Head of IT Internal Audit

About The Position

Requirements

• Strong analytical and critical‑thinking skills with the ability to evaluate complex technological environments.
• Excellent communication skills, including the ability to present to executive leadership and Audit Committees.
• Ability to influence and build effective relationships while preserving audit independence.
• High integrity, sound judgment, and a commitment to professional skepticism.
• Curiosity and passion for understanding emerging technology, cyber, and AI‑related risks.
• Proven organizational and project‑management skills.
• 15+ years of combined internal audit, external audit, IT audit, cybersecurity, or technology risk experience.
• Deep understanding of ITGCs, cybersecurity risk frameworks (NIST, ISO, COBIT), and IT governance practices.
• Demonstrated experience leading teams and managing complex audit portfolios.
• Bachelor’s degree in Information Systems, Computer Science, Accounting, Finance, Engineering, or related discipline.
• Professional certifications are strongly preferred: Certified Information Security Auditor (CISA), Certified Data Protection Professional (CDPP), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), or equivalent.

Nice To Haves

• Experience working in a regulated industry (insurance, financial services, or similar) preferred.
• CPA, Chartered Accountant, or equivalent (a plus).

Responsibilities

• Lead and oversee risk‑based IT internal audits covering infrastructure, applications, cybersecurity, data governance, technology operations, business‑continuity processes, and IT‑enabled business areas.
• Independently manage the planning, fieldwork, and reporting phases of IT audits, ensuring high‑quality, well‑supported audit results and insights.
• Develop and maintain the annual IT audit risk assessment and multi‑year audit plan.
• Prepare clear, concise audit reports and present results to Senior Management and the Audit Committee.
• Lead the planning, testing, and evaluation of SOX‑related ITGCs (e.g., access management, change management, computer operations).
• Coordinate with external auditors to align on scope, testing approaches, and remediation expectations.
• Partner with management to assess deficiencies, validate remediation, and strengthen the control environment.
• Provide coaching, mentoring, and developmental opportunities to audit team members.
• Set performance standards, conduct performance assessments, and promote a culture of learning, curiosity, and professional growth.
• Lead teams in a manner that embodies objectivity, independence, collaboration, and continuous improvement.
• Manage multiple, concurrent audit engagements and technology‑related special projects.
• Oversee audit issue tracking, ensuring timely validation and closure of management action plans.
• Apply strong project‑management discipline to ensure audits are delivered on time and within scope.
• Engage with senior IT, cybersecurity, data governance, and business leaders to understand evolving risks, major initiatives, and technology roadmaps.
• Maintain strong partnerships with external auditors, regulators (where applicable), and risk/compliance functions.
• Serve as a trusted advisor while maintaining internal audit’s independence and objectivity.
• Monitor developments in emerging technologies, including cloud, AI, data privacy, cyber threats, and digital transformation, and integrate these into the audit plan and risk assessment process.
• Provide thought leadership on risk themes related to AI, data protection, and evolving global privacy regulations.
• You must act with integrity
• You must act with due skill, care and diligence
• You must be open and cooperative with the CBI, FCA, the PRA and other regulators
• You must pay due regard to the interests of customers and treat them fairly
• You must observe proper standards of market conduct
• You must act to deliver good outcomes for retail customers

Benefits

• Hybrid working
• Matching 401K plan
• Medical, dental, vision, life, disability
• Generous time off (including parental leave)
• Continued support for professional development
• Gym subsidy
• My day (additional days leave for personal interests/wellness/charity work)