IT Audit Manager
Allwyn
- Watford, Hertfordshire
- Permanent
- Full-time
- Assist the organisation in achieving its corporate goals through the provision of independent and objective reviews and formal reports of control and risk opinions, produced in accordance with the department procedures and standards to acquit the audit plan agreed with the Head of Internal Audit and the Audit Committee.
- Take the lead in the provision of technical advice and counsel to staff and management to promote and enhance the functional effectiveness and efficiency of business processes.
- The Internal Audit Team is an independent function which reports to the Audit Committee and provides objective assurance and consulting activities to the Business designed to add value and improve the organisation’s operations and safeguard the integrity of the National Lottery. Internal Audit works closely with the Compliance, and the Risk & Insurance teams.
- The primary responsibilities of the department are to develop and implement a robust compliance control framework, as well as map/ documenting key regulatory reporting processes, risks and controls
- The department operates as an integral part of the company’s ‘three lines of defence’ model
- The primary responsibilities of the team is to provide independent assurance to Executive Management and the Audit Committee. These activities can cover any activity / function / process in the company and will provide assurance that the policies, processes and systems are effective in maintaining a strong and robust control environment that helps protect the stakeholders, reputation, brand and assets of the organisation.
- The Internal Audit team is responsible for performing Internal Audit reviews across the Business.
- Identify and evaluate the organisation’s technology, data and security risks, and provide key input to the development of the risk-based annual internal audit plan.
- Develop and maintain collaborative working relationships within the Internal Audit team, other assurance teams, and with key stakeholders across the organisation.
- Produce clear, concise and impactful reports to communicate complex IT findings to non-technical stakeholders, and provide senior management with insight on the effectiveness of governance, risk management and internal controls.
- Have accountability to independently plan, lead, and perform IT audits, as per the approved plan and in accordance with the Allwyn Internal Audit methodology, aligned with industry best practice (IIA/IPPF).
- Identify control gaps and process improvement opportunities; and consult with management to agree pragmatic actions for improvement in line with best practices and frameworks including ISO, NIST, COBIT, ITIL etc.
- Track and monitor management action plans to ensure timely and sustainable resolution of control gaps that have been identified.
- Be the main point of contact to provide guidance, advice and support to the Internal Audit team and other assurance teams as an IT professional expert in the area.
- Supervise and support junior team members in respect of the quality of their work, particularly draft reports, and the application of the Internal Audit methodology.
- Propose ideas and contribute to ad-hoc initiatives / strategically critical work streams to promote internal control awareness throughout the organisation and to further improve the audit process.
- At least 8 years of practical IT Audit experience in the commercial or private sector (specifically covering information security and cyber related risks).
- FMCG exposure is desirable, as is experience of working in a highly regulated industry.
- Understanding of the techniques and technologies associated with cyber-attacks.
- Awareness of latest cyber security trends, developments, and threats.
- Broad understanding of security controls and the ability to audit these and assess residual risk exposure to complex threats in specific control environments.
- Knowledge of Information Security and effective IT Risk & Security Governance.
- Knowledge of CobiT, ITIL, NIST, ISO27001, Prince2 and other relevant frameworks / methodologies.
- Definition and management of audit reviews at all points in the audit lifecycle.
- Strong interpersonal and influencing skills – this is key as we have some challenging stakeholders.
- Experience of project audit/assurance
- Big picture appreciation of strategy & business drivers
- Confident, motivated, autonomous approach to working.
- UNIX (AIX) & Linux
- SAP (or other leading ERP systems)
- SQL / DB2
- AWS Cloud Computing (or other cloud provider platforms)
- Microsoft Active Directory
- Java, XML, eCommerce development
- Use of CAATs for data analysis (e.g. ACL)
- Information Security (ISO 27001 / 27002)
- ITIL IT service delivery & service management
- 34 days paid leave (This includes bank holidays)
- 2 x Life Days
- 4 x Salary of Life Insurance
- Pension: We’ll contribute 8.5%
- BUPA
- £500 wellness allowance
- Income Protection