Reports to Head of Internal Controls
The purpose of this role is to lead and enhance the IT General Controls (ITGC) framework within the Internal Controls function, ensuring robust governance, risk management, and compliance across IT systems. This role will support clients in achieving unqualified audit opinions under ISAE 3402, SSAE 18 and other assurance frameworks, with a strong emphasis on ITGC, automation, and control maturity.
Key Responsibilities
Strategic & Advisory
1. Lead the design, implementation, and continuous improvement of ITGC frameworks aligned with COSO, COBIT, ISAE 3402 and SSAE 18 standards.
2. Act as SME for ITGC and CISA-related topics across the group and client engagements.
3. Advise clients on IT risk management, control automation, and audit readiness.
4. Support the Head of Internal Controls in developing new IT-focused control services.
Operational & Technical
5. Oversee ITGC testing and walkthroughs, including access management, change management, backup and recovery, and system development lifecycle (SDLC).
6. Coordinate with internal and external auditors on ITGC scope, testing, and remediation.
7. Lead control assessments for ERP systems (e.g., SAP, Oracle) and cloud environments.
8. Monitor and report on control deficiencies, remediation plans, and control effectiveness.
Governance & Compliance
9. Ensure compliance with SOX, ISAE 3402, SSAE 18, ISO 27001, and other relevant standards.
10. Maintain up-to-date documentation of ITGC controls, risk assessments, and audit trails.
11. Support segregation of duties (SoD) reviews and user access certifications.
Transformation & Innovation Focus
12. Experience in change management, particularly in the context of IT systems and control environments.
13. Proven track record in implementing new systems, including ERP platforms, cloud-based solutions, and control automation tools.
14. Strong involvement in digitalisation initiatives, with a focus on improving control efficiency, data integrity, and audit readiness.
15. Participation in or leadership of transformation projects, such as process reengineering, control maturity assessments, and automation of manual controls.
16. Ability to identify and deliver continuous improvement opportunities across ITGC and broader internal control frameworks.
17. Comfort working in project-based environments, collaborating with cross-functional teams including IT, Finance, Risk, and Compliance.
Skills, Knowledge & Expertise
Required
18. CISA certification (mandatory); additional certifications like CISSP, CRISC, or CIA are a plus.
19. 7+ years of experience in IT audit, internal controls, or risk advisory.
20. Deep understanding of ITGC domains: access controls, change management, operations, SDLC.
21. Experience with control frameworks: COSO, COBIT, NIST, ISO 27001.
22. Strong knowledge of ISAE 3402, SOX 404, and financial reporting controls.
23. Familiarity with ERP systems (SAP, Oracle) and cloud platforms (Azure, AWS, GCP).
24. Excellent stakeholder management and communication skills.
Desirable
25. Experience in control automation and data analytics (e.g., Power BI, Alteryx).
26. Exposure to cybersecurity controls and IT risk assessments.
27. Experience in regulated environments (e.g., financial services, asset management).
28. Project management and change management experience.
29. Experience of Fund Accounting / Administration systems (e.g. FIA, Yardi, Investran)
We will provide the training to support your ongoing development and for relevant technical knowledge.
General Information:
An element of travel to various locations will be required for this role, for broader team management purposes and for building relations with colleagues and teams in other Group jurisdictions.
We will provide further training for relevant technical knowledge and other management and leadership skills necessary to excel in the role and to enhance your professional development. You will need to be quick to learn new systems and great with people, as close working relationships between our colleagues and clients is at the heart of what we do.