BT works in a regulated environment and sells products that require assurance. This role is to define and implement an IT Controls framework that is appropriate for Digital, that meets current needs and is adaptable for future areas of growth.
Digital has risk obligations that cover Data GDPR, Financial statement and Cyber risk. The definition, governance and lifecycle management of a framework is a Risk and assurance requirement.
A breach against the above risks will result in legal action, fines, reputational and shareholder damage to BT.
Key duties:
- Supporting the Senior managers in Risk and compliance team. Working as part of a small team of ICOFR controls and assurance specialists
- Developing the annual controls test plan for a team of IT Control specialists
- Delivering timely and accurate reporting on controls test status
- Delivering testing against specific controls
- Supporting the control matrix and remediation plans of any deficient controls
- Supporting the onboarding of new applications into the controls environment
- Performing control design & implementation, test preparation and operations
- Managing stakeholders across 3 Lines of Defence
- Helping to establish horizon scanning for new emerging risk
- Creating and maintaining a health dashboard for applications and ICOFR Controls. This to inform programme decision making
- Stakeholders will range from operational level application support teams to senior managers responsible for ICOFR controls (MDs, Platform Directors and Senior Management Team Members)
- Ensuring that requirements, timelines, quality of information requirements are all understood and delivered by responsible directors
Who you are:
We are looking for an ambitious and well organised manager to grow in this role with a view to leading in Digital’s Risk and Compliance journey, working with a tight knit team of IT control specialists. We don’t expect you to be an IT controls expert but to have the appetite to learn, as some training in framework methodology will be available.
Essential requirements:
- Ability to work with business sponsors and IT technical delivery teams to drive complex IT controls
- Proven track record of getting results from matrixed teams
- Ability to manage stakeholders in a complex environment of business and audit risk demand
- Good knowledge of risk management and BT Enterprise Risk Management practices would be an advantage
- Experience of ICOFR controls, compliance controls and frameworks to ensure assurance through the three lines of defence model is an advantage
- A good competent grounding in IT tools, Excel, and Access
- The ability to develop, present and update a dashboard of IT health status, both applications and IT controls
Desirable requirements:
- CISA, CISSP or similar
- Strong analytical and problem solving skills
- Project management skills
- Experience in audit methodologies (CISA would be beneficial)
- Knowledge of IT frameworks and methodologies COSO, ITIL, COBIT, etc
- Experience in a S-OX (or similar) controls environment
- Knowledge and experience of SAP
Sign up for the chance to get matched to this role, and similar opportunities.