IT SOX Compliance Lead
Working within the EMEA IT PMO team, the newly created IT SOX Compliance Officer position is a key strategic role within the compliance and regulatory framework of the Chubb organisation. Liaising with key stakeholders including regional executive & senior management (up to C suite), external auditors (PWC), internal audit, global risk & compliance, and IT system owners, the IT SOX Compliance Office will be responsible for setting up the process for assessing, delivering and monitoring SOX controls as a new function within the regional IT team.
The EMEA IT team are responsible for delivering and maintaining the IT applications used within the region by the various insurance lines of business, which is a highly regulated market with oversight from the FCA & PRA in the UK and the ACPR in France. As a publicly quoted company Sarbanes Oxley (SOX) rules also apply and there are internal controls and audit impacts both as a Financial Institution and as a technology organisation, with further regulation coming from the Digital Operational Resilience Act (DORA) that is being implemented.
The successful candidate will be responsible for the oversight and delivery of all IT risk and audit activities and act as the primary liaison with internal and external audit partners to ensure the EMEA IT systems are in compliance with all SOX and audit requirements in the increasing & changing regulatory environment.
The role requires a combination of SME knowledge (governance, compliance, risk management & best practice), the ability to articulate, communicate & prioritise to others, and the capability to project manage and drive change in order to raise standards, address weaknesses, and implement and continual improve the SOX controls environment. In addition there will be line management responsibilities for the small team of IT analysts who oversee the automated reconciliation process across the IT systems, ensure all issues are prioritised and remediated correctly, and trends identified and addressed, working closely with the relevant system owners and partners in the business & operations teams.
The role requires strong SOX audit experience and will suit someone with either finance/technical controls experience, preferably within insurance or as a minimum in another Financial Services institution.
Key Responsibilities:
Responsible for the ongoing assessment, processes & controls to ensure the regional IT systems comply with the SOX, audit and compliance requirements.
Engage with key stakeholders including executive & senior management (C-suite), external auditors (PWC), audit, risk & compliance functions, and IT system owners to ensure all SOX compliance requirements are understood and monitored
Knowledge of IT General Controls (ITGCs) and interface controls. Ability to articulate the control requirement and deliver best practice in the design and end operation
To QA controls, their operation and supporting processes & procedures for their effectiveness and bring about change to ensure that EMEA IT operate an assured control environment
Ability to deliver change in a structured method (project management) to implement or improve existing controls or bring around remediation or deliver a successful outcome to any assurance/ audit event
Work across a diverse virtual team of IT functions, auditors, Financial Control, etc. Being able to answer for their agenda and successfully the right outcomes for EMEA IT
Drive improvements by enforcing best practice and standards and sharing learnings across team
Line management and oversight of team of IT Analysts responsible for the automated BAU reconciliation process and remediation of failures
Operate in a constantly evolving and changing governance environment and able to adapt to taking on new duties as regulation change.
Experience:
5+ years experience in a SOX audit role, within a financial organisation or external audit partner (client facing)
Insurance or financial sector
MS Office – especially Excel & Powerpoint
Qualifications
Certified Information Systems Auditor (CISA) certified
Any other relevant compliance, risk or assessment qualifications