This is a fantastic opportunity to join Tesco's Cyber Risk function to lead the end-to-end delivery of high quality testing and assessment activities related to IT General Controls (ITGCs) and Application Controls (ITACs) in support of our Internal Controls over Financial Reporting (ICFR) management assurance/attestation programme. - Lead IT controls testing for assigned portfolio of controls/stakeholders to deliver to agreed time and quality standards - Perform IT risk assessments for new technologies, draft IT process narratives and build Risk and Control Matrices - Review ITGC testing in areas such as Access Management, Change and Release Management, Incident Management, for a broad range of technologies ranging from mainframes to cloud based applications. - Review the assessments performed over automated controls and key reports across multiple business processes such as Procure-to-Pay, Order-to-Cash, Financial Statement Close Process, etc. - As required, support ITGC testing activities in areas such as Access Management, Change and Release Management, Incident Management and SOC Report Reviews as well as testing of IT Application Controls (ITACs), IT Dependent Manual Controls (ITDM) and Key Reports" - Assess the impact of deficient controls and lead the assessment of compensating controls. - Build, communicate, measure and optimize the remediation plan for deficient controls. - Support IT risk/control owners in understanding their ICFR responsibilities. - Manage stakeholder relationship and lead internal meetings with Technology and Business Process teams. - Strong experience with SOX / IT Internal Controls audit, implementation and design improvement - Strong knowledge of IT auditing concepts and principles alongside understanding of IT General Controls, IT Automated Controls and IT-Dependent Controls - Experience in performing IT risk assessments and building Risk and Control Matrices for a broad range of technologies. - Knowledge of Financial Reporting, Corporate Governance and core financial end to end processes such as Customer to Cash, Procure to Pay, Record to Report - SME level expertise in respect to information security (at least two domains of expertise) risk management processes, frameworks and regulatory aspects - Experience of managing workstreams to deliver in line with time/quality expectations - Able to adapt to suit the needs of the business and agile in approaching challenging scenarios - Able to interpret and explain broader business risks to technology colleagues (and technology risks to business colleagues) - Able to lead meetings with a broad range of internal and external stakeholders - Strong written, verbal communication and presentation skills - ability to pitch to different levels of seniority and disciplines within the organisation - Critical thinking with strong attention to detail and good organisational skills - Able to build solid working relationships with peers as well as internal and external stakeholders - Able to work with teams from differing backgrounds across multiple locations