Department overview The Business Assurance department is responsible for providing internal control advisory and assurance services to the business by acting as subject matter experts and partnering with business process owners to ensure that the internal control environment is designed and operating effectively and supported by appropriately documented procedures and risk and control matrices. The department is responsible for leading the UK Corporate Governance Code Provision 29 Material Controls Project Job purpose An effective, sustainable Internal Control Framework and effective Risk Management process is critical to Aston Martin, particularly in light of the 2024 revised UK Corporate Governance Code requirements for Board’s to attest to the effectiveness of the internal control framework in its annual report and accounts. A key element of the control environment is the development of effective IT General Controls, IT Application Controls (configuration controls) and cyber security controls. Whilst it is managements responsibility to develop, maintain and operate these controls it is Business Assurances role to support management in an advisory capacity to develop the control framework and then undertake second line control testing to provide assurance over the design and operating effectiveness of these controls. This is a key role working closely with the Head of Business Assurance and the IT and Cyber Security teams. Key duties and responsibilities IT General Controls Identify, with support from the Business Assurance team and IT team, all systems that should fall within scope for IT General Controls Support IT team with the design and implementation of effective IT General Controls across all systems in scope, this to include identification of what tasks need to be completed and by who Test the design and operating effectiveness of the above controls once they have been implemented by the first line (management) using standard templates within Riskonnect IT Automated Controls Identify all IT Automated Controls that are used within the Material Control population Co-ordinate the testing of the operation of those IT Automate Controls (including change management activity) Other responsibilities Provide control testing status reporting to the Internal Control Steering Committee Work with control owners to assess the severity of control deficiencies and identify any compensating controls to mitigate the deficiency Support with advice and resolution in relation to segregation of duties issues where access to in scope systems results in potential SoD conflicts Support on the design and implementation of training for new role owners in systems and control owners and their responsibilities Embed ownership of the SoD rulebook used by Infor GRC into first line management Maintaining compliance with Internal Control legislation; keeping up to date with emerging changes and reporting requirements and providing business wide coaching in relation to ITGC and ITACs Drive business wide process and control improvement through standardisation and simplification, leveraging automated controls as effectively as possible. Experience and qualifications Essential experience Certified IT Auditor (or equivalent e.g. CISA - Certified Information Systems Auditor, CRISC – Certified in Risk and Information Systems Control, CISM – Certified Information Security Manager, ISO 27001 Lead Auditor) Leading projects to designing, implement, improve and monitor effective IT General Controls, IT Application Controls and Cyber Security Controls Building professional relationships with internal and external stakeholders Maintaining controls compliance throughout business change Proven track record of working to tight timelines and critical deliverables Interrogation of user role profiles. Education to degree standard Preferred experience In depth knowledge of current Sarbanes Oxley / Internal Control legislation (e.g. UK Corporate Governance Code Provision 29 requirements) Knowledge and experience of Enterprise Risk Management Working in a Sarbanes Oxley (or equivalenet) compliant organisation ITIL / COBIT experience Essential education/ qualifications Certified IT Auditor (or equivalent e.g. CISA - Certified Information Systems Auditor, CRISC – Certified in Risk and Information Systems Control, CISM – Certified Information Security Manager, ISO 27001 Lead Auditor) Required skills/ behaviours Strategic Thinking Effective communication Coaching and delivery of training Internal and External Stakeholder Management Project management Delivery to tight deadlines Ability to work autonomously Persuasive – urge, influence and convince others Methodical – orderly in action, thought and expression Flexible – adapt to situation and people as required Supportive – give encouragement and help others Quick to act – gets things started without delay, Highly committed ‘can do’ attitude Hiring manager: Justin Thornton Grade: 9 Positions: One Belong at Aston Martin At Aston Martin, we believe that the stunning beauty, craftsmanship, and artistry that define our brand come from the diverse voices and talents of our extraordinary team. We are committed to fostering a culture where everyone feels valued, respected, and empowered to thrive. Your unique perspectives, shaped by your education, culture, ethnicity, race, gender identity, sexual orientation, age, religion, abilities, and more, are what make us stronger and more innovative. We celebrate the richness of diversity and actively seek individuals who bring something new to the table. If you require any accommodations or support during the application process, please don’t hesitate to reach out. We’re here to ensure that you can bring your best, in every way. Let’s build something remarkable together. The post holder will be required to comply with all policies and procedures issued by and on behalf of Aston Martin Lagonda Ltd