IT Audit Manager - Retail

The Audit & Risk Recruitment Company is working with a leading retailer who is looking for an IT Audit Manager to take a lead role in Group IT Audit.

The Group division of the company has a culture which is dynamic and fast-paced, and those with a pro-active mind-set, strong communication skills and an international perspective will find the Group an exciting, challenging and fulfilling organisation in which to work.

They are looking for a dynamic IT Audit leader to join the growing Audit & Risk team. This is a fantastic opportunity for someone looking to move up to the primary IT Audit role in a thriving and interesting retail environment.

The role is broad and covers all areas of IT Audit, however priority risk for the group include Cyber Security, Data Privacy and Security and IT Transformation and Change.

In this role you will be responsible for:

• Leading and executing IT audit, assurance, risk management and advisory activity for the Group , reporting into the Group Director of Internal Audit
• Developing the IT audit plan in consultation with Group and banner stakeholders
• Providing assurance over quality of IT Security, including delivery of action plans
• Execution of internal audits of IT controls and processes to enhance performance, security, resilience and recovery across key business IT systems
• Facilitating IT/cyber risk management processes, using knowledge of the current IT environment and industry IT trends to identify potential issues/risks
• Advising on IT best practice, control design and delivery assurance for major IT system implementation and business change programmes
• Providing assurance over the IT security aspects of GDPR and data privacy
• Providing assurance over online operations
• Providing assurance over IT disaster recovery and business continuity
• Perform ITGC audits in banners to assess the framework of controls in place
• Other ad-hoc reviews as necessary (software asset management, data analytics, environment/database design and integrity)
• Present on IT audit status to management and audit committees as necessary
• Ongoing assessment of the maturity of IT control frameworks, providing advice on areas for improvement and prioritisation of control enhancements
• Overseeing roadmaps for improvements in cyber security and data security activities to ensure banners remain on track to meet desired control maturity levels
• Supporting Data Protection Officers and banner CISOs/IT security professionals to ensure that data security controls are maintained
• Providing advice on IT security/audit aspects of work performed by internal audit teams. Driving awareness of when to seek specialist support across the internal audit function
• Co-ordinating outsourced internal audit activity as necessary

The successful candidate:

• Extensive IT internal audit and risk experience in a Big 4 and/or multinational environment
• Qualified IT security audit professional e.g. CISA, CISM/CISSP with in depth experience in auditing cyber and IT strategy, risks and controls; and understanding of GDPR/data privacy risks
• In depth understanding and experience of auditing IT control frameworks e.g. COBIT and ITIL, NIST, ISO and ISF
• Experience in auditing and advising on business change programmes, ERP and systems implementations. In depth understanding of best practice programme governance methodology and framework; programme management qualification e.g. PRINCE2 or MSP beneficial
• Experience of auditing agile and waterfall software development programmes; and associated governance structures
• Broad knowledge of various IT technologies (e.g. cloud computing, SAAS, Network Architectures, Software Development, Windows Operating Systems, SQL/Oracle Databases, Financial Applications (SAP and Oracle EBS), online retail web platforms, etc.) and related risks
• Experience with online retail and associated risks
• Understanding of online payment technology and PCIDSS
• Finance, audit or accounting qualification beneficial (e.g. ACA, CIMA, ACCA, CIA).
• Must have excellent interpersonal and organisational skills with ability to communicate and influence effectively with both technical and non-technical stakeholders at all levels of the organisation
• Must have strong problem-solving skills, be self-directed and capable of working with minimal supervision

The Audit & Risk Recruitment Company - Experts in Audit and Risk Recruitment!