IT and Change Auditor (1921)

  • Location: Gloucester
  • Duration: Permanent
  • Working hours: Part-Time
  • Application end date: 31/01/20

About the role

To ensure that the EIO Board, Board Sub Committees and Senior Management are provided with an independent, robust, accurate and timely assurance on the adequacy and effectiveness of the Group’s control environment. To contribute to the development and implementation of a Group wide internal audit strategy.

Key accountabilities

  • To operate with independence and objectivity.
  • Deputise for Director of Group Internal Audit, as and when required (internally and externally).
  • To lead assessment of controls and mitigation strategies across the Group including but not exclusive to underwriting, claims, finance, asset management, outsourcing, change management, IT, regulatory compliance and risk management.
  • Provide robust, accurate and timely advice and consultancy services in relation to the development of new or enhanced controls across the Group’s internal control framework (with a focus on IT and programme management) 
  • Provide and deliver high quality, impactful written reports and verbal presentations to UK and overseas Boards, Board Sub-Committees GMB and senior management in relation to the control environment.
  • Assist in providing senior management and staff with appropriate technical guidance, training and support to maintain and improve the level of control awareness throughout the Group.
  • Build and maintain effective relationships with key stakeholders across the Group on all matters related to governance, risk and internal controls. 
  • Manage and deliver all allocated audit (either alone or as part of a team) activity such that individual audits are completed on time, within budget and in line with the Group Internal Audit Methodology and the Institute of Internal Audit’s global professional standards.
  • Present audit issues to all levels of management to secure agreement and commitment to implementation of actions
  • Report on the status of management actions arising from internal audits.
  • Provide support and challenge to management when developing and implementing new projects, with recommendations to strengthen the control environment.

Key performance indicators

  • Evidence of effective influencing skills via 360 feedback
  • All key issues are reported to the Group Audit Committee
  • Positive feedback from business leaders / audit clients
  • Effective contribution to the risk based audit plan and individual audit assignments.
  • Ensure assurance reports are produced in a timely and robust manner.
  • Accurate and timely reporting to GAC of internal audit activity.
  • Positive feedback from external stakeholders, namely the FCA and PRA.
  • Increase in ad-hoc request from board members for internal audit advice and assurance, therefore a reduction in the usage of external providers.
  • Significant improvement in the understanding and application of risk mitigation strategies across the Group.

Knowledge, skills and experience

  • Strong and relevant experience working for external or internal audits, risk management or (cyber) security departments, including managing and leading teams. Along with recognised certifications, such as CISA, RE, CISSP and/or CIA
  • Knowledge of audit standards and principles
  • Working knowledge of current best practice for IT and programme management controls
  • Specific knowledge of IT general controls, along with a good understanding of network infrastructures, operating systems, databases and applications, including telecoms and cloud technologies.
  • Be the IT audit subject matter expert
  • Previous experience working within a similar role in financial services.
  • Ability to liaise effectively with Board level management and executives.
  • Evidence of being able to develop and maintain effective partnerships with the business, ability to drive awareness.
  • Strong influencing and stakeholder engagement skills. Can create a positive attitude in others even in the face of setbacks and difficulties.
  • Able to assess and cut through complex and unfamiliar business practices and cultures across the business in order to identify the key aspects of these for audit testing.
  • Demonstrates sound judgement and ability to produce considered and pragmatic recommendations which will make a real difference to the organisations control environment which encompasses the idea of “whole business” benefit over short term gain. 
  • Effective planning and prioritisation – balances multiple, complex and demanding deliverables to agreed quality standards / SLA’s and within budget.
  • Highly motivated, fully rounded and inspirational self-starter with the flexibility to work alone, part of a multi-disciplined team or lead a multi-disciplined team.
  • Able to pursue stretching goals and help the business to make significant steps forward in their control environment.
  • Proficient IT skills in MS Office.