* Enhancing and developing the Group IT General Controls framework, supporting IT and Cybersecurity functions and ensuring alignment with recognised industry standards.
* Oversee and monitor compliance across the IT General Controls (ITGC) framework, ensuring accurate and up‑to‑date documentation within the Group’s GRC application.
* Assessing the effectiveness and efficiency of the IT General Controls environment, identifying control gaps, deficiencies, and opportunities for improvement.
* Driving continuous improvement initiatives by reviewing existing controls with process and control owners and supporting the design and implementation of new or updated controls.
* Promoting best practice across the Group, including opportunities to streamline, standardise and automate IT General Controls across Operating Companies.
* Monitoring Group‑wide control effectiveness levels through the Group’s GRC application.
* Reporting to Senior Management on the status of the internal control environment, including control effectiveness, open or overdue deficiencies, and key internal control initiatives.
* Acting as a point of liaison with Internal and External Audit, supporting audit activity and providing subject‑matter guidance on the IT controls environment.
* Supporting management, process and control owners in the remediation of deficiencies identified through internal and external audits.
Accountabilities
* Support process owners, control owners and local internal control teams in the review, maintenance and ongoing effectiveness of IT General Controls across the Group.
* Assist management with the adoption of new or amended controls and corrective actions arising from identified control deficiencies.
* Support control design, redesign and first‑time implementation activities.
* Promote a strong control culture by reinforcing assurance expectations, sharing lessons learned from audits, and delivering targeted training where appropriate.
* Reporting to key stakeholders on internal control matters, including scope, regulatory considerations, reviews, remediation plans, key projects and internal control KPIs.
* Coordinate with Internal and External Auditors to provide relevant information to support audit activities.
* Support the delivery of IT projects and programmes by ensuring internal control requirements are appropriately embedded.
* Monitor and manage the effective use of the Group GRC application, including framework maintenance, access management, audit support and end‑user guidance.
Required Skills, qualifications & experience
* Educated to degree level (desirable).
* Minimum 3-4 years’ experience in an IT Controls, IT Audit, or IT Risk & Compliance role within a complex, regulated, or multi‑entity organisation.
* Good understanding of systems development life cycle (SDLC) methodologies and their associated control implications, together with knowledge of operating systems, databases, web technologies, and network infrastructures.
* Ability to assist non-technical audit colleagues in understanding technology risks and controls.
* Good technical understanding of IT General Controls (ITGCs) and IT Application Controls (ITACs).
* Proven experience in identifying control gaps, performing root‑cause analysis, and proposing best‑practice solutions.
* Excellent stakeholder management skills, with the ability to work effectively with IT application owners, support teams, business control owners, and audit functions.
* Excellent written and verbal communication in English; Spanish is advantageous.
* Professional certifications (e.g. CISA, CISSP, ITIL, COBIT Foundation, ISO 27001) are desirable.
* Experience of ICFR or SOX IT environments would be an advantage.
* Experience working with a GRC tool is desirable.
#J-18808-Ljbffr