Business Oversight Manager

Company Description

Hunger Station is part of the Delivery Hero Group, a world pioneering local delivery platform. Our mission is to deliver an amazing experience—fast, easy, and to your door. We operate in over 70+ countries worldwide. Headquartered in Berlin, Germany. Delivery Hero has been listed on the Frankfurt Stock Exchange since 2017 and is part of the MDAX stock market index.

The Business Oversight Manager is a senior second-line-of-defense leader accountable for the structural integrity of the organization’s governance, risk, and control environment. This role independently evaluates the effectiveness of Governance, Risk & Compliance (GRC) outputs and ensures that controls across all business units are:

• Structurally sound
• Scalable with growth
• Embedded into operational workflows
• Consistently adhered to

• Own and continuously refine the company-wide internal control framework.
• Ensure alignment with recognized standards (COSO, ISO 31000, Three Lines Model).
• Design preventive, automated, and scalable controls.
• Standardize control taxonomy and governance structures across departments and geographies.
• Define control maturity targets and monitor progression.

• Critically assess risk registers, control assessments, incident logs, compliance dashboards, and policy adherence reports.
• Challenge risk classifications, residual risk ratings, and mitigation adequacy.
• Validate control design vs. control operating effectiveness.
• Ensure risk documentation reflects true operational exposure, not theoretical positioning.

• Lead enterprise-level investigations into recurring failures, financial leakage, regulatory exposure, or operational breakdowns.
• Identify structural weaknesses spanning Finance, Operations, Technology, HR, Procurement, and Commercial.
• Produce executive-level diagnostic reports linking process gaps to enterprise risk.

• Evaluate SOPs for clarity, enforce ability, scalability, and control density.
• Redesign procedures to eliminate dependency on individual heroics.
• Embed control checkpoints within workflows and system configurations.
• Partner with Product/Tech teams to automate control gates.
• Ensure governance scales proportionately with growth and complexity.

• Establish continuous monitoring frameworks.
• Define leading indicators for control degradation.
• Design escalation matrices for repeat non-adherence.
• Validate remediation sustainability through follow-up testing.
• Prevent “audit fatigue” and relapse cycles.

• Translate operational control weaknesses into financial, regulatory, reputational, and strategic risk exposure.
• Align oversight with the company’s defined risk appetite.
• Provide quarterly enterprise control health briefings to executive leadership and board-level committees (if applicable).
• Advise leadership on governance implications of new product launches, market expansion, or structural changes.

• All business units
• All operational processes
• All regulated activities
• Cross-border governance

This role operates independently of operations while maintaining constructive partnership.

• 8–12 years in Internal Audit.
• Enterprise Risk Management, Operational Risk, SOX/Internal Controls leadership and Business Assurance functions.
• Demonstrated ownership of enterprise-wide control programs.
• Experience reviewing and challenging GRC frameworks.
• Strong knowledge of: COSO Internal Control Framework, ISO 31000, Risk & Control Self-Assessment (RCSA) and Control testing methodologies
• Proven ability to lead cross-functional investigations.

• Hands‑on experience with enterprise GRC platforms (Service Now GRC, Logic Gate, One Trust, Archer).
• Exposure to SOX, SOC2, GDPR, or equivalent regulatory environments.
• Lean Six Sigma / process reengineering background.
• Professional certifications: CIA/CISA/CRMA/CPA