Technology Internal Audit Director

Description A senior leadership position in the global Internal Audit team, the Internal Audit Director for Technology is responsible for driving the company's technology-focused internal audit strategy, encompassing IT systems, applications, data, and emerging technologies. The Technology Internal Audit Director will provide independent and objective assurance on the effectiveness of the organisation's IT controls, risk management, and governance processes. This role requires exceptional leadership, communication (verbal & written), and technical expertise to manage a team and engage with senior management and the audit committee.  Specific Role Responsibilities    Strategic leadership : Develop and implement a risk-based audit plan aligned with business objectives and regulatory requirements. Audit execution : Oversee the end-to-end execution of complex technology audits, including cybersecurity, software development, technology & infrastructure, data privacy, and IT general controls (ITGC). Risk assessment : Perform continuous risk assessment to monitor and identify emerging technology risks and adapt the audit plan accordingly. Stakeholder engagement : Build and maintain strong relationships with senior management and the audit committee, effectively communicating audit findings, risks, and recommended actions. Team management : Lead, mentor, and coach a high-performing team of technology auditors, fostering a culture of continuous learning and development. As such the Technology Internal Audit Director is required to align primarily with UK team working hours. Quality assurance : Ensure the consistent application of internal audit methodology and adherence to professional standards set by organisations such as ISACA and the Institute of Internal Auditors (IIA). Reporting : Prepare and present comprehensive, high-impact audit reports that clearly articulate findings, root causes, and practical recommendations for risk mitigation. Innovation : Drive continuous improvement within the internal audit function by leveraging technology such as AI.. Regulatory compliance : Ensure IT audit activities align with relevant regulatory requirements, standards, and frameworks (e.g., NIST, ISO 27001, DORA).  Functional Area Responsibilities   Technology governance and strategy Risk assessment: Develop and maintain a comprehensive, risk-based audit plan that aligns with the organisation's technology strategy. This involves identifying key IT risks, such as system reliability, security vulnerabilities, and technology obsolescence. IT framework evaluation: Assess the effectiveness of IT governance, risk management, and internal control frameworks. Strategic advisory: Provide independent assurance and insights to executive management and the audit committee on how technology risks affect business objectives. Emerging technologies: Oversee audits of new technologies, such as artificial intelligence (AI), machine learning (ML), and robotic process automation (RPA), to ensure proper governance and controls are built in from the start. Cybersecurity and information security Audit planning: Integrate cybersecurity risk formally into the annual audit plan, focusing on areas like vulnerability management, access controls, and data protection. Security control assessment: Evaluate the design and effectiveness of technical and administrative security controls, including firewalls, encryption protocols, and multi-factor authentication (MFA). Incident response: Evaluate the organisation's incident response and crisis management plans to ensure readiness for security breaches and other cyber incidents. Regulatory compliance: Ensure compliance with data privacy regulations such as GDPR and CCPA, and provide assurance on security controls. IT operations and infrastructure Cloud infrastructure: Audit the governance, security, and controls related to cloud platforms and software-as-a-service (SaaS) solutions. Business continuity and disaster recovery: Review the effectiveness of BCDR plans to ensure the organisation can recover from a major technology disruption. Data governance and analytics Data integrity and privacy: Assess controls related to data accuracy, integrity, and privacy across IT systems and databases. Audit analytics: Lead the adoption and use of advanced data analytics for auditing, shifting the focus from sampling to reviewing entire data populations for anomalies and risks. Third-party vendor risk: Evaluate the risks associated with IT vendors, including their security, reliability, and resilience. Team leadership and management Quality assurance: Oversee the execution of audit projects and quality assurance activities to ensure timely and high-quality results, and alignment to the Audit Practices Manual. Talent management: Attract, hire, and mentor a team of skilled IT auditors to ensure the audit function is adequately resourced and equipped to address complex technology risks. Stakeholder Engagement and Influence Build trusted relationships with senior leadership (e.g., CTO, CISO).and Audit Committees. Present findings, themes, and risk insights to senior management and contribute to executive decision-making. Foster a culture of risk awareness and internal control across the business. Experience required   Experience: A minimum of 15 years of progressive experience in internal or external IT audit, including several years spent in a senior leadership role. At least 3 years working directly in a 1st line technology function is highly desirable e.g. as a software developer, infrastructure engineer, cyber security specialist etc. Education: A bachelor’s degree in cyber / information technology, Computer Science or a related field. A master's degree or MBA is an additional advantage. Certifications: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified Information Systems Security Professional (CISSP) are highly desirable. Certified Internal Auditor (CIA) is an additional advantage. Technical expertise: Deep knowledge of and experience with IT systems and processes, including:Cybersecurity and information securityCloud computing platforms (e.g., AWS, Azure, Google Cloud)Network infrastructureApplication development and SDLC (Agile methodologies)Data management and governanceIT risk management frameworks (e.g., NIST, ISO) Analytical skills: Strong analytical, problem-solving, and critical-thinking abilities to interpret complex technical information and translate it into actionable insights. Leadership skills: Proven ability to lead, manage, and develop a team, with excellent project management and organisational skills. Communication skills: Exceptional written and verbal communication skills, with the ability to effectively present complex technical concepts and findings to both technical and non-technical audiences. Personal attributes: A high degree of integrity, professionalism, and the ability to operate independently with a strong sense of professional scepticism.  About FNZ Culture    Our culture is what drives us. It's at the heart of who we are and everything we do. It's what inspires, excites and moves us forward. Our ambition is to create a culture for growth, one that opens up limitless opportunities for our employees, customers and the wider world. At FNZ we know that great impact is only possible with great teamwork. That’s why we value the strength and diversity of thought in our global team. The FNZ Way is the cornerstone of what we do. It is comprised of four values that set the standard for how everyone at FNZ interacts with each other, with our customers, and with all our diverse stakeholders around the world.  Customer obsessed for the long-term Think big and make an impact Act now and own it all the way Challenge, commit and win together  Read more about The FNZ Way and our values : Opportunities   • Right from day one, you will work alongside exceptional, multicultural teams - experts in their respective fields - who will inspire and challenge you to make your greatest impact; • Be part of a highly successful, rapidly growing, global business that is leading the delivery of financial services via cloud computing and partners with some of the world’s largest companies;  • Working in a flexible and agile way that meets the needs of the business and personal circumstances; • Remuneration, significant financial rewards and career advancement is based on individual contribution and business impact rather than tenure or seniority; and • We provide global career opportunities for our best employees at any of our offices in the UK, EU, US, Canada, India, South Africa and APAC.  Commitment to Equal Opportunities    At FNZ, we recognise that diversity, equity and inclusion are important factors contributing to our success. We embrace the unique perspective and capabilities of our current and future employees, which will help us continue to drive innovation and achieve our business goals. Recruitment decisions at FNZ are made in a non-discriminatory manner without regard to gender, ethnicity/race, faith, age, nationality, gender identity, sexual orientation, marital status, socio-economic background, disability or military veteran status where all applicants and employees are valued and respected. In addition, we want to ensure accessibility needs are well supported, if you require specific support please advise us.