IT Audit Manager

Ebury is a hyper-growth FinTech firm, named in 2021 as one of the top FinTechs to work for by Glassdoor and AltFi. We offer a range of products including FX risk management, trade finance, currency accounts, international payments and API integration.

Background

To date, Ebury has been working directly with a selection of audit firms on a project by project basis. There is now a recognition, given the size, scale, and complexity of Ebury, of the need to build a dedicated audit function internally.

As part of the department build up, coupled with the ongoing company focus on strengthening it's risk management framework and the implementation of a new Governance, Risk and Control tool there is a need to build a permanent, multi-skilled audit function with a focus on IT Risk. The department hired the first IT Audit Manager last year and established the IT audit universe and audit plan for 2023. The focus of this role will be to work with key business stakeholders to assess and recommend improvements in the Technology and Security domain and evaluate the overall approach to managing IT risk.

Role Summary

The Group IT Audit Manager / Senior IT Auditor will be a trusted business partner, who will work closely with stakeholders across the three lines of defences, namely leadership teams in the first line technology division, second line information security and risk functions and occasionally external parties. The role will have significant exposure to the business to help deliver the business's ambitious growth agenda within a controlled environment.

This role reports to the Group Senior IT Audit Manager and will provide assurance across the global business. The team operate flexibly and currently travel to the head office in Victoria (typically) twice or three times a week. There are opportunities for travelling abroad to visit other offices in our strategic locations.

Key Responsibilities

• Contribute as the IT and Information Security Specialist to the Group Internal Audit (GIA) function. This will include the continuous development of the IT audit universe and ensuring that risk assessments are up-to-date and accurate for the fast evolving business.
• Delivery of audits for all phases (planning, execution, reporting) including those of a complex and technical nature. Support in the delivery of value adding and insightful audit reports, ensuring factual accuracy is agreed and managing stakeholder communications.
• Participate in GIA's key initiatives such as the automation of audit & continuous monitoring processes, development of audit strategies (e.g. cyber and cloud security framework), and acquisition of technology solutions.
• Work with a supportive group of specialists within the Internal Audit practice to develop innovative, market leading solutions and proposals.
• Support the production of management reporting with an ability to summarise and produce compelling messaging for delivery into senior committees, including updates to the Board Audit Committee.
• Capture and document supporting internal audit materials which are required to demonstrate the GIA methodology and approach.

What we're looking for:

• Proven experience auditing IT application and general controls, preferably gained within financial services, payment institutions or from regulators.
• Experience auditing or working in the First or Second Line of Defense IT, information security and operational risk functions, or experience with payments and international transactions would be advantageous.
• Sound understanding of software development, system architecture, information and cyber security and cloud computing.
• Knowledge of risk based auditing and risk management frameworks (e.g. ISO27001, NIST, COBIT, COSO).
• Ability to apply analytics, process automation and develop a data driven internal audit approach.
• Ability to review code (Python, Java, SQL etc.) and develop data analytics solutions is highly desirable but not essential.
• Confident in dealing with senior stakeholders such as Engineering Managers and Directors, CISO and CTO.
• Able to work effectively in a fast changing business environment and manage shifts in priorities.
• Relevant professional certifications or industry accreditations (CISSP, CISM, CISA, CIA, AWS or GCP certifications etc.) would be a plus.
• Degree qualified in computer science, information security, engineering or of a quantitative discipline would be a plus.

About Us

Ebury is a FinTech success story, positioned among the fastest-growing international companies in its sector.

Founded in 2009, we are headquartered in London and have more than 1300 staff with a presence in more than 20 countries worldwide. Cultural diversity is part of what makes Ebury a special place to be. From Sao Paulo to Dubai, Bucharest to Toronto, we enjoy sharing team experiences and celebrating success across the Ebury family.

Hard work pays off: in 2019, Ebury received a £350 million investment from Banco Santander and has won internationally recognised awards including Financial Times: 1000 Europe's Fastest-Growing Companies.

None of this would have been possible without our proudest achievement: our great people. Enthusiastic, innovative and collaborative teams, always ready to disrupt and revolutionise the fast-paced FinTech sector.

We believe in inclusion. We stand against discrimination in all forms and have no tolerance for the intolerance of differences that makes us a modern and successful organisation. At Ebury, you can be whoever you want to be and still feel a sense of belonging no matter your story because we want you and your uniqueness to help write our future.

Please submit your application on the careers website directly, uploading your CV / resume in English.