Strategy & Policy.
- Provide input to the creation of the department’s Compliance Strategy & Policies
- Communicates the department’s strategy to ITGRC stakeholders.
- To work with members of the local IT teams on agreeing governance, risk and compliance plans for the business
- Work with the management teams on agreeing and implementing metrics to measure projects, their implementation and ongoing operation
- Working with the stakeholders on ensuring improving quality of IT Systems by the use of testing and monitoring.
- Ensure effective collaboration between all teams and individuals involved in governance, risk and compliance activities, e.g. Project Managers, Process Owners, Control Owners and Governing Bodies
- Proactively manage Risks, Assumptions, Issues and Dependencies, ensuring that these are identified, mitigated or escalated as necessary
- Set clear expectations and hold colleagues, partners and suppliers to account
Process and quality
- Work with local IT and IT Security to ensure our processes are aligned to company and industry regulations.
- Look for opportunities to promote continuous improvement of the testing, documentation and operating processes
- Ensure appropriate compliance with the agreed governance/risk framework to ensure standardisation of operational assessment and evaluation of results
Business engagement and stakeholder management
- Work closely with internal and external audit teams, the IT department, steering committees, accountants, consultants, and other key stakeholders to ensure strict compliance with relevant standards and regulations
- Build strong relationships with and gain the trust of all stakeholders, understanding their priorities and the business benefits to IT to ensure appropriate guidance in all GRC matters
- Engage key stakeholders within and outside of IT to drive their sustained and active commitment to success
- Ensure that all stakeholders, at every level, have timely and accurate communications as required. Messaging is consistent and is in line with the ITGRC standards and commitments
- Understand the business vision and apply the principles in their daily activities
Lead, manage and develop people (including virtual teams)
- Educate stakeholders and the wider IT business in ITGRC activities.
- Lead and motivate associated colleagues, providing coaching and guidance as required
- Develop the business knowledge of the ITGRC
- Communicate and engage others effectively. Builds and maintains relationships with key individuals at the appropriate level in the business, and is able to understand their requirements and drivers
- Drive change through personal behaviour, encourages team to respond positively to change and contribute ideas
- Actively use performance management to develop team and improve delivery. Plan and organise effectively for team and self to achieve objectives
Skills, Knowledge, Experience & Qualifications
- Fluent in English
- Degree, preferable in finance, or information technology or languages
- Strong understanding of IT Service and Service Level Management
- Excellent interpersonal and communication skills and proven ability to work effectively within a global organisation
- Ability to clearly and concisely articulate ideas both verbally and in writing
- Experience anticipating and adapting to changes in the external environment
- Skilled in risked-based decision making
- Proven success working collaboratively as part of a team in a fast paced environment
- Can adapt to shifting priorities, demands, and timelines through analytical and problem-solving capabilities.
- Ability to manage and collaborate with multidisciplinary teams & stakeholders.
- A minimum of 5 years experience in Governance and/or Compliance of IT Systems
- Solid understanding of assessing and designing internal controls in an enterprise-level environment.
- Experience of technology risk and IT General Controls
- Enthusiasm, motivation, tenacity
- Background of working with one of the Big 4 audit firms
- Professional accounting designation (CA/ACA/CMA) and Certified Internal Auditor (CIA) designation preferred
- Strong understanding of IT financial control
- Ability to effectively prioritize and execute tasks in a high-pressure environment is crucial
- SOx & PCI knowledge/experience ideally with a minimum of 3 year’s experience.
- Strong working knowledge of COBIT and COSO frameworks
- Basic level of platform knowledge (SAP, Mainframe, unix, linux, Oracle, DB2)
- Knowledge of other languages
Function/Team Specific Requirements
- Based in Nottingham
- Must be flexible for infrequent travel to other WBA work locations (Domestic and Internationally)
- Regular sessions carried out with stakeholders
- Feedback from the business on the quality of deliverables / products / solutions
- Feedback from the business on stakeholder engagement and partnering
- Quality of management information relating to Compliance assessments and tests
- Feedback from suppliers & 3rd Parties on joint working
- Feedback from team members on contribution towards the team’s success, collaboration and support for other team members
- Feedback from business teams on support provided
Apex is an Equal Employment Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at 844-463-6178