IT Internal Audit Senior Manager (Group Internal Audit HUB)

We are looking for candidates to join our Group Internal Audit („GIA”) team of International Personal Finance Group („IPF Group”) in a permanent position to enhance our IT auditing capabilities. We are interested in speaking to ambitious individuals who can help us develop a risk-based IT auditing practice to supplement the existing IT audit capabilities and who can work comfortably across geographies within the IPF Group.

Based in Warsaw, the successful candidate would have significant experience in IT auditing and the development of IT audit capabilities in a versatile and sometimes uncertain IT environments. They will have been a senior member of an IT internal or external audit team with vast experience in IT auditing of financial institutions and senior IT stakeholders' management.

Your responsibilities

• Evaluate whether IT Governance and the internal control system provide an adequate framework to identify, assess and manage information technology risk.
• Ensure that the IT internal audit methodology is sufficiently efficient, comprehensive and conducted in accordance with IIA and ISACA requirements.
• Provide GIA technology assurance within own geographical area of responsibility, including preparation and delivery of IT internal audit operational plans.
• Deliver a high-quality audit and assurance service (specifically in technology disciplines). Verify the effectiveness of IT risks identification, including cybersecurity threats, data breaches, system vulnerabilities, third-party vendors within the organization, and of risk assessments to evaluate the potential impact and likelihood of identified risks. Examine the effectiveness of risk response strategies to mitigate, transfer, avoid, or accept risks, ensuring alignment with organisation’s risk appetite and regulatory requirements. Provide third line assurance over compliance with relevant laws, regulations, and industry standards, identifying opportunities for improvement and innovation in risk controls.
• Report audit findings and propose recommendations that deal with the root cause of issues and impact to the organisation (report writing). Follow up with management to ensure that internal audit findings have been effectively implemented.
• Contribute to the preparation of periodic reports for management and for the Audit & Risk Committees.
• Build and maintain regular business relationships through effective and efficient partnering with senior IT stakeholders. Influence necessary change in terms of the management of Technology Risk at senior levels.
• Manage the relationship with second line IT assurance teams to ensure audits are delivered in a timely and efficient way to reduce disruption of the IT processes.
• Provide relevant risk identification, security and audit control insights for IT system development projects and other initiatives, as appropriate.
• Take personal accountability for results delivered in areas of responsibility.

Our requirements

• Strong ethical skills and a high level of integrity.
• A Degree in information systems, computer science or other related field.
• A professional certification, such as, CISA, CISSP, CRISC, COBIT, PRINCE2 or CISM. CIA qualification would be an asset.
• 5+ years of post-professional qualification, hands-on experience in provision of third line technology assurance within regulated financial institution.
• Knowledge of DORA requirements and how IT processes need to be adapted to assure compliance.
• Logical and strong critical thinking mindset combined with analytical thinking. Ability to balance strategic focus, attention to details and business acumen to provide efficient and effective independent assurance.
• Experience of operating at and influencing senior management levels across functions and geographies in large, complex and sometimes uncertain IT environments.
• Excellent stakeholder management skills in balancing diplomacy with assertiveness.
• Ability to educate senior management on best practices in IT related governance, risk and control subjects.
• Fluent in verbal and written business English, at least C1 level.
• Use of data analysis to reach meaningful conclusions.
• Ability to maintain confidentiality, independence and objectivity.

What we offer

• Stable employment – 89% of people are employed under an employment contract for an indefinite period
• Safety – we have been on the Polish market for 25 years
• Friendly work environment – we have received the Top Employer award 11 times in a row
• Hybrid work – we usually meet in the office twice a week (Dworzec Gdański metro station)
• Psychological support for employees, including: care of a psychologist (including children's), psychotherapist, dietician, coaching
• Full implementation under the supervision of a mentor, including a package of professional implementation training
• Access to the development platform, including e-learning training, podcasts and webinars
• Activities supporting development in the organization, e.g. the "Effective Manager" training series for people holding managerial positions
• Access to the ProviBenefity cafeteria platform, which is supplied with a monthly amount to be used, or subsidies for your Multisport card - you choose from 5 types of cards