Head of Internal Audit

UK Based (travel occasionally required)

Competitive Salary

Permanent Full Time Position

About the Role

IRIS Software Group is establishing its first in-house Internal Audit function following two successful years of a fully outsourced model. As Head of Internal Audit, you will build and lead a modern, insight-led assurance capability across IRIS’s multi-product SaaS portfolio, including accountancy, payroll/HCM, and education, as well as core group functions and processes. This role combines Third Line (Internal Audit) leadership with support from a co-sourced partner providing internal audit, IT audit, and risk expertise, including specialist areas such as Cyber, Cloud, and Data Privacy. This is a strong opportunity for a high-performing No.2 ready to step up into their first Head of role, with direct exposure to the Audit & Risk Committee and a clear mandate to build the function.

Key Responsibilities

• Own and deliver a dynamic, risk-based internal audit plan aligned to strategic objectives, major change, and principal risks, while establishing the Internal Audit Charter, methodology, and quality framework in line with IIA Global Internal Audit Standards.
• Lead end-to-end audits across operational, financial, compliance, product/technology, and change domains, directing co-sourced SMEs where required, and introducing agile, data-enabled auditing techniques to increase coverage and reduce cycle time.
• Report impactful findings to management and the Audit & Risk Committee, driving timely action closure with a root-cause focus, and plan for an External Quality Assessment (EQA) within 3–5 years.
• Develop an analytics roadmap and implement dashboarding (e.g. Power BI) to support continuous auditing, action tracking, audit KPIs, and risk/trend insights.
• Manage the co-sourced model, working with external partners to flex capability (Cyber, Cloud, Data, Privacy, Regulatory), setting SoWs and SLAs, ensuring quality standards, and enabling knowledge transfer.
• Partner with the Second Line to map and enhance financial, operational, IT (including cyber), and compliance controls, promoting control rationalisation, automation, and over time establishing a control testing programme.
• Provide independent assurance over major change programmes (e.g. product launches, cloud migrations, ERP/HRIS upgrades) and support M&A integration reviews in line with the IRIS M&A Playbook.
• Perform or support internal investigations, drawing on co-sourced expertise as required.
• Facilitate risk-based BCM/DR testing and oversee post-incident reviews to capture control learnings across cyber, technology, and operations.

What we're looking for:

Experience

• 10–15+ years in Internal Audit, ideally within SaaS/technology, payroll, or fintech/payments environments.
• Proven track record leading complex audits end-to-end.
• Exposure to technology and cyber risks (hands-on or via SMEs).
• Experience working in co-sourced and high-change environments.
• M&A integration experience desirable.

Qualifications

• Professional: CMIIA/CIA and/or ACA/ACCA.
• Desirable: CISA, CRISC, ISO 27001 Lead Auditor/Implementer; PRINCE2/AgilePM/Scrum.
• Familiarity with IIA Global Standards (2024), ISO 31000, and UK GDPR.

Skills & Attributes

• Clear, confident communicator with strong executive-level presentation skills.
• Builder’s mindset with a pragmatic, outcome-focused approach.
• Strong understanding of current technology risks and ability to direct SMEs effectively.
• Excellent planning, prioritisation, and vendor/contract management skills.
• Independent and confident in challenging where needed, with a collaborative approach.
• Experience working with US regulated companies or within US jurisdiction is highly desirable.