Sainsbury's
Shop online at Sainsbury's for groceries, clothing, homewares, electricals, financial services and more. Together we’re helping everyone eat better.
As an IT Risk & Audit Manager, you will be responsible for leading and delivering a portfolio of internal audits across Sainsbury’s Group with minimal supervision. You will have responsibility for reviewing aspects of Information Technology (IT) and Information Security (InfoSec), which includes application and infrastructure controls, core IT processes and emerging technology. You will own relationships with senior business stakeholders to support them in identifying and managing risks. You will also support the continuous improvement activities in the Internal Audit team.
What you need to do
* Lead end-to-end IT and InfoSec audit processes, managing multiple audits to meet time, budget, and quality targets across various business areas.
* Build and maintain strong, collaborative relationships with audit stakeholders, acting as the key divisional contact to drive engagement, support, and follow-up whilst maintaining independence.
* Exercise sound judgment during audit work, raise significant issues and risks, develop balanced recommendations that consider both commercial and assurance requirements, and prepare clear reports for senior management and the board.
* Provide real-time support, challenge, and actionable insights during the implementation of new processes and change projects.
* Utilise data tools and analytics to enhance audit effectiveness and offer insights, especially in technology and InfoSec audits.
* Track the closure of audit actions, thoroughly investigate evidence, and ensure that risks are promptly addressed and reported in a timely manner.
* Ensure consistent application of audit methodology, adhering to IIA standards and maintaining high-quality execution.
* Support the Head of Risk & Audit in developing a risk-based audit plan.
* Contribute to team success through continuous improvement initiatives.
What you need to know
Essential:
* Proven track record in delivering IT / InfoSec internal audits for in-house teams or through professional services firms
* Strong understanding of risk, control, and internal audit practices, including tech and InfoSec risks and control environments.
* Strong understanding of technology, systems, data flows, and their impact on business operations.
* Excellent communication and interpersonal skills, with the ability to explain technology and InfoSec risks to non-IT stakeholders.
* Experience in developing strong stakeholder relationships at various seniority levels.
* Self-starter with strong time and project management skills to ensure work is delivered on time, within budget, and to the expected quality.
* Strong analytical, report writing, and business acumen.
* Knowledge of the Internal Audit industry and experience in auditing complex IT environments, including Agile teams.
* Commitment to personal development and continuous learning.
Desirable:
* CISA, CISM, CISSP, CCSP, or equivalent technology assurance certification.
* Proven experience in IT audit and InfoSec auditing, with a strong understanding of risk management principles.
* Expertise in core technology management processes and controls, including security, change management, and software development. Familiarity with technology infrastructure, eCommerce systems, and SAP for retail.
* In-depth knowledge of relevant regulations, standards, and frameworks (e.g., ISO 27001, GDPR, NIST, COBIT) and a focused understanding of InfoSec risks, controls, and data governance.
* Proficiency in data analysis, with experience in forensic data interrogation, handling large data sets, and using advanced data analysis tools.
* Experience deploying agile methodology to deliver audits.
What you need to show
You will need to demonstrate our valued behaviours:
* Own it: Do what you say you’ll do. Don’t walk past a problem.
* Make it Better: Improve things for your customer. Spot opportunities to simplify.
* Be Human: Walk in the shoes of your colleagues and customers. Show care and respect to everyone.
We are committed to being a truly inclusive retailer, so you’ll be welcomed whoever you are and wherever you work. Around here, there’s always the chance to try something new - whether that’s as part of an evolving team or somewhere else across the business - and we take development seriously and promise to support you. We also recognise and celebrate colleagues when they go the extra mile and, where possible, offer flexible working.
#J-18808-Ljbffr