Group Internal Controls - IT Manager
Location: Cheltenham, Gloucestershire (hybrid working)
The Group Internal Controls - IT Manager will play a key role in expanding the second line assurance function into IT assurance, supporting the ongoing development of the Group’s controls framework. This is a global role, providing oversight of IT controls across Group IT infrastructure, Group and Business Unit–owned applications, and IT governance. As a newly created position, the role offers the opportunity to shape and define the IT assurance approach while working as part of an international team of assurance professionals within a complex FTSE100 organisation.
Key responsibilities
* Plan and deliver the annual programme of general IT controls testing across a global organisation
* Work closely with Group IT and Business Unit IS teams to communicate control findings, agree remediation plans and track progress
* Maintain and enhance the Group’s IT risk and controls matrix and general IT controls testing methodology
* Partner with the Internal Controls Lead to develop IT assurance ways of working and expand the second‑line assurance function into IT
* Conduct IT controls testing across infrastructure, applications and governance, ensuring alignment within internal policies and control expectations
* Clearly articulate control weaknesses and remediation actions to senior management
* Support Group IT in embedding effective tracking and reporting of control actions to drive accountability
* Contribute to the development and delivery of IT controls training for control owners, operators and the second line team
* Monitor emerging IT risks and industry best practices to continuously evolve the IT internal controls methodology
* Act as an advocate for the Group’s controls agenda, building strong relationships across the IT community
Your experience
* Professional certification such as CISA (Certified Information Systems Auditor) or equivalent
* Accounting qualification desirable but not essential
* Proven experience in IT auditing or IT controls testing, gained within practice or a large multinational organisation
* Strong understanding of IT governance, risk management and compliance
* Working knowledge of information security frameworks such as ISO 27001, NIST CSF, CIS 18 Controls, COBIT, SOX and ITIL
Your skills
* Strong written and verbal communication skills, with the ability to engage senior stakeholders
* Demonstrate high standards of integrity and professionalism
* Excellent collaboration and interpersonal skills, able to build effective global relationships
* Comfortable working independently and proactively in a developing role
* Commercially minded, able to provide pragmatic and proportionate risk solutions
* Passionate about IT risk and controls, with a commitment to staying current with industry developments
Everyone is Included at Spirax Group
#J-18808-Ljbffr