Our client is a leading telecommunication and digital services provider which serves 50 million customers and employees over 12,000 people around the world and they are currently looking for a IT Control Testing Manager.
This role will be an integral part of Group’s Technology Risks & Compliance team, a team which aims to provide practical hands-on support to all our operations to enable them to design, implement, stabilise and optimise their internal technology control environment.
The IT Control Testing Manager will be responsible for analysing, monitoring and reporting on the effectiveness of our processes and general controls (including IT General Controls) to mitigate IT risks across the diverse suite of systems operated at our Headquarters and across our LATAM operations.
Qualifications / Requirements
- Understanding of global business and systems during previous roles in central IT functions and/or business units.
- Ability to absorb new information and assess processes using a risk and control based approach.
- Qualified CISA/CISM, CISSP, CIA or equivalent professional qualification.
- Telecom’s and technology experience are highly desirable as is experience working in emerging markets.
Required technical skills and experience
- Detailed understanding of IT governance and IT Operations with a key focus on risk management
- Experience with IT governance, risk, and compliance (GRC) management in a large global environment
- Strong technical and functional knowledge of IT General Controls (ITGCs) including; change management, logical access, IT & network security, operations/service management and disaster recovery.
- Experience with managing information systems (e.g. SharePoint) especially GRC platforms (Riskonnect, RSA Archer, MetricStream, etc.).
- Intermediate to advanced Microsoft Office (Excel and PowerPoint) skills with knowledge of data analytics and data visualization tools and techniques (e.g. Microsoft PowerBI, Tableau) to bring controls reporting to life
- Good knowledge of SOX 404 requirements including scoping, process mapping, documentation and remediation.
- Ability to collaborate to define IT security standards and develop supporting organizational policies.
You will be required to provide evidence to demonstrate your ability to enable process change and how you have personally delivered improved internal controls in your previous experiences.
Communication, leadership and people skills
- Excellent verbal, presentation and written skills – fluent English, Spanish is a must.
- Professionally skeptical mindset with ability to probe and challenge management information.
- Root cause analysis – understanding an issue or complex problem and the key drivers behind it.
- Solution orientated – partnering with subject matter experts (e.g. system and process owners) to articulate potential risks and defining detailed action plans to address identified deficiencies.
- Business partnering mindset with ability to support and manage improvement will also holding stakeholders to account in relation to delivery timelines.
- Tenacity, commitment and personal drive to deliver whatever it takes.
- Agile and responsive, with proven track record of fast, accurate delivery to deadlines.
- Ability to judge when to support, when to intervene and when to escalate.
- Attention to detail, and consistently demonstrate integrity and professionalism.
- Stakeholder management – ability to challenge and influence key stakeholders.
- Cross functional engagement – proactive engagement with peers across corporate functions, partnering with colleagues across the wider Business Controls, regional and local IT functions and external consultants.
- Ability to work independently and manage multiple concurrent workstreams.
- Strong analytical and problem-solving skills.
- Strong project management skills.
- Development and operation of Company’s 2nd line of defense ensuring effective technology (including IT) control operation and accurate controls related reporting across the totality of the Company IT environment
- Monitoring the execution of controls at group/regional and local levels, and ensuring controls have been executed according to the defined frequencies and scope documented in the Group’s Internal Control Manual
- Creation and ownership of technology controls related Key Performance Indicators (KPIs) and controls effectiveness monitoring dashboards, including the development of the sustainable regular reporting mechanisms needed to track and monitor performance against these measures
- Understanding and identifying key technology risk areas and leveraging this knowledge to prioritize control remediation activities needed to address control deficiencies based on risk exposure and business criticality
- Development and communication of control remediation action plans (working in combination with other members Technology Risks & Compliance team) and tracking progress of remediation activity against defined timelines
- The ownership and administration of the Group’s Governance Risk and Compliance (GRC) platform (Riskonnect) which acts as the key repository for all controls related information
- The organization, consolidation and aggregation of technology controls related information across the totality of the Company technology environment and the regular preparation of controls related management reporting packs
- Analysis of control implementation and operation reporting data, recognizing key themes and identifying operational and control deficiencies that require changes in terms of processes, organization, system, at group and local markets
- Developing and delivering IT controls related training materials to all relevant stakeholders across the business
Education / Training
- Master degree in relevant discipline (IT, Information Management, Information Security, Telecommunications).
- Big 4 Audit experience or Internal Audit experience from a similar corporate business environment.
- + 8 years relevant experience in technology (including IT) process, risk and controls.
- Experience of working in a complex multinational and multicultural corporate environments.