Connecting to LinkedIn...

Audit Director - Information Protection

Information About This Job

Job Title: Audit Director - Information Protection
Contract Type: Permanent
Location: Middlesex
Industry:
Salary: £Competitive
Contact Name: Ben Kinley
Contact Email: bkinley@lawsonchase.com
Job Published: 7 days ago

Job Description

The Audit Account Director role is critical in driving the design and delivery of A&A’s global Assurance Strategies and serving as change agents of A&A’s strategic objectives.

The Audit Account Director is aligned to our Information Protection principle risk and provides the prime point of contact for all Business Units or Functions impacted by that risk. The information protection risk is the risk to our business activity if information fails to be available, becomes disclosed to those not authorised to see it, or is corrupted. In this role, the Audit Account Director builds and manages strong partnering relationships with senior stakeholders, and is an integral and active member of relevant governance fora.

Through these activities, the role holder will define assurance strategies that are proactive and relevant to all businesses impacted by the risk and plans an appropriate mix of assurance products.

Although the majority of Core Audit delivery is led by the Grade 5 Audit Director, the Audit Account Director takes a lead for other assurance products (e.g. joint risk reviews or consulting). They also play a key role in coaching teams to navigate a complex business and risk environment and contentious audit issues, requiring strong organisational awareness, leadership, communication and influencing skills.

 

Key Responsibilities

  • Serve as the primary contact for all business units/functions impacted by Information Protection risk, attending key governance fora as a full and active member and maintaining dialogue with relevant senior management (typically SVP and VP level)

  • Serve as ambassadors for A&A enterprise wide change, embedding the Internal Control Framework across the organisation.

  • Responsible for the development of global assurance strategies for Principal Risk of Information Protection ensuring that the assurance work is commensurate with the importance of the risk to the business. Drive the evolution and delivery of A&A assurance strategies for assigned principal risk and related audit universe entries to ensure strategies are risk based, fit-for-purpose and responsive to the risk and business environment.

  • Drive a culture of empowerment, actively leading, inspiring and developing teams to perform at their best in addition to supporting the attraction of key talent across the wider organisation. Accountability for the management of a small population of senior staff, as selected by the VP.

  • Oversee the delivery of certain assurance products which are less structured, more free-thinking and strategic in nature

  • Translate and distil the insights from audits in a way that is clear and engaging to senior leadership and influence coordination and awareness at an enterprise level, where appropriate (e.g. reduction of repeat findings).

  • Coaching and supporting the development of auditors in the efficient and effective drafting of Assurance outcomes. Drive accountability for consistent standards within their product delivery.

 

Skills & Experience

  • High proficiency in stakeholder management, partnership and influence

  • Leadership skills – coaching, mentoring, managing and inspiring

  • Ability to identify emerging trends in assurance and internal controls through scanning the internal and external business and risk environment

  • High degree of organisational awareness; demonstrated ability to develop solutions to complex problems.

  • In-depth knowledge of the internal control framework, enterprise risks, Policy 500 (Risk Management), risk based auditing models (e.g., IIA, COSO) and compliance frameworks.

  • Knowledge / understanding of the requirements, approach and perspectives of regulatory agencies.

  • Project management certification (e.g. ADP, Prince 2, PMP), preferred

  • Strong command of English language (written and verbal), essential. Foreign language skills, preferred.

  • Strong experience in Information Technology and demonstrated experience managing Information Protection risks, including sub risks listed below.

 

Threat/ Sub risk Description

  • Malware Malicious software

  • Hacking Deliberate attempts to access or harm computer systems

  • Social engineering e.g. Phishing Emails

  • Misuse Unauthorised use of computer systems

  • Physical Loss or theft of hardware

  • Error Mistakes and omissions

  • Environmental Natural or man-made disasters

  • Privacy Mishandling or theft of Personally Identifiable Information

Ref: | Published: 11th Oct 2017