Control Assurance & Advisory Director in London

Welcome to Haleon. We’re a purpose-driven, world-class consumer company putting everyday health in the hands of millions. In just three years since our launch, we’ve grown, evolved and are now entering an exciting new chapter – one filled with bold ambitions and enormous opportunity. Our trusted portfolio of brands – including Sensodyne, Panadol, Advil, Voltaren, Theraflu, Otrivin, and Centrum – lead in resilient and growing categories. What sets us apart is our unique blend of deep human understanding and trusted science. Now it’s time to fully realise the full potential of our business and our people. We do this through our Win as One strategy. It puts our purpose – to deliver better everyday health with humanity – at the heart of everything we do. It unites us, inspires us, and challenges us to be better every day, driven by our agile, performance-focused culture.

About the role

The Control Advisory and Assurance Director leads a service which validates that all relevant security and compliance requirements (derived from Written Standards) are adequately addressed throughout the product lifecycle and post go-live, ensuring Security & Compliance by Design. This role governs ongoing changes to the overall D&T control environment and provides ongoing expert advice to improve controls. It hosts the Control Center of Excellence (for SOx, GxP, and beyond) ensuring robust operational governance and advisory services across Digital & Technology (D&T).

Additionally, this role works very closely with the first line of defense (oversight risk and compliance teams, control owners, and control operators), second lines of defense outside D&T (such as Financial Risk Management and Controls team) and the InfoSec policy and advisory teams to ensure that security by design principles are adhered to during the delivery of projects. This role will be actively involved in the One SOX program to ensure that all remediation activities relying on D&T technical delivery are appropriately defined and completed on time. Furthermore, this role is responsible for ensuring that Audit Risk Committee papers are drafted on time and aligned with all relevant stakeholders prior to submission, maintaining accuracy, completeness, and strategic alignment. This role requires active and constant interaction with senior stakeholders within and outside D&T.

Role Responsibilities

• Control assurance services: define and maintain the D&T Risk Assessment process, providing tools and expert guidance to the first line of defence.
• Project assurance leadership: oversee assurance activities across all D&T Tech Business Units, ensuring compliance with all relevant Written Standards and regulatory requirements (SOX, GxP, cybersecurity).
• Governance of control operations: lead governance of control operations and manage the Control COE for SOX and GxP.
• Change management: govern changes to the control environment, ensuring alignment with compliance frameworks and risk appetite.
• Regulatory audit support: coordinate regulatory audits and inspections, ensuring timely remediation and advisory support.
• Continuous improvement: drive optimization of processes and controls, embedding compliance by design principles into projects and BAU activities.

Qualifications:

• Bachelor’s degree in Information Systems, Computer Science, Engineering, or a related field.
• Significant experience in IT General Controls (ITGC).
• Experience working with managing external audits and regulatory inspections.
• Significant experience in embedding “security and compliance by design” into projects and BAU activities.
• Experience with preparing Audit Risk Committee papers and ensuring audit readiness.
• Deep familiarity with SOX and GxP compliance requirements and audit readiness.
• Significant experience in embedding lessons learned into updated frameworks to prevent recurrence.
• Experience in providing expert guidance to first-line teams and senior leadership.
• Experience in influencing adoption of compliance practices without compromising business agility.

Preferred Qualifications:

• CISA / CRISC/ CGEIT or other relevant qualification.

Job Posting End Date

2026-06-18