- External Audit, External Auditor - IT Controls testing
- Lead training sessions over ITGCs, ITAC, ITDM
- Internal Audit, 2nd / 3rd Line of Defense for IT Controls Testing / Management Testers
- Lead IT controls testing for assigned portfolio of controls/stakeholders to deliver to agreed time and quality standards
- Perform IT risk assessments for new technologies, draft IT process narratives and build Risk and Control Matrices
- Review ITGC testing in areas such as Access Management, Change and Release Management, Incident Management, for a broad range of technologies ranging from mainframes to cloud based applications.
- Review the assessments performed over automated controls and key reports across multiple business processes such as Procure-to-Pay, Order-to-Cash, Financial Statement Close Process, etc
- As required, support ITGC testing activities in areas such as Access Management, Change and Release Management, Incident Management and SOC Report Reviews as we'll as testing of IT Application Controls (ITACs), IT Dependent Manual Controls (ITDM) and Key Reports
- Assess the impact of deficient controls and lead the assessment of compensating controls.
- Build, communicate, measure and optimize the remediation plan for deficient controls.
- Support IT risk/control owners in understanding their ICFR responsibilities.
- Manage stakeholder relationship and lead internal meetings with Technology and Business Process teams.
Qualifications - Strong experience with SOX / IT Internal Controls Testing audit, implementation and design improvement
- Strong knowledge of IT auditing concepts and principles alongside understanding of IT General Controls (ITGCs) Testing, IT Automated Controls (ITAC) testing and IT-Dependent Manual (ITDM) Controls testing
- Experience in performing IT risk assessments and building Risk and Control Matrices for a broad range of technologies.
- Knowledge of Financial Reporting, Corporate Governance and core financial end to end processes such as Customer to Cash, Procure to Pay, Record to Report
Additional Information - SME level expertise in respect to information security (at least two domains of expertise) risk management processes, frameworks and regulatory aspects
- Experience of managing workstreams to deliver in line with time/quality expectations
- Able to adapt to suit the needs of the business and agile in approaching challenging scenarios
- Able to interpret and explain broader business risks to technology colleagues (and technology risks to business colleagues)
- Able to lead meetings with a broad range of internal and external stakeholders
- Strong written, verbal communication and presentation skills - ability to pitch to different levels of seniority and disciplines within the organisation
- Critical thinking with strong attention to detail and good organisational skills
- Able to build solid working relationships with peers as we'll as internal and external stakeholders
- Able to work with teams from differing backgrounds across multiple locations
