Group Internal Controls - IT Manager

Group Internal Controls - IT Manager

Location: Cheltenham, Gloucestershire (hybrid working)

The Group Internal Controls - IT Manager will play a key role in expanding the second line assurance function into IT assurance, supporting the ongoing development of the Group's controls framework. This is a global role, providing oversight of IT controls across Group IT infrastructure, Group and Business Unit-owned applications, and IT governance. As a newly created position, the role offers the opportunity to shape and define the IT assurance approach while working as part of an international team of assurance professionals within a complex FTSE100 organisation.

Key responsibilities

• Plan and deliver the annual programme of general IT controls testing across a global organisation
• Work closely with Group IT and Business Unit IS teams to communicate control findings, agree remediation plans and track progress
• Maintain and enhance the Group's IT risk and controls matrix and general IT controls testing methodology
• Partner with the Internal Controls Lead to develop IT assurance ways of working and expand the second line assurance function into IT
• Conduct IT controls testing across infrastructure, applications and governance, ensuring alignment within internal policies and control expectations
• Clearly articulate control weaknesses and remediation actions to senior management
• Support Group IT in embedding effective tracking and reporting of control actions to drive accountability
• Contribute to the development and delivery of IT controls training for control owners, operators and the second line team
• Monitor emerging IT risks and industry best practices to continuously evolve the IT internal controls methodology
• Act as an advocate for the Group's controls agenda, building strong relationships across the IT community

Your experience

• Professional certification such as CISA (Certified Information Systems Auditor) or equivalent
• Accounting qualification desirable but not essential
• Proven experience in IT auditing or IT controls testing, gained within practice or a large multinational organisation
• Strong understanding of IT governance, risk management and compliance
• Working knowledge of information security frameworks such as ISO 27001, NIST CSF, CIS 18 Controls, COBIT, SOX and ITIL

Your skills

• Strong written and verbal communication skills, with the ability to engage senior stakeholders
• Demonstrate high standards of integrity and professionalism
• Excellent collaboration and interpersonal skills, able to build effective global relationships
• Comfortable working independently and proactively in a developing role
• Commercially minded, able to provide pragmatic and proportionate risk solutions
• Passionate about IT risk and controls, with a commitment to staying current with industry developments

Everyone is Included at Spirax Group