Global Head of Technology Controls Assurance

The Global Head of Technology Controls is accountable for defining, implementing, and overseeing Apex Group’s global technology control framework. The role ensures that key technology and cyber controls are consistently designed, implemented, and operating effectively across all regions, legal entities and technology platforms. Working closely with the Group CISO, Technology, Risk, Compliance, cyber and IT service areas and Audit functions, this role provides assurance that Apex’s technology control environment meets regulatory expectations, supports operational resilience and enables secure business growth. Champion & ensure delivery against compliance requirements like the Apex Gold standard, NIST, DORA, SOC1 and SOC 2, ISO27001 and all relevant group controls.

Key Responsibilities

• Technology Control Framework & Strategy: Define and maintain Apex’s global technology control framework, aligned to the Group’s risk appetite, cyber strategy, Apex Gold Standard and regulatory obligations. Establish clear control standards, policies and minimum requirements covering infrastructure, applications, cloud, identity, data and end‑user computing. Ensure consistent adoption and maturity of technology controls across regions and entities. Perform all duties requested by the Group CISO to deliver the Target Operating Model and Cyber Strategy.
• Control Design, Implementation & Effectiveness: Oversee the design and implementation of preventive and detective technology controls across the enterprise. Ensure controls are clearly mapped to key technology and cyber risks, regulatory requirements and industry standards. Drive continuous improvement of control effectiveness, consistency and automation.
• Assurance, Testing & Monitoring: Lead global technology control testing and assurance activities, partnering closely with Technology Assurance, Risk and Internal Audit. Ensure timely identification, escalation and remediation of control weaknesses and issues. Provide clear, risk‑based reporting on control effectiveness, issues and remediation progress to the Group CISO and governance forums.
• Regulatory & Risk Management: Support regulatory examinations, client due diligence and external audits related to technology and cyber controls. Ensure technology controls support Apex’s operational resilience, data protection and cyber security obligations. Partner with Enterprise Risk Management to ensure technology risks are appropriately assessed and managed.
• Third‑Party & Cloud Controls: Ensure robust technology control requirements are embedded into third‑party, outsourcing and cloud arrangements. Oversee control expectations for managed service providers and offshore service models. Address evolving risks associated with cloud platforms, SaaS solutions and emerging technologies.
• Stakeholder Engagement & Governance: Act as a key advisor to the Group CISO on technology control maturity, risks and investment priorities. Engage senior Technology, Risk, Compliance and business leaders to drive accountability for control ownership. Present control posture, key risks and remediation themes to executive and board‑level forums.
• People Leadership & Capability: Build and lead a high‑performing global technology controls team with strong technical and risk capability. Drive skills development, succession planning and consistent ways of working across regions. Foster a culture of accountability, continuous improvement and collaboration.
• Leadership & People Management: Lead and develop global cyber Technical and Operational Services, advisory and service delivery teams. Build a strong delivery culture focused on accountability, quality and continuous improvement. Manage strategic cyber security vendors and service providers. Support talent development in line with Apex’s growth and acquisition strategy.

Key Skills & Experience

• Minimum of 10 years of extensive cybersecurity experience, with at least 7 years in a senior leadership role and a proven track record in leading a global cyber GRC function.
• Excellent written and verbal communication, interpersonal and collaborative skills, and the ability to communicate cybersecurity and risk‑related concepts to technical and non‑technical audiences at various hierarchical levels, ranging from senior leadership to technical specialists.
• Extensive experience leading technology controls, IT risk, cyber controls or technology assurance in a global, regulated environment.
• Strong understanding of enterprise technology environments, including cloud, infrastructure, applications, identity and data.
• Track record of successfully managing a high‑performing cybersecurity organisation with the ability to motivate and mentor high‑performing security teams and foster a culture of excellence.
• Proven experience working with regulators, auditors and client assurance teams.
• Ability to operate at executive level, providing clear, pragmatic, and risk‑based advice.
• Strong leadership skills to influence organisational change, build teams and communicate security priorities effectively across the enterprise, influencing and stakeholder management skills.
• Business acumen to understand enterprise operations, risk tolerance and industry dynamics.
• Analytical skills to conduct technical assessments, prioritise vulnerabilities and develop risk treatment plans.
• Project management skills to assist with the development and execution of the cybersecurity strategy and road‑maps to strengthen and continuously improve the cybersecurity posture.
• Passion for continuous learning to stay current on advancing threats and security best practices.
• Ability to maintain a calm structured mindset even when under pressure.

Qualifications

• Degree in Information Technology, Information Security or a related discipline (or equivalent experience).
• Relevant certifications such as CISA, CISSP, CISM, CRISC or equivalent are preferred.