compliance dashboards, and policy adherence reports.
• Challenge risk classifications, residual risk ratings, and mitigation adequacy.
• Validate control design vs. control operating effectiveness.
• Ensure risk documentation reflects true operational exposure, not theoretical positioning.

3. Cross-Functional Root Cause & Systemic Risk Analysis
• Lead enterprise-level investigations into recurring failures, financial leakage, regulatory exposure, or operational breakdowns.
• Identify structural weaknesses spanning Finance, Operations, Technology, HR, Procurement, and Commercial.
• Produce executive-level diagnostic reports linking process gaps to enterprise risk.

4. Procedure & Control Engineering
• Evaluate SOPs for clarity, enforceability, scalability, and control density.
• Redesign procedures to eliminate dependency on individual heroics.
• Embed control checkpoints within workflows and system configurations.
• Partner with Product/Tech teams to automate control gates.
• Ensure governance scales proportionately with growth and complexity.

5. Adherence Monitoring & Control Sustainability
• Establish continuous monitoring frameworks.
• Define leading indicators for control degradation.
• Design escalation matrices for repeat non-adherence.
• Validate remediation sustainability through follow-up testing.
• Prevent “audit fatigue” and relapse cycles.

6. Executive Risk Translation & Advisory
• Translate operational control weaknesses into financial, regulatory, reputational, and strategic risk exposure.
• Align oversight with the company’s defined risk appetite.
• Provide quarterly enterprise control health briefings to executive leadership and board-level committees (if applicable).
• Advise leadership on governance implications of new product launches, market expansion, or structural changes.

Scope of Influence:
• All business units
• All operational processes
• All regulated activities
• Cross-border governance 

This role operates independently of operations while maintaining constructive partnership.
 

• 8–12 years in Internal Audit.
• Enterprise Risk Management, Operational Risk, SOX/Internal Controls leadership and Business Assurance functions.
• Demonstrated ownership of enterprise-wide control programs.
• Experience reviewing and challenging GRC frameworks.
• Strong knowledge of: COSO Internal Control Framework, ISO 31000, Risk & Control Self-Assessment (RCSA) and Control testing methodologies
• Proven ability to lead cross-functional investigations.

Preferred Experience:

• Hands-on experience with enterprise GRC platforms (ServiceNow GRC, LogicGate, OneTrust, Archer).
• Exposure to SOX, SOC2, GDPR, or equivalent regulatory environments.
• Lean Six Sigma / process reengineering background.
• Professional certifications: CIA\CISA\CRMA\CPA 

HungerStation is part of the Delivery Hero Group, the world’s pioneering local delivery platform, our mission is to deliver an amazing experience—fast, easy, and to your door. We operate in over 70+ countries worldwide. Headquartered in Berlin, Germany. Delivery Hero has been listed on the Frankfurt Stock Exchange since 2017 and is part of the MDAX stock market index.