IT Risk & Compliance Director

Overall leadership and accountability for IT Compliance across the Canon EMEA organisation, regarding the definition, implementation, audits and improvement of IT Controls frameworks, including User Access Management, Identity Access Management, GDPR and Quality Assurance.

Lead and manage IT interaction and communication with key internal and external stakeholders: Finance, HR, Internal Control, Internal Audit as well as External Auditors in the context of SoX compliance, Financial year closure and statutory reporting.

1). IT Internal Control Framework including User Access Management Framework:

• Ownership of defining, reviewing and updating of IT Internal Control Framework and UAM Framework
• Set all controls and define the control owner in IT Delivery, IT Operations and associated Business Operations
• Successfully obtain the approval of the external auditor at the beginning of the annual audit, as a fundamental control design to assess.
• Ownership of implementing UAM Framework, including communication and stakeholder management with the Canon EMEA organisation

2). Identity Access Management Owner:

• Ownership of IAM within Canon EMEA.
• Lead a fundamental revision of the IAM system and associated processes in IT Operations and Business Units/ Functions (including HR) .
• Maintain the IAM as the foundation of the Access Management.
• Responsible for setups / controls through the IAM process.
• Lead and manage the process for Business Unit/ Function stakeholders to approve the IAM setup under their remit, with full understanding of good practice and appropriate setup.

3). Governance:

• Ownership of IT Governance Framework (Charter)
• Ensure an IT Governance Framework (Charter) is defined, current, monitored and communicated. Ensure the IT Governance Framework is aligned with internal/external stakeholders and supporting the IT strategy and initiatives.
• Ensure set-up and execution and reporting on internal IT and external IT service providers are compliant with overall IT governance.

4). GDPR:

• Ensure GDPR compliancy in IT Application systems
• Ensure the correction and prevention of non-compliancy in IT Applications, IT Organisation and all the associated processes
• Work closely with CDO and Maintain the Data Privacy Charter

5). External Auditor Support :

• Be the owner of the IT relationship with External Auditors
• Organise all requests / questions from external auditor to IT Governance Committee
• Support Business Users to understand and execute their responsibilities related to IT Application Control (ITAC)
• Centrally manage all the communication from IT with external auditors
• Place all required explanations & discussions and make the recommendation to the SVP and VP of IT for the final judgement as Canon IT on the deficiency.

6). Assess & Approve:

• Risk Control Matrix (RCM) in IT - Define Control Owner & Control Executer
• SoD (Segregation of Duties) & Roles
• Owner of System / Standard User Access Group
• User Access Group
• User Access Assignment (Check against SoD, Assignment through FAM)
• Internal Produced by the Entity (IPE’s) in Project
• Mitigation & Remediation plan & implementation
• Compliancy assessment and approval to all the delivery project through Quality Gates

7). Audit:

• IT General Control (ITGC) & IT Application Control (ITAC) process / Execution
• Audit all related processes in IT and Business
• Identify the deficiencies, instruct corrections, ensure the implementation (remediation) and report to Sr, Management.
• Periodic Review:
• Business & IT User Access
• SoD Scan
• Leavers

8). Control Testing:

• Conduct internal testing and proving (right or wrong) upon IT Internal Control Framework
• Assess the materiality of any Deficiency incident and ensure implementation of mitigation and remediation. Ensure the correct production and collation of evidence.
• Quality Assurance of the Compliance documentation:
• Ownership of Documentation regarding the required Quality of Control Execution
• Quality of Control and the Execution

9). Competence:

• Assess the competence of the organisation / units in the IT upon request and periodically for the IT Strategy. Keep the standard current and application to real operations.
• Framewoks include but are not necessarily limited to COSO, ITIL, CobiT, IT-CMF, CMMi, Prince2, MSP and relevant ISO standards.

10). People Leadership:

• Lead, manage, recruit, develop and coach team members to be a high-performing, motivated and knowledgeable team.

• IT Risk Management:

  - Lead, oversee and maintain IT risk management framework.

  - Ensure development, implementation, and maintenance of IT Risk policies, standards, and procedures to manage IT risks effectively.

  - Ensure regular IT risk assessments are conducted.

  - Ensure the IT Risk Register is continuously maintained, updated, and aligned to ensure leadership visibility and judgement on risks, and mitigation actions.

  - Collaborate with IT, security, legal, and Regional Risk to address and mitigate identified risks.

  - Ensure creation of IT risk reporting to senior leadership aligning with regional risk reporting requirements and regulatory expectations.

  - Review and challenge IT Strategy and IT Division MTPs, and provide feedback to IT leadership.

Skills and knowledge required:

• In-depth knowledge of best practices in IT Governance and IT Compliance in particular COBIT, IT-CMF and COSO
• Good understanding of ITIL, CMMi and relevant ISO chapters
• ITIL Foundation certified
• ISACA certified (2 out of 4)
• IT-CMF certified (Core & Assessor)
• General understanding of IT infrastructure components supporting IT Services.
• Knowledge of definition and reporting on KPI’s
• Strong leadership capability to influence and ensure others comply with EIT standards of practice (frameworks), controls, policies and quality assurance principles.
• Collaborates with others to achieve a common goal; authoritative leadership and decision-making when required.
• Provide proactive recommendations for continuous improvement (quality-driven)
• Experience of defining, leading and driving broad-reaching process/ policy reviews and audits.
• Good understanding of the Canon Business
• Significant professional experience in IT, including leadership of people/ projects
• Excellent communication and presentation skills, including presenting to and influencing at senior leadership level

Canon Leadership Principles​
• Inspires a shared vision
• Is courageous and has conviction
• Ensures delivery of the outcome
• Understands the customer
• Drives growth and innovation
• Inspires and motivates others
• Collaborates building trust-based relationships
• Develops self, others and the organisation

Job Family: Quality Assurance & Business Improvement

Job grade: 16

Canon is a world-leading imaging company and a global brand - driven to enrich people’s lives and businesses with innovative products and smart digital solutions. At Canon, we’ve been inspiring people to capture and share their world for over 85 years. As a global leader in imaging and innovation, we’re driven by bold ideas, collaboration, and a commitment to making a positive impact.
With a strong presence across EMEA for over 60 years, our regional HQs in London and Amstelveen support operations in 120+ markets. We’re proud of our diverse, inclusive culture and our philosophy of Kyosei – living and working together for the common good.
Why join us?
Canon champions hybrid working with a flexible working policy. You will be part of an energetic and innovative environment with more than 50 different nationalities! Be part of a company that values sustainability and inclusion. Lastly, you’ll find that Canon encourages continuous learning and development with a wide range of resources and support available on demand.
If you’re visionary, innovative, and ready to make an impact – we’d love to hear from you. Even if you don't meet all the qualifications we still encourage you to apply.

With Canon, you'll get the support and encouragement you need to grow from people who share your ambition. We'll invest in your professional development to help you learn and progress in your role with us. You'll find leaders who give you the freedom to explore new things and a team where knowledge is shared openly.

At Canon we have a clear vision: to be committed to creating a more inclusive and equitable culture where employees are valued and can thrive personally and professionally.

Canon also has a strong commitment to sustainability, encompassed by our Kyosei philosophy of living and working together for the common good, focused on reducing our environmental impact and creating opportunities to make positive social contribution.