IT Control Design and Implementation Manager (JN -112019-4075)

Our client is a leading telecommunication and digital services provider which serves 50 million customers and employees over 12,000 people around the world and they are currently looking for a IT Control  Design and Implementation Manager

This role will be an integral part of Company’s Group Technology Risks & Compliance team, a team which aims to provide practical hands-on support to all our operations to enable them to design, implement, stabilise and optimise their internal technology control environment.

The IT Control and Design Implementation Manager will be responsible for identifying and defining effective processes and general controls (including IT General Controls) to mitigate technology risks across the diverse suite of systems and platforms operated at our Headquarters and across our LATAM operations.

Qualifications / Requirements

  • Understanding of global business and systems during previous roles in central IT or Technology functions units
  • Ability to absorb new information and assess processes using a risk and control-based approach
  • Qualified CISA/CISM, CISSP, CIA or equivalent professional qualification
  • Telecom’s and technology experience are highly desirable as is experience working in emerging markets

Required technical skills and experience

  • Detailed understanding of IT governance and IT Operations with a key focus on risk management
  • Strong technical and functional knowledge of IT General Controls (ITGCs) including; change management, logical access, network security, IT operations and disaster recovery
  • Strong technical and functional knowledge of IT Automated / IT Configurable Controls (ITACs) specifically covering the following ERP platforms: Oracle e-Business Suite (eBS) and SAP
  • System implementation experience with detailed understanding of the software development lifecycle (SDLC) and management of project related risks
  • Detailed understanding of data migration approaches and testing strategies
  • Good knowledge of SOX 404 requirements including scoping, process mapping, documentation and remediation
  • Information management skills, specifically usage of Governance Risk and Compliance (GRC) tools
  • Willingness to develop skills in assessing and managing and mitigating external cyber threats

You will be required to provide evidence to demonstrate your ability to enable process change and improvement, and how you have personally delivered improved internal controls in your previous experiences

Communication, leadership and people skills

  • Excellent verbal, presentation and written skills – fluent English, Spanish is a must
  • Professionally skeptical mindset with ability to probe and challenge management information
  • Root cause analysis – understanding an issue or complex problem and the key drivers behind it
  • Solution orientated – partnering with subject matter experts (e.g. system and process owners) to articulate potential risks and defining detailed action plans to address identified deficiencies
  • Business partnering mindset to support the implementation of sustainable solutions to mitigate identified risks
  • Tenacity, commitment and personal drive to deliver whatever it takes
  • Agile and responsive, with proven track record of fast, accurate delivery to deadlines
  • Ability to judge when to support, when to intervene and when to escalate
  • Attention to detail, and consistently demonstrate integrity and professionalism

Management skills

  • Team management – ability to manage, direct and support team members
  • Stakeholder management – ability to challenge and influence key stakeholders
  • Cross functional engagement – proactive engagement with peers across corporate functions, partnering with colleagues across the wider Business Controls, regional and local IT functions and external consultants
  • Ability to work independently and manage multiple concurrent workstreams
  • Strong analytical and problem-solving skills
  • Strong project management skills


  • the development and operation of Company’s 2nd line of defense ensuring effective technology (including IT) control design and operation at both HQ and local market operations (main focus will be for group wide corporate systems)
  • coordinating and performing detailed end-to-end walkthroughs of processes to identify relevant risks, IT dependencies (e.g. reports) and key controls to provide relevant inputs into the group’s Internal Control Environment
  • assessing, refining and improving the group’s existing policies and procedures and working with business operations (i.e. the 1st line of defense) to ensure they are properly followed and implemented
  • evaluating existing process and control design and, where required, identifying efficiencies, recommending improvements and supporting the technology teams with their implementation
  • ensuring that the organization has sufficient controls in place to mitigate the following technology risk areas: application and infrastructure security, change management, project and programme management, service management, business continuity management and data integrity
  • working with all stakeholders (specifically system owners and control operators) to ensure that control design improvements are implemented and operated in accordance with agreed timelines
  • acting as an ambassador for control improvement across all businesses; promote sharing of knowledge and best practice between businesses

Education / Training

  • Master degree in relevant discipline (IT, Information Management, Information Security, Telecommunications)


  • +10 years relevant experience in technology (including IT) process, risk and controls
  • Big 4 Audit experience or Internal Audit experience from a similar corporate business environment
  • Experience of working in a complex multinational and multicultural corporate environments