Aon Sp. z o.o.

This position is part of global Internal Audit assurance and advisory services over information technology (IT) and security risk areas of Aon and is located into Krakow, Poland. As an independent, objective source of assurance and advisory services, this role adds value by bringing a systematic, disciplined, and balanced approach to evaluating and improving the effectiveness of internal controls, risk management, control, and governance processes. The position reports to the Senior IT Audit Manager in the UK.

Duties and Responsibilities:

• Work as a team member on regional and global audits which may cover a wide range of technology and security topics, including vulnerability and patch management, incident response, data protection, logging and monitoring, change and release management, identity management and access control, IT governance, technical IT Infrastructure, as well as application controls designed to mitigate processing integrity risks
• Identify and assess operational and emerging risks relevant to the IT functions and security risks assumed by the business
• Identify and evaluate the effectiveness of controls designed to address those risks, provide practical, innovative, and value-added solutions to issues identified
• Document and communicate IT audit issues, root causes and risks, and prepare reports of audit findings for Aon senior management
• Review remediation actions submitted by the business for closure to assess whether these have addressed the relevant original risks
• Develop and maintain relationships with business and technical senior management

Key Attributes:

• Strong Technical Skills: Intermediate level knowledge of and experience in application of generally accepted IT management, technology and security risk frameworks including (for example) elements of COSO, COBIT, ITIL, NIST-CSF, and ability to apply framework concepts which align to satisfying specific requirements like privacy (EU GDPR) and other regulatory (UK FCA), as two specific examples
• Accountable for Results: Promotes a strong culture of accountability and consistently demonstrates this through their own actions; Recognizes positive contributions while ensuring issues are handled directly and swiftly. Experienced at working closely with operations and able to develop relationships of mutual trust
• Ensures Continuous Improvement: Consistently challenges self and others to improve process, delivery, and execution; Highest level of curiosity with appetite for learning and sharing knowledge
• Integrity: Establishes an environment of uncompromising integrity and delivers information in a straightforward and honest way versus adopting a more political approach; Demonstrates consistent support and alignment with the values of the organization and exhibits impeccable character
• Thorough and Disciplined: Digs into details while continually able to see the forest for the trees; Sets and enforces appropriate standards and demonstrates a relentless drive to ensure execution; Establishes clear and aligned goals and communicates them effectively; Puts in considerable effort to remove obstacles to achieving business results. Conveys a strong sense of urgency and drives issues to closure
• Engaging, Effective Communicator: Translates broad strategies into specific objectives, metrics and action plans; ensures that efforts across functions, locations and/or organizations are integrated and aligned with strategic objectives; Able to convey subtle or complex messages and highly technical concepts to a wide variety of audiences at all organizational levels; Leverages strong communication skills to influence and/or align others around key actions and decisions required
• Be Flexible and Agile in approach and have experience of working on multiple projects at the same time if needed; Ability to work remotely or virtually and have a willingness to travel as required in order to fulfil work duties

Qualifications:

• Minimum 4 years of experience in IT Audit, or equivalent assurance or consulting experience in IT assessments, cybersecurity, or similar disciplines
• Bachelor’s Degree in technical disciplines such as IT, MIS or Cybersecurity is required, Master’s degree is preferred
• It is desired to have at least one certification (achieved or in progress of being achieved), related to IT Audit, IT Risk Management, or Information Security; preferred certifications include:
  • CISA - Certified Information Systems Auditor from ISACA,
  • CRISC - Certified in Risk and Information Systems Control from ISACA,
  • CISSP – Certified Information Systems Security Professional from (ISC)2.
• Knowledge of external leading risk and controls frameworks such as COBIT, ISO27000, and IT related internal controls
• Knowledge of regulatory and compliance requirements such as SOX, HIPAA, PCI DSS, etc.
• Strong background and experience with audit methodologies and techniques such as data analytics
• Large industry Internal Audit or Big 4 firm experience preferred
• Develops and establishes strong working relationships and open communication with key stakeholders
• Accountable for own assignments and holding others accountable for theirs including proactively managing expectations
• Ability to understand concepts and terminology in security domains including governance, risk management, architecture, compliance, and operations and be able to express them in a clear and concise manner
• Excellent written and oral communications skills. Fluency in English essential
• Experience in a global, fast paced organization and managing international teams and assignments is preferred

We offer:

• Diverse and inclusive workplace - we value openness and authenticity and believe in the power of feedback
• Flexible remote work environment
• Employee-appreciation culture (multiple recognition programs)
• The best medical cover on the market with free dental care
• Wellbeing awareness (access to free mental health helpline, Stay-Well Day off, lectures, sports and more)
• Generous benefits package (personal accident insurance, benefit platform for vouchers and more)
• Internal career opportunities, individual development plan, professional development training and resources
• Lots of social events, charity actions and opportunities to integrate with colleagues