IT Internal Controls Manager
Permanent
Based in Solihull (Hybrid with 2/3 days in the office and the rest at home). Will also consider London based.
We are looking for an experienced IT Internal Controls Manager to join our friendly and dynamic team here at Waterstones and play a critical role in leading the delivery of our Internal Controls Program for IT. This position offers a high level of autonomy and presents an exciting opportunity to make a significant impact within the organisation. As an effective agent of change, you will guide the business through assessment of IT risk management and ensuring robust internal controls are integrated into IT systems and processes. This is a ‘hands on’ role where you will work closely with a range of stakeholders at all levels and provide strategic risk advisory to help drive specific IT projects, enabling business growth and process improvements. Additionally, you will be a proactive team player who is able to influence at all levels and have a solution focused approach.
This role will ideally be based in Solihull, but we would consider people based in London who will be prepared to travel to Solihull approximately once a month.
What you will be doing
* Lead IT Controls Program: Own and deliver the IT components of the Internal Controls Program, including formation of first time IT General Controls (ITGCs) and application controls (ITAC) frameworks. Consideration of the effective design and implementation of controls that are most efficient in the business context and aligned with organisational goals. You will drive key initiatives, ensuring compliance with Internal Controls over Financial Reporting (ICFR) Standards and other applicable IT Standards as required.
* Autonomous Delivery: Lead the end-to-end execution of the IT portion of the Internal Controls Framework, including internal controls walkthroughs, documentation and controls gap assessments. Following initial design of the framework, you will manage hands on delivery of ongoing controls testing and monitoring activities. Overall, ensuring a smooth, timely delivery that is agile in utilising expertise to develop best approach that anticipates challenges and proactively develop solutions.
* IT Risk Advisory: Provide risk advisory services to the business on an as needed basis, working closely with IT Senior Leadership and project teams on specific IT initiatives. You will identify and assess risks, offering guidance on risk mitigation strategies and ensuring that business projects align with overall IT control objectives.
* Process Change Enablement: Be an agent of change, helping the organisation implement and embed IT controls during business and process transformations. You will collaborate across departments, ensuring that changes in business processes are underpinned by sound IT controls.
* Stakeholder Engagement: Act as a trusted advisor to senior management and business leaders on IT risks and controls. Foster a collaborative working environment with various stakeholders to ensure effective decision-making and execution of IT control framework across the organisation.
* Internal Control Quality: Maintain and enhance the organisation's internal control framework, ensuring continuous improvement of IT controls and identifying opportunities to streamline and automate controls.
* Audit Co-ordination: Provide support for audits and assessments over the IT Controls Framework from internal and external stakeholders and facilitate documentation review and provision in relation to requests.
* Training and Development: Develop and deliver training programs on IT ICFR Compliance topics as needed for key stakeholders. Promoting an awareness of best practices and internal controls across the organisation.
* Compliance and Reporting: Prepare and present regular updates on the IT Internal Controls Program to senior leadership and key committees. Ability to summarise and highlight key program risks, findings and recommendations.
What we need from you
* Professional qualification in CISA, CRISC or equivalent.
* Proven experience in IT compliance, IT risk management, or IT auditing. SME knowledge of ITGC and ITAC concepts and requirements.
* In-depth knowledge of the ICFR Standards (US SOX, UK Corporate Governance Code)
* Strong awareness of IT control frameworks (e.g. COBIT, ISO 27001, NIST) and regulatory requirements (e.g. GDPR, ISO, ITIL).
* Experience with Systems transformation projects and an ability to embed new ways or workings and drive control improvements.
* Experience gained within a Top 10 Practice environment.
Person Profile
* Driving Results: Proven track record of successful delivery against project plans autonomously. Strong ability to manage competing priorities with a hands-on, results-oriented approach.
* Risk Advisory: Experience in providing risk advisory and guidance to business units for IT projects, process improvements, and transformation initiatives.
* Communication Skills: Excellent written and verbal communication skills, with the ability to communicate complex risk and control concepts to non-technical stakeholders and senior management.
* Problem-Solving: Strong analytical and problem-solving skills, with the ability to identify risks, propose solutions, and drive continuous improvement.
* Collaboration: Demonstrated ability to work collaboratively across departments and with senior leadership. Skilled at building relationships and influencing others to adopt risk management and control practices.
Why work for Waterstones
At Waterstones, everything we do is about our customers, and we work hard to provide them with the best possible shopping experience, one that will make them want to visit time and time again. We strive to consistently deliver fantastic customer service, whether recommending a book or a gift, keeping our shops beautifully stocked, helping out in our lovely Café W’s, or keeping the wheels turning efficiently behind the scenes. Working with us, you will get to use your expertise and enthusiasm to bring to our customers the irreplaceable pleasures of a good bookshop (including a virtual one).
In return, you will be working in a role that can make a real difference to Waterstones, work in a friendly and dynamic team and get to benefit from our excellent discount in shops and waterstones.com.
If you have the relevant essential experience and you are interested, we would love to hear from you.