Aon needs to ensure that all its systems are compliant with SOX, PCI, HIPAA, GDPR, SOC1 and SOC2 regulations. It needs resources to facilitate the auditing of controls in place for compliance with those regulations, ensure that the technical teams have the evidence to prove their controls are in place, and if they are not, they need to work with the stakeholders and the technical teams to get them in place.
- Lead and oversee a varied and complex regulatory compliance program covering multiple domains and disciplines.
- Managing the stakeholder expectation & partnering with stakeholders to ensure management of IT risks and compliance.
- Maintain regional and local stakeholder relationships, meeting schedules, minutes, RACI and partnering accountability.
- Lead and effectively manage compliance audits and coordinate with stakeholder IT Platform Services and Global Security Services team in delivering ITGC mandates.
- Assess and monitor the risks associated with Vendor Risk Governance by working with key stakeholders, getting regular updates, provide challenge where necessary etc.
- Management and Governance of the Internal Audits conducted to understand and evaluate the nature of deficiencies identified. Keep a track of the issues and monitor them until resolution.
- Maintain strong stakeholder relationships and regularly liaise with key stakeholders like Regional and Local CIO’s, IT Regional risk committee members , regional compliance POC etc.
- Take ownership and work as part of the team as and when the requirements demand.
- Maintain, manage and monitor regional and local compliance to the internal control frameworks such as the IT Risk Standards, Internal Controls Framework, SOX, HIPAA, PCI, GDPR, SOC1 and SOC2 regulatory / legal and other obligations / requirements.
- Appropriately analyze ITGC findings and participate in remediation of issues with control owner /assurance partners.
- Provide support in using Evidence Repository to control owners (i.e. Archer).
- Provide support of policy/standards exceptions, report status to regional and local management, and advice on corrective actions.
- Prepare stakeholder presentations for stakeholders and senior leadership
- Understanding of risk and risk assessments.
- Lead a team of IT Audit and Compliance professionals.
- Compliance or auditing experience for minimum of two regulations – SOX, HIPAA, PCI, GDPR, SOC1 and SOC2
- Detailed knowledge of ITGC, Auditing principles.
- Minimum 10-12 years working in area of ITGC compliance or auditing.
- Knowledge of controls manifestation in large global corporations with regional and local presence is required.
- Good understanding of coordination and facilitation role.
- Ability to investigate, question and interpret internal and external IT audit and compliance issue is required.
- Prior experience in audit, risk management, governance, IT security and compliance functions.
- Knowledge of information risk concepts and practices required.
- Good understanding of technology is required.
- Experience of working across business units and geographical boundaries to engage IT, business and team members is required.
- Proven experience dealing with ambiguous situations, and producing a consistent result with varied input.
- Project management experience to manage multiple compliance audits at one time.
- Possibility of financing CIPP/E Training
- Diverse and inclusive workplace - we value openness and authenticity and believe in the power of feedback
- Flexible remote work environment
- Employee-appreciation culture (multiple recognition programs)
- The best medical cover on the market with free dental care
- Wellbeing awareness (access to free mental health helpline, Stay-Well Day off, lectures, sports and more)
- Generous benefits package (personal accident insurance, benefit platform for vouchers and more)
- Internal career opportunities, individual development plan, professional development training and resources
- Lots of social events, charity actions and opportunities to integrate with colleagues