Mission Statement : The mission of the IT General Controls (ITGC) Assurance Lead is to establish and provide oversight for the compliant use of IT systems, services and associated technology in line with the requirements of the overall organizational corporate governance and the needs of principal stakeholders of the organization.
The ITGC Assurance Lead is one of the key roles for collaboration and alignment with Corporate IS and the Domain IS Compliance Leads to ensure common internal control regulations and guidance.
Key stakeholders :
IS Domain Compliance Leads
Global IS Domain Owner
IS Service Owner
IS Business and Function Leads
IS Corporate Leads
Risky material weaknesses and significant deficiency in SOX
Disparate service management practices and silo approaches.
Insufficient process standardization and control deployment.
Insufficient adaptation of process controls.
Lack of deficiency management techniques, governance and reporting
Ineffective implementation of policies, standards and controls.
Managing critical stakeholders to perform appropriate activities to identify
deficiencies and activate remediation plan.
Your key knowledge, skills, and experiences requirements
Bachelor’s degree in Computer Science, Information Assurance,
Operations, Accounting, Finance, or Business.
Master’s Degree preferred
Minimum of 7 years of experience in ITGC Controls, IT audit and / or IT controls; strong experience in an audit firm (e.
g. Big Four) is preferred
Minimum of 5 years of relevant experience in a leadership role
Overall, 15 years of experience
Knowledge and Skills
Strong knowledge of Sarbanes-Oxley (SOX) act, IT General Controls, IT Governance
Professional qualification / certifications equivalent to
CISA / CISM / CGEIT / CRISC
Knowledge of industry framework, standards and practices (COBIT, ITIL,
CMMI, ISO 2700x, etc.)
Expert knowledge and skills on :
Enterprise IT governance
Business risk management
SFIA V.7 skills
Information Assurance (INAS), Level 5
Enterprise IT governance (GOVN), Level 5
Business Strategy and Planning
Business risk management (BURM), Level 5
Change Management (CHMG), Level 5
Advice and Guidance
Consultancy (CNSL), Level 5
Quality and Conformance
Conformance review (CORE), Level 5
Quality Assurance (QUAS), Level 5
Business change Management
Organizational Capability Development (OCDV), Level 5
Oversees, monitors and follows up end-to-end Deficiencies / Remediations process and ensures quality and timely completion.
Oversees, monitors and follows up end-to-end deficiency management processes (DMP) / deficiency assessment processes (DAP) / application assessment processes (AAP) process and ensures quality and timely completion.
Performs Year End Design Effectiveness Confirmation (DEC) and Process Walkthrough / DEC for GBS IS SPEX.
Provides input to Risk & Internal Control (Corporate ARIC) for year-end workpaper for Corporate IS and GBS IS.
Monitors, follows up and performs the execution of the ITGC activities (e.g.Control performance, PLC CPCP, Process walkthrough, etc.
in scope to GBS IS SPEX and ensure quality and timely completion.
Plans formal reviews of activities, processes, products or services for GBS IS.
Evaluates and independently appraises the internal control of processes, based on investigative evidence and assessments.
Is responsible to provide internal control expertise, trainings and recommend process improvements to ITGC process owners, control owners and performers, manages to have effective controls in place.
Collaborates closely with Domain IS Compliance Leads and Corporate IS in the area of internal controls related compliances, issues, risk and concerns.
Is responsible to define and implement standard ways of documenting controls evidence.
Is responsible for assuring conformance to Financial Reporting practices (SOX controls) with a broader understanding of financial controls compliance and
conducting internal domain Financial Reporting (SOX) training.
Enables that customer audits can be executed on demand within GBS IS by establishing supportive processes, procedures and documentation.
Acts as the organization's contact for relevant regulatory authorities / audits and ensures proper relationships between the organization and external parties, with valid interest in the organization governance.
Acts as the Single point of contact (SPOC) and coordination point for customer audits.
Ensures that independent appraisals follow agreed procedure and advises others on the review process.
Implements, communicates and executes the Internal Control framework and Internal Controls Over Financial Reporting (ICoFR) methodology in GBS IS.
Follows up and oversees the quality of Entity Level Controls (ELC) and Process level Controls (PLC) Control Performance Confirmation Program (CPCP).
Oversees, monitors and follows up ITGC activities for GBS IS and ensures quality and timely completion as per the published schedule.
Closely works with the Corporate IS GRC, Risk and Internal Control (Corporate ARIC) and Domain IS Compliance Leads to take provided internal control regulations and guidance into GBS IS Service Lines.
Is responsible to drive and support in shaping IT General Controls within GBS IS SPEX organization.
Provides internal control expertise, trainings and process improvements to ITGC process owners, control owners and performers, manages to have effective controls in place.
Reviews controls supporting documentation on monthly basis, provides feedback to service owner, trains and mobilizes the service teams to meet requirements.
Coordinates GBS IS Domain audits related with policies, procedures, corporate standards in the field of financial, operational, IS and service risks.
Addressing post-audits recommendations and remediating audit findings.
Is responsible for Financial Reporting (SOX) controls with a broader understanding of financial controls compliance and conducting internal domain Financial Reporting (SOX) training.
Reviews the controls evidence documentation ensuring quality compliance and timeliness.
Working out standard ways of documenting controls evidence.
Identifies risks in the GBS IS SPEX service line and initiative in designing controls.
Perform, oversee, monitor and follow up the execution of the ITGC activities (e.g. Control performance, CPCP, Process walkthrough, etc.
in scope to GBS IS - SPEX and ensure quality and timely completion.
Monitors and follows up on post-audits recommendations and remediating audit findings.
Assess and reviews control evidence documentation ensuring quality compliance and timeliness
Collects and reports periodically to the Head of GBS IS and to Corporate IS
GRC IS Compliance the status on ITGC compliance.
Drives governance meeting organization, including the preparation of the meeting agenda, presentations as well as follow-ups and task tracking.
He / She is part of the globally operating application supporting IT General Controls (ITGC) for Financial Reporting (SOX) as part of the first line of defense.
Ensures appropriate IS Risk & Compliance standards and methods are followed.
Executes, for assigned tasks, all actions in the company's IS processes according to agreed RACI specification.
Establishes an effective working framework with internal and external auditors at GBS IS level.
Is responsible for the GBS IS Governance model.
The responsibility includes the design, implementation and operation of the model within GBS IS, drives governance meeting organization, including the preparation of the meeting agenda, presentations as well as follow-ups and task tracking.
Is a part of 1 st line of defense to manage and govern Internal control processes and acts as coordination point for the company's Business Areas audits
Is responsible to drive and support in shaping IS General Controls within GBS IS SPEX organization.
Puts in place and maintains governance practices and resources to enable governance activity to be conducted with reasonable independence from management activity, in line with the organization's corporate governance
Executes, for assigned tasks, all actions in IS processes according to agreed RACI specification.