This role Head of Internal Audit and Risk – Data and Digital is responsible for the strategic leadership and delivery of risk and audit assurance services, including risk-based audit programming and business partnership for risk management, demonstrating best practices in executing the internal audit and risk duties across the Data and Technology functions. The suitable candidate will be committed to promoting a high performance / high challenge culture with accountability and stretch to deliver exceptional results. I work within a matrix management environment, utilising available resources to ensure roles, responsibilities and results are efficiently coordinated, collectively optimising the effectiveness of the internal risk, control, and governance environment.
Accountable for:
2nd Line
The design, implementation and oversight of the enterprise risk management framework used across the Data and Technology functions, including ensuring there is a fit for purpose, efficient and effective incident management, risk assessment and controls self-assessment framework, that is adopted by the first line.
Clearly articulated and Board approved risk appetite statements that supports senior management decision making and formation of strategy, which aligns with the groups Risk Framework and appetite with consideration of aggregation of risk.
Facilitating the identification, development and deployment of appropriate risk management tools, techniques and strategies to ensure risk management across the Enterprise functions and business units are value added and contribute towards the overall strategy and performance of the business.
Actively promoting a risk culture that encourages appropriate risk taking, aligned to strategy and risk appetite, with effective and timely response to risk events according to the risk they present to the business.
Ensuring management have a sound understanding of the risk management system through formal training, informal discussion, online tools, policies and guidance documents. Providing second line support, challenge and guidance where applicable.
To assist in the formation, review and ongoing delivery of appropriate risk governance, through attendance and participation in risk committees and other governance committees where risk engagement is required.
Monitor industry trends to benchmark ERM and also track external best practices relevant to the Enterprise functions and business units.
Provide robust challenge and insights on key projects, key risk exposures, emerging risk, trends, control effectiveness, lessons learnt on material risk incidents.
3rd Line
Developing and implementing the Audit plan and supporting the Data and Technology functions in understanding their role and accountabilities in mitigating and managing risk within their area of responsibility.
Facilitating the development and implementation of the Internal Audit Strategy.
Implementing action plans related to risk assessment and annual planning, audit execution, audit reporting, and Audit, Risk and Compliance Committee reporting (ARCCs).
Leading Internal Audit’s annual risk assessment and planning process for Enterprise functions and business units to develop the audit plan and ensure it is responsive to and aligned with the risk profile of the business unit and effectively collaborating with peers to ensure the combined Audit plan meets the risk profile of the organisation.
Execution of individual audits within the audit plan ensuring the highest level of service quality and stakeholder satisfaction.
Ensuring all Internal Audit reports are clear, concise, identify root causes with practical solutions, and ultimately provide value to management. Listening to the business and Internal Audit colleagues to improve processes and reporting where appropriate.
Both
Build and lead a new analytics and data science methodology to support 2nd and 3rd Line in improving the efficiency and accuracy of the audit and risk outcomes, including consideration to technologies such as Artificial Intelligence, Machine Learning, and Robotics which will provide added value, support automation and facilitated the function of the future.
Proactively informing senior management of significant risks or exposures related to internal controls, compliance, and/or governance.
Following our Governance and Business Code of Conduct and always acting with integrity and due diligence.
Promote a culture of continuous improvement, continually looking for innovative ways to design and develop strategies which are based on the latest trends and research.
Meeting regularly with the ARCC to report the status of Internal Audit’s ongoing monitoring activities, educate/inform the committee of emerging risks and/or exposures (whether internal or external to the company) that should be considered, and serve as a “thought leader” with respect to risk management and internal control best practices.
Using my knowledge and expertise to make sure the policies and processes I develop underpin delivery of business priorities, and are simple, relevant, and inspiring.
Networking to stay connected with business trends and changes.
Keeping my thinking current through internal and external events and sharing best practice with my colleagues.
Working collaboratively with colleagues across the business to support the groups strategic initiatives.
Experience relevant for this job:
Qualified / experienced IA leader
Qualified / experience Risk professional
Qualified / significant experience and strong knowledge across key technology domains methodology and practices, including infrastructure, cyber security, data analytics, applications (ERP and cloud solutions) and emerging technologies.
Proven track record of working effectively with senior management on the internal risk and control agenda.
Ability to understand and operate successfully in a complex, heavily matrixed corporate environment
