Global Head of Technology Controls Assurance

The Global Head of Technology Controls is accountable for defining, implementing, and oversight of Apex Group’s global technology control framework. The role ensures that key technology and cyber controls are consistently designed, implemented, and operating effectively across all regions, legal entities, and technology platforms. Working closely with the Group CISO, Technology, Risk, Compliance, cyber and IT service areas and Audit functions, this role provides assurance that Apex’s technology control environment meets regulatory expectations, supports operational resilience, and enables secure business growth. Champion & ensure delivery against compliance requirements like the Apex Gold standard, NIST, DORA, SOC1 and SOC 2, ISO27001 and all relevant group controls.

Key Responsibilities

• Technology Control Framework & Strategy: Define and maintain Apex’s global technology control framework, aligned to the Group’s risk appetite, cyber strategy, Apex Gold Standard and regulatory obligations. Establish clear control standards, policies, and minimum requirements covering infrastructure, applications, cloud, identity, data, and end‑user computing. Ensure consistent adoption and maturity of technology controls across regions and entities. Perform all duties requested by the Group CISO to deliver the Target Operating Model and Cyber Strategy.
• Control Design, Implementation & Effectiveness: Oversee the design and implementation of preventive and detective technology controls across the enterprise. Ensure controls are clearly mapped to key technology and cyber risks, regulatory requirements, and industry standards. Drive continuous improvement of control effectiveness, consistency, and automation.
• Assurance, Testing & Monitoring: Lead global technology control testing and assurance activities, partnering closely with Technology Assurance, Risk, and Internal Audit. Ensure timely identification, escalation, and remediation of control weaknesses and issues. Provide clear, risk‑based reporting on control effectiveness, issues, and remediation progress to the Group CISO and governance forums.
• Regulatory & Risk Management: Support regulatory examinations, client due diligence, and external audits related to technology and cyber controls. Ensure technology controls support Apex’s operational resilience, data protection, and cyber security obligations. Partner with Enterprise Risk Management to ensure technology risks are appropriately assessed and managed.
• Third‑Party & Cloud Controls: Ensure robust technology control requirements are embedded into third‑party, outsourcing, and cloud arrangements. Oversee control expectations for managed service providers and offshore service models. Address evolving risks associated with cloud platforms, SaaS solutions, and emerging technologies.
• Stakeholder Engagement & Governance: Act as a key advisor to the Group CISO on technology control maturity, risks, and investment priorities. Engage senior Technology, Risk, Compliance, and business leaders to drive accountability for control ownership. Present control posture, key risks, and remediation themes to executive and board‑level forums.
• People Leadership & Capability: Build and lead a high‑performing global technology controls team with strong technical and risk capability. Drive skills development, succession planning, and consistent ways of working across regions. Foster a culture of accountability, continuous improvement, and collaboration.
• Leadership & People Management: Lead and develop global cyber Technical and Operational Services, advisory and service delivery teams. Build a strong delivery culture focused on accountability, quality, and continuous improvement. Manage strategic cyber security vendors and service providers. Support talent development in line with Apex’s growth and acquisition strategy.

Key Skills & Experience

• Minimum of 10 years of extensive cybersecurity experience, with at least 7 years in a senior leadership role and a proven track record in leading a global cyber GRC function.
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate cybersecurity and risk‑related concepts to technical and non‑technical audiences at various hierarchical levels.
• Extensive experience leading technology controls, IT risk, cyber controls, or technology assurance in a global, regulated environment.
• Strong understanding of enterprise technology environments, including cloud, infrastructure, applications, identity, and data.
• Track record of successfully managing a high‑performing cybersecurity organization with the ability to motivate and mentor high‑performing security teams and foster a culture of excellence.
• Proven experience working with regulators, auditors, and client assurance teams.
• Ability to operate at executive level, providing clear, pragmatic, and risk‑based advice.
• Strong leadership skills to influence organizational change, build teams, and communicate security priorities effectively across the enterprise, influencing, and stakeholder management skills.
• Business acumen to understand enterprise operations, risk tolerance, and industry dynamics.
• Analytical skills to conduct technical assessments, prioritize vulnerabilities, and develop risk treatment plans.
• Project management skills to assist with the development and execution of the cybersecurity strategy and roadmaps to strengthen and continuously improve the cybersecurity posture.
• Passion for continuous learning to stay current on advancing threats and security best practices.
• Ability to maintain a calm structured mindset even when under pressure.

Qualifications

• Degree in Information Technology, Information Security, or a related discipline (or equivalent experience).
• Relevant certifications such as CISA, CISSP, CISM, CRISC, or equivalent are preferred.