Internal Audit Manager - Technology in Milton Keynes

We are seeking a highly motivated and experienced IT Audit Manager to join our dynamic, innovative, and collaborative Internal Audit team (14 people across the UK and the US). We provide forward-looking assurance, insight, and advice to enable Pearson to achieve its strategic objectives. As IT Audit Manager, you will be responsible for leading the planning, execution and reporting of varied IT and cybersecurity audit projects to time and quality in a professional, engaged, and responsible manner. You will take the lead in communicating results to Senior Management and be key to the Internal Audit team building strong relationships with stakeholders across the business. You will report to one of the Audit Directors and support the Internal Audit Leadership team with annual audit planning, audit committee reporting, and improvement activities as needed. This role offers a good opportunity for someone who would relish being part of a supportive team, working in an international environment, auditing across a diverse and fast changing technology and digital environment, and developing relationships with Senior Management.

The work will involve up to 20% international travel. Our key IT audit stakeholders are based in UK and US so occasionally flexibility may be required to work across these time zones. To facilitate this working from home is an option, but candidates will need to travel to their hub office (London, 80 Strand or Belfast, Clockwise River House) once a week for team/stakeholder meetings and other events.

Main activities/responsibilities:

• Leading the delivery of complex technology, application, infrastructure, and security audits, project/programme audits and integrated audits. Typical audit topics are wide ranging and may include Cloud, AI, IT governance and cybersecurity amongst others.
• Audit Managers are responsible for all aspects of the audit delivery including determining the risk-based audit scope, designing the approach/work programme, planning and project managing the audit delivery, conducting fieldwork activities and testing, proactive discussions with business and IT management to validate audit observations, through to report issue and file closure.
• Discussing audit findings with management and ensuring appropriate actions are agreed to mitigate risks identified.
• Preparing clear and concise reports, with commercially relevant recommendations to improve the internal control system and address weaknesses and process inefficiencies.
• Following up on the effective implementation of agreed actions, liaising closely with actions owners and business management.
• Building and sustaining positive working relationships with colleagues in Internal Audit and stakeholders in technology and the wider business.
• Supporting and coaching members of the team.
• Completing ad-hoc projects and supporting investigations as required.
• Being aware of developments in audit techniques and adapting and championing these to support continuous improvement in the way we work.

Qualifications required:

• Degree or equivalent level (in Information Security, Computer Science, or similar)
• Recognised IT audit or information security qualification (CISA, QICA, CISSP, CRISC, ISO27001 Lead Auditor, SSCP)
• Demonstrable practical experience of cybersecurity and IT auditing across IT processes, applications, infrastructure, IT security, cloud services and emerging technologies, able to understand processes and controls and identify potential risks to the business.

Required skills:

• Strong knowledge of IT risk management, security and control and a clear understanding of the relationship between technology and business risk.
• Solid knowledge of cybersecurity controls, network architecture, website platform development, secure coding, and virtual computing.
• Able to grasp complex technology issues and develop practical solutions.
• Good organisational and project management skills, able to handle multiple assignments simultaneously, resolve problems, and deliver to deadlines.
• Strong communication, relationship building and influencing skills – both written and verbal – able to communicate technical issues and recommendations to both technical and non-technical audiences at different levels in the organization.
• Collaborative approach to working within a team and with colleagues across the business.
• Digital and commercial focus.
• Flexible, innovative, self-motivated, critical thinker with the ability to leverage skills in new situations.
• Comfortable working independently in a relatively unstructured environment without the need for constant direction.

Experience required:

• Experience of auditing web applications/services, network, operating system, database security, cloud and AI.
• Experience of using cybersecurity and industry frameworks and standards such as NIST CSF, ISO 27001/2, PCI DSS, COBIT, and ITIL.
• Experience of auditing Agile software development methods.
• Experience of data analysis tools (IDEA, Tableau, Alteryx) and ability to support complex data extraction and analysis requirements.
• Exposure to major ERP systems, preferably Oracle.

Your Reward & Benefits:

We know you’ll do great work, so we give a lot back with some of the best benefits in the business. We understand that one size doesn’t fit all, so our workplace programs meet the different needs of our diverse teams and their families too. There are a range of options, too many to list here, but when you join our Pearson family you can look forward to:

• Starting holiday of 25 days plus UK public holidays and you’ll earn 1 additional day’s holiday per year you work with us up to 30 days;
• A generous pension scheme where we match and double what you contribute;
• Maternity, paternity, and family care leave as well as flexible work policies;
• Stock/share purchase options;
• Healthcare and dental plans, and an employee well-being assistance program for you and your family to help balance work, family, and personal life;
• Cycle to Work Scheme, gym membership concessions in selected office locations, along with retail and leisure discounts.

What to expect from Pearson:

Did you know Pearson is one of the 10 most innovative education companies of 2022? At Pearson, we add life to a lifetime of learning so everyone can realize the life they imagine. We do this by creating vibrant and enriching learning experiences designed for real-life impact. We are on a journey to be 100 percent digital to meet the changing needs of the global population by developing a new strategy with ambitious targets. To deliver on our strategic vision, we have five business divisions that are the foundation for the long-term growth of the company: Assessment & Qualifications, Virtual Learning, English Language Learning, Workforce Skills and Higher Education. Alongside these, we have our corporate divisions: Digital & Technology, Finance, Global Corporate Marketing & Communications, Human Resources, Legal, Strategy and Direct to Consumer.

We value the power of an inclusive culture and also a strong sense of belonging. We promote a culture where differences are embraced, opportunities are accessible, consideration and respect are the norm and all individuals are supported in reaching their full potential. Through our talent, we believe that diversity, equity and inclusion make us a more innovative and vibrant place to work. People are at the center, and we are committed to building a workplace where talent can learn, grow and thrive.