Internal Controls Specialist in Uxbridge

Enhancing and developing the Group IT General Controls framework, supporting IT and Cybersecurity functions and ensuring alignment with recognised industry standards.

Oversee and monitor compliance across the IT General Controls (ITGC) framework, ensuring accurate and up‑to‑date documentation within the Group’s GRC application.

Assessing the effectiveness and efficiency of the IT General Controls environment, identifying control gaps, deficiencies, and opportunities for improvement.

Driving continuous improvement initiatives by reviewing existing controls with process and control owners and supporting the design and implementation of new or updated controls.

Promoting best practice across the Group, including opportunities to streamline, standardise and automate IT General Controls across Operating Companies.

Monitoring Group‑wide control effectiveness levels through the Group’s GRC application.

Reporting to Senior Management on the status of the internal control environment, including control effectiveness, open or overdue deficiencies, and key internal control initiatives.

Acting as a point of liaison with Internal and External Audit, supporting audit activity and providing subject‑matter guidance on the IT controls environment.

Supporting management, process and control owners in the remediation of deficiencies identified through internal and external audits.

Accountabilities

• Support process owners, control owners and local internal control teams in the review, maintenance and ongoing effectiveness of IT General Controls across the Group.
• Assist management with the adoption of new or amended controls and corrective actions arising from identified control deficiencies.
• Support control design, redesign and first‑time implementation activities.
• Promote a strong control culture by reinforcing assurance expectations, sharing lessons learned from audits, and delivering targeted training where appropriate.
• Reporting to key stakeholders on internal control matters, including scope, regulatory considerations, reviews, remediation plans, key projects and internal control KPIs.
• Coordinate with Internal and External Auditors to provide relevant information to support audit activities.
• Support the delivery of IT projects and programmes by ensuring internal control requirements are appropriately embedded.
• Monitor and manage the effective use of the Group GRC application, including framework maintenance, access management, audit support and end‑user guidance.

Required Skills, qualifications & experience

• Educated to degree level (desirable).
• Minimum 3-4 years’ experience in an IT Controls, IT Audit, or IT Risk & Compliance role within a complex, regulated, or multi‑entity organisation.
• Good understanding of systems development life cycle (SDLC) methodologies and their associated control implications, together with knowledge of operating systems, databases, web technologies, and network infrastructures.
• Ability to assist non-technical audit colleagues in understanding technology risks and controls.
• Good technical understanding of IT General Controls (ITGCs) and IT Application Controls (ITACs).
• Proven experience in identifying control gaps, performing root‑cause analysis, and proposing best‑practice solutions.
• Excellent stakeholder management skills, with the ability to work effectively with IT application owners, support teams, business control owners, and audit functions.
• Excellent written and verbal communication in English; Spanish is advantageous.
• Professional certifications (e.g. CISA, CISSP, ITIL, COBIT Foundation, ISO 27001) are desirable.
• Experience of ICFR or SOX IT environments would be an advantage.
• Experience working with a GRC tool is desirable.