· Contribute to the Group Risk and Audit strategic vision, including identification and implementation of initiatives to support the ongoing transformation of the team into a ‘next-generation’ function.
· Participate in and proactively advise the business on major IT / Technology initiatives/decisions throughout their lifecycle.
· Prepare reports for the Board Audit Committee, Board and Executive Steering Committee on a periodic and as-needs basis.
· Assist the Group Head of Risk and Audit, and Director – Internal Audit in building a dynamic, risk-based annual Internal Audit Plan, including developing and maintaining a Cyber and Technology focused audit universe.
· Manage cyber / technology internal audits led by the co-sourced internal audit partner, ensuring high performance and effective engagement with the business and embed with the co-source internal audit partner on hybrid engagements.
· Manage all aspects of internally led cyber/ technology internal audits, supplemented with internal and/ or external resources.
· Craft concise, articulate and impactful audit reports, ensuring audit recommendations are balanced and practical.
· Manage follow-up of agreed management recommendations in a timely manner.
· Establish an appropriate IT risk management methodology, that includes the identification, management and resolution of technology related incidents, breaches and issues, and work with management to develop indicators and metrics for material technology risks, obligations and controls.
· Partner with management teams in the identification and assessment of potential cyber and technology-related risks, and provide advice surrounding the development and implementation of risk mitigation strategies.
· Provide insights into emerging technology related risks and areas for improvement.
· Collaborate with stakeholders across the organization to ensure that appropriate controls and safeguards are in place to protect against cyber threats and other technology-related risks.
· Monitor and report on the effectiveness of risk management controls and processes and make recommendations for improvement as needed.
What We're Looking For
· A minimum of eight years of applicable experience in cyber and technology audit, risk management, or a related field with prior experience in delivering technical internal audit engagements / risk programs across technology and cyber domains.
· Certifications/ qualifications in cybersecurity, information systems, cloud, IT project management or data privacy would be highly regarded.
· Strong understanding of cybersecurity and technology risks, as well as relevant laws, regulations, and industry standards / frameworks (e.g. NIST CSF, SOC 2, ISO 27001, etc…).
· A clear communicator with an ability to translate technical and detailed information into a clear and easy to understand message and influence across all levels of the organization.
· Managed multiple business partners and multiple deliverables across tight deadlines.
· A critical thinker and able to challenge the status quo and drive change.