An opportunity has arisen with in fast growing fintech business that works with global pharmaceutical and bio medical organisation for someone to join their Governance, Risk and Compliance team in a broad assurance/Audit role to help them build and design their own internal programme. This is a very hands-on role with the potential to build a global team long term.
High level Core duties
- Managing Internal, External and Client Audits
- Management and implementation of multiple existing and new compliance Frameworks including but not limited to SOC2, FISMA/NIST, ISO 27001 and 27701
- GRC tool management (implementation and operation for multiple compliance frameworks)
Detailed Job Description
- The Technology Audit and Assurance Manager is a key role at an all-digital Biotech company with a modern tech stack and shared infrastructure,
- This role will partner across the business to bring subject matter expertise, business acumen, and insights to the assessment of these areas,
- You will assist in the implementation of new Information Security and Data Protection Frameworks to obtain industry certifications and maintain existing certifications.
- You will also establish internal practices for strong technology and information security reviews. We’re looking for a team player who is curious, a builder, and can collaborate effectively,
- Overseeing, planning, designing, and performing all aspects of technology audit coverage and related practices,
- Planning, leading and executing technology and information security audits in a modern technology stack,
- Providing credible challenge and professional skepticism to assess potential gaps or weaknesses in the internal control infrastructure to ensure risks that pose the most risk to the company are identified timely and addressed,
- Establishing and maintaining effective business relationships,
- Employing data-driven approaches
- Monitoring the audit schedule and tracking it for the timely completion of audit activities,
- Monitoring the progress of management’s committed action plans and validating the closure of remediated audit issues and regulatory findings,
- Reporting to internal partners and executive management as required
Experience and Qualifications
- 5-7 years of IT audit experience
- Command of regulatory guidance for technology, cyber, and infosec Influencer of outcomes and pragmatic tackler of new things with a good balance between technical, commercial and operational requirements
- Effective communicator who can adjust to the audience,
- Proven history of accuracy and attention to detail with minimal oversight and errors,
- Professional designations such as Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or Certified Internal Auditor (CIA) certification or equivalent are desired but not necessary.
This will be hybrid role but there will need to be flexible around what days you are in their central london office.