IT Senior Auditor

Join our team as a FCE Bank Technology Senior Auditor, providing internal assurance and advisory activities over IT infrastructure, application controls, cybersecurity, operational resilience, risk management, outsourcing and governance processes supporting FCE’s operations. A critical component of this role is auditing shared IT services and assessing the effectiveness of intra-group outsourcing arrangements.

FCE operates in the UK and through branches in France and Spain, as well as an operating subsidiary in Italy, providing retail and dealer financing services in these locations, and savings products to customers in the UK under the Ford Money brand.

Responsibilities

• Plan, lead, and execute assurance and advisory audit engagements.
• Perform detailed testing and analysis to evaluate the design and operating effectiveness of internal controls.
• Liaise with and oversee the work of co-source audit partners.
• Evaluate technology against UK and European financial regulations such as Digital Operational Resilience Act (DORA), EBA Guidelines on outsourcing, FCA and PRA regulations and guidelines relating to Operational Resilience and Outsourcing and Third-Party Risk.
• Prepare and present audit results and reports to senior management.
• Review, approve and follow up on corrective action plans taken by management in relation to audit findings.
• Maintain an awareness of changing technology and associated risks, audit best practices and new or emerging regulations and critically assess their impact on FCE and its control environment.
• Build and maintain key relationships with stakeholders and colleagues.
• Contribute to the development of the risk audit universe which provides input into the annual risk-based audit plan.

Qualifications

• Bachelor’s degree in computer science or related field.
• At least five years of IT audit experience, ideally within a regulated financial services environment.
• Experience of working on both technology and business-hybrid audits including cyber security, IT infrastructure and applications.
• Relevant technology and/or audit certification (CISA, CISSP, CISM or similar).
• Good knowledge of cyber security and IT infrastructure controls that include Identity and Access Management, Data Protection, Change Management, Incident Management, Business Continuity, Cyber Resilience/Response, Cloud Computing, Operating and Database Management Systems.
• Good understanding of industry security frameworks (e.g. NIST, ISO 27001, COBIT etc.).
• Familiarity with UK and European regulatory frameworks.
• Knowledge of intra-group outsourcing and shared service centre audit.
• Personable, enthusiastic, self-motivated with the ability to communicate clearly, concisely and candidly both verbally and in written form.
• Global travel may be required.

Additional Information

The Company is committed to diversity and equality of opportunity for all and is opposed to any form of less favorable treatment or harassment on the grounds of race, religion or belief, sex, marriage and civil partnership, pregnancy and maternity, age, sexual orientation, gender reassignment or disability.

This position is based in Dunton, and it is expected the successful candidate will be able to attend the Dunton office for typically 4 days a week and remain flexible on the days they are required to attend the office according to business requirements.

As part of our pre-employment checks process, successful candidates will be required to undergo a criminal record check. This will be conducted in line with the Rehabilitation of Offenders Act 1974 and applied only to unspent convictions.