At a Glance
- Tasks: Lead the design and implementation of IT compliance controls across EMEA technology.
- Company: Join a leading global insurance company committed to integrity and teamwork.
- Benefits: Enjoy competitive salary, hybrid working, and comprehensive learning opportunities.
- Other info: Diverse and inclusive workplace focused on employee growth and support.
- Why this job: Make a real impact on compliance and risk management in a dynamic environment.
- Qualifications: 5+ years in IT compliance or audit, with strong knowledge of SOX and GDPR.
The predicted salary is between 60000 - 80000 £ per year.
ROLE PURPOSE
The Tech Risk & Compliance Lead is a hands-on, execution-focused role within the EMEA IT Risk and Compliance function, responsible for the practical design, implementation and testing of SOX IT General Controls (ITGCs) across the EMEA technology estate, alongside supporting compliance with the wider European regulatory landscape including the General Data Protection Regulation (GDPR) and the Digital Operational Resilience Act (DORA). The role holder works directly with architects and application owners to build IT controls into systems, performs control design and operating-effectiveness testing, collects and reviews evidence, manages deficiencies through to remediation, and acts as the day-to-day interface to internal and external auditors (PwC), risk and data protection functions, and regional IT leads.
KEY RESPONSIBILITIES
- Control Design, Implementation and Testing
- Design and document SOX-compliant control specifications for IT platforms - covering logical access, change management, computer operations and segregation of duties - and work with IT owners to implement them in production.
- Apply controls-by-design in practice: review designs, configurations and change requests against control requirements and confirm SOX, data protection and operational-resilience controls are built in before changes reach production.
- Plan and execute control design and operating-effectiveness testing across the ITGC portfolio, including sample selection, test execution, workpaper preparation, and conclusion on control adequacy.
- Maintain a detailed control inventory, test calendar and RACI for each control, and track identified deficiencies through root-cause analysis to validated remediation.
- Architecture Review and Controls by Design
- Review infrastructure architecture documents, design proposals, and change requests to assess SOX control implications prior to implementation; engage at design stage with architects and engineers to embed ITGCs, preventing control gaps from being introduced through system design.
- Provide compliance input into cloud migrations, platform modernisation, database upgrades, and identity management programmes.
- Develop and maintain a controls reference framework as a practical design guide for architects and platform owners.
- Regulatory Control Implementation and Testing - SOX, GDPR and DORA
- Embed GDPR technical and organisational controls (access control, encryption, logging, data retention and deletion, and audit trails) into infrastructure design and the ITGC framework, partnering closely with the Data Protection Officer and privacy function.
- Establish a consolidated regulatory control mapping so that a single, well-designed set of controls satisfies SOX, GDPR and DORA obligations, reducing duplication and control fatigue across the estate.
- Report on control implementation and testing status against regulatory requirements and track remediation of identified gaps through to closure.
- Advisory and Stakeholder Engagement
- Act as compliance advisor to application owners, architects, and engineering teams on ITGC-compliant access models, change workflows, and operational procedures.
- Participate in architecture review boards and governance forums as the designated compliance representative; serve as primary contact for internal audit and PwC for all infrastructure-related SOX testing, evidence requests, and findings management.
- Provide structured reporting to senior leadership on compliance posture, open findings, and remediation status.
- Technology Risk and Continuous Improvement
- Conduct periodic IT risk assessments and produce decision-ready risk reporting for senior management; assess compliance implications of new technologies and delivery models prior to adoption.
- Drive standardisation and continuous improvement of the infrastructure compliance programme; develop guidance materials and training for infrastructure and application teams.
- Operate effectively within an evolving regulatory environment, including GDPR, DORA, FCA requirements, and Lloyd's reporting obligations.
Qualifications
- EXPERIENCE
- Minimum 5 years in IT compliance, IT external or internal audit, or technology risk within financial services, insurance, or Big 4.
- Proven ownership of SOX ITGC programmes including proactive monitoring and deficiency remediation.
- Track record of reviewing architectural artefacts from a compliance perspective and guiding technical teams on control implementation.
- Prior engagement with Big 4 external audit at a senior client-side level, or equivalent auditor-side experience.
- SOX ITGCs: logical access, change management, computer operations, and segregation of duties.
- Privileged access management tools: CyberArk and/or SailPoint.
- Infrastructure platforms: Windows Server, Linux/AIX, iSeries (AS400), Oracle Database, SQL Server, and DB2.
- Ability to critically assess architecture documents and identify control design implications.
- Working knowledge of EU regulatory frameworks affecting infrastructure, including DORA operational-resilience requirements and GDPR technical and organisational controls.
- QUALIFICATIONS
- Required: Bachelor's degree in Computer Science, Information Technology, or a related discipline.
- Preferred: Certified Information Systems Auditor (CISA).
- Advantageous: CRISC, CISM, or equivalent professional qualification.
We offer in return!
Competitive salary & pension scheme, discretionary bonus scheme, 25 days annual leave plus ability to purchase additional days, hybrid working options, Private Medical cover, Employee Share Purchase Plan, Life Assurance, Subsidised gym membership, Comprehensive Learning & development offerings, Employee Assistance program.
Integrity, client focus, respect, excellence, teamwork
Our core values dictate how we live and work. We’re an ethical and honest company that’s wholly committed to its clients. A business that’s engaged in mutual trust and respect for its employees and partners. A place where colleagues perform at the highest levels. And a working environment that’s collaborative and supportive.
Diversity & Inclusion
At Chubb, we consider our people our chief competitive advantage and as such we treat colleagues, candidates, clients, and business partners with equality, fairness and respect, regardless of their age, disability, race, religion or belief, gender, sexual orientation, marital status or family circumstances. We are committed to ensuring our recruitment process is inclusive and accessible to all. If you have a disability or long-term condition (for example dyslexia, anxiety, autism, a mobility condition or hearing loss) and need us to make any reasonable adjustments, changes or do anything differently during the recruitment process, please let us know.
Tech Risk & Compliance Lead in London employer: Chubb
Chubb is an exceptional employer that prioritises integrity, client focus, and teamwork, creating a collaborative and supportive work environment. With competitive salaries, comprehensive benefits including hybrid working options, and extensive learning and development opportunities, employees are empowered to grow and thrive in their careers. Located in the EMEA region, Chubb fosters a culture of diversity and inclusion, ensuring that every team member is treated with respect and fairness, making it a truly rewarding place to work.
StudySmarter Expert Advice🤫
We think this is how you could land Tech Risk & Compliance Lead in London
✨Join Compliance Communities
Get involved in compliance and risk communities — both online and offline. Look for forums, LinkedIn groups, or even local meetups where compliance pros hang out. You never know who might drop a job opportunity your way!
✨Attend Industry Conferences
Keep an eye out for compliance and risk management conferences and workshops in your area. These events are a goldmine for networking, and they often have job boards or recruiters on-site looking for new talent. Plus, it’s a chance to learn what's trending in the field.
✨Leverage Your University Career Services
If you’ve recently graduated or are still studying, head over to your university's career services. Many companies, including those in compliance, actively recruit fresh talent through these services, so make sure you tap into that resource.
✨Showcase Your Knowledge Online
Start writing articles or blog posts about compliance topics that interest you. Share them on platforms like LinkedIn to demonstrate your knowledge and passion. This not only builds your presence in the field but can also catch the attention of companies like Chubb looking for candidates who are engaged and informed.
We think you need these skills to ace Tech Risk & Compliance Lead in London
Some tips for your application 🫡
Show Your Understanding of Compliance:In the compliance-risk field, it's super important to showcase your understanding of regulations and risk management frameworks. Highlight any relevant coursework, certifications (like ICA or AML), or even projects that demonstrate your knowledge and commitment to this area. We want to see how you can navigate this complex landscape!
Quantify Your Achievements:When detailing your experience, try to quantify your achievements. For example, if you've previously worked on a project that improved compliance metrics or reduced risk exposure, give us the numbers! This data-driven approach really stands out to hiring managers in compliance-risk roles.
Tailor Your CV to Reflect Relevant Skills:Make sure your CV highlights skills that are particularly relevant to compliance, like attention to detail, analytical thinking, and report writing. Ensure these are easy to spot – consider using bullet points to break down your responsibilities and achievements for maximum impact!
Craft a Motivating Cover Letter:In your cover letter, let us know why you’re excited about the compliance-risk role at Chubb. Share what motivates you about compliance, and how you believe you can contribute to our mission. This is your chance to showcase not only your skills but also your passion for this important field!
How to prepare for a job interview at Chubb
✨Master the Regulations
Brush up on key compliance regulations relevant to the industry you're applying to. Familiarising yourself with specific laws and frameworks used in your field will give you an edge during technical questions. Show that you’re not just aware of them but can also apply them—think real-life scenarios!
✨Show Your Analytical Skills
Compliance roles really focus on analytical skills, so be prepared for case studies or situational questions during the interview. We've got to demonstrate how we approach risk assessments or compliance audits, possibly drawing on examples from past experiences or university projects. Bring some thoughtful case scenarios to discuss!
✨Know Your Tools
Get comfortable with commonly used compliance software and tools. Familiarity with platforms like RSA or MetricStream can really impress during your interview, as it shows you're ready to hit the ground running. If you’ve had any experience with them, make sure to highlight that!
✨Align with Company Culture
Since it's a full-time position, show your long-term commitment and interest in the company’s mission and values. Dive into how your ethics and professional philosophy align with Chubb’s stance on compliance. A shared vision can really resonate with interviewers looking for fit as much as skill!