Tech Risk & Compliance Lead

Posted 2 Days Ago
Be an Early Applicant
London, Greater London, England, GBR
In-Office
Senior level
Insurance
The Role
Hands-on role designing, implementing and testing SOX IT General Controls across EMEA infrastructure. Embed controls-by-design with architects, execute ITGC testing, collect evidence, manage deficiencies to remediation, and liaise with auditors and data protection teams to maintain SOX, GDPR and DORA compliance.
Summary Generated by Built In

ROLE PURPOSE

The Tech Risk & Compliance Lead is a hands-on, execution-focused role within the EMEA IT Risk and Compliance function, responsible for the practical design, implementation and testing of SOX IT General Controls (ITGCs) across the EMEA technology estate, alongside supporting compliance with the wider European regulatory landscape including the General Data Protection Regulation (GDPR) and the Digital Operational Resilience Act (DORA). The role holder works directly with architects and application owners to build IT controls into systems, performs control design and operating-effectiveness testing, collects and reviews evidence, manages deficiencies through to remediation, and acts as the day-to-day interface to internal and external auditors (PwC), risk and data protection functions, and regional IT leads 

 

KEY RESPONSIBILITIES

 

Control Design, Implementation and Testing

  • Design and document SOX-compliant control specifications for IT platforms - covering logical access, change management, computer operations and segregation of duties - and work with IT owners to implement them in production.

  • Apply controls-by-design in practice: review designs, configurations and change requests against control requirements and confirm SOX, data protection and operational-resilience controls are built in before changes reach production.

  • Plan and execute control design and operating-effectiveness testing across the ITGC portfolio, including sample selection, test execution, workpaper preparation, and conclusion on control adequacy.

  • Maintain a detailed control inventory, test calendar and RACI for each control, and track identified deficiencies through root-cause analysis to validated remediation.

 

Architecture Review and Controls by Design

  • Review infrastructure architecture documents, design proposals, and change requests to assess SOX control implications prior to implementation; engage at design stage with architects and engineers to embed ITGCs, preventing control gaps from being introduced through system design.

  • Provide compliance input into cloud migrations, platform modernisation, database upgrades, and identity management programmes.

  • Develop and maintain a controls reference framework as a practical design guide for architects and platform owners.

 

Regulatory Control Implementation and Testing - SOX, GDPR and DORA

  • Embed GDPR technical and organisational controls (access control, encryption, logging, data retention and deletion, and audit trails) into infrastructure design and the ITGC framework, partnering closely with the Data Protection Officer and privacy function.

  • Establish a consolidated regulatory control mapping so that a single, well-designed set of controls satisfies SOX, GDPR and DORA obligations, reducing duplication and control fatigue across the estate.

  • Report on control implementation and testing status against regulatory requirements and track remediation of identified gaps through to closure.

 

Advisory and Stakeholder Engagement

  • Act as compliance advisor to application owners, architects, and engineering teams on ITGC-compliant access models, change workflows, and operational procedures.

  • Participate in architecture review boards and governance forums as the designated compliance representative; serve as primary contact for internal audit and PwC for all infrastructure-related SOX testing, evidence requests, and findings management.

  • Provide structured reporting to senior leadership on compliance posture, open findings, and remediation status.

 

Technology Risk and Continuous Improvement

  • Conduct periodic IT risk assessments and produce decision-ready risk reporting for senior management; assess compliance implications of new technologies and delivery models prior to adoption.

  • Drive standardisation and continuous improvement of the infrastructure compliance programme; develop guidance materials and training for infrastructure and application teams.

  • Operate effectively within an evolving regulatory environment, including GDPR, DORA, FCA requirements, and Lloyd's reporting obligations.

Qualifications

EXPERIENCE

  • Minimum 5 years in IT compliance, IT external or internal audit, or technology risk within financial services, insurance, or Big 4.

  • Proven ownership of SOX ITGC programmes including proactive monitoring and deficiency remediation.

  • Track record of reviewing architectural artefacts from a compliance perspective and guiding technical teams on control implementation.

  • Prior engagement with Big 4 external audit at a senior client-side level, or equivalent auditor-side experience.

  • SOX ITGCs: logical access, change management, computer operations, and segregation of duties.

  • Privileged access management tools: CyberArk and/or SailPoint.

  • Infrastructure platforms: Windows Server, Linux/AIX, iSeries (AS400), Oracle Database, SQL Server, and DB2.

  • Ability to critically assess architecture documents and identify control design implications.

  • Working knowledge of EU regulatory frameworks affecting infrastructure, including DORA operational-resilience requirements and GDPR technical and organisational controls.

 

QUALIFICATIONS

  • Required: Bachelor's degree in Computer Science, Information Technology, or a related discipline.

  • Preferred: Certified Information Systems Auditor (CISA).

  • Advantageous: CRISC, CISM, or equivalent professional qualification

 

We offer in return!

 

Competitive salary & pension scheme, discretionary bonus scheme, 25 days annual leave plus ability to purchase additional days, hybrid working options, Private Medical cover, Employee Share Purchase Plan, Life Assurance, Subsidised gym membership, Comprehensive Learning & development offerings, Employee Assistance program.

 

Integrity. client focus. respect. excellence. teamwork

Our core values dictate how we live and work. We’re an ethical and honest company that’s wholly committed to its clients. A business that’s engaged in mutual trust and respect for its employees and partners. A place where colleagues perform at the highest levels. And a working environment that’s collaborative and supportive.

Diversity & Inclusion. At Chubb, we consider our people our chief competitive advantage and as such we treat colleagues, candidates, clients, and business partners with equality, fairness and respect, regardless of their age, disability, race, religion or belief, gender, sexual orientation, marital status or family circumstances.

We are committed to ensuring our recruitment process is inclusive and accessible to all. If you have a disability or long-term condition (for example dyslexia, anxiety, autism, a mobility condition or hearing loss) and need us to make any reasonable adjustments, changes or do anything differently during the recruitment process, please let us know.

 

Skills Required

  • Minimum 5 years in IT compliance, IT audit, or technology risk within financial services, insurance, or Big 4
  • Proven ownership of SOX ITGC programmes including monitoring and deficiency remediation
  • Design and document SOX-compliant control specifications (logical access, change management, computer operations, segregation of duties)
  • Experience performing control design and operating-effectiveness testing, sample selection, workpapers and conclusions
  • Track record reviewing architectural artefacts and guiding technical teams on control implementation
  • Prior engagement with Big 4 external audit at a senior client-side level, or equivalent auditor-side experience
  • Experience with privileged access management tools (CyberArk and/or SailPoint)
  • Hands-on knowledge of infrastructure platforms: Windows Server, Linux/AIX, iSeries (AS400), Oracle Database, SQL Server, DB2
  • Working knowledge of EU regulatory frameworks affecting infrastructure, including DORA and GDPR technical and organisational controls
  • Ability to assess architecture documents and identify control design implications
  • Bachelor's degree in Computer Science, Information Technology, or related discipline
  • Certified Information Systems Auditor (CISA)
  • CRISC, CISM, or equivalent professional qualification
Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Zürich
27,791 Employees

What We Do

Chubb is the world’s largest publicly traded property and casualty insurance company. With operations in 54 countries and territories, Chubb provides commercial and personal property and casualty insurance, personal accident and supplemental health insurance, reinsurance and life insurance to a diverse group of clients. As an underwriting company, we assess, assume and manage risk with insight and discipline. We service and pay our claims fairly and promptly. The company is also defined by its extensive product and service offerings, broad distribution capabilities, exceptional financial strength and local operations globally. Parent company Chubb Limited is listed on the New York Stock Exchange (NYSE: CB) and is a component of the S&P 500 index. Chubb maintains executive offices in Zurich, New York, London, Paris and other locations, and employs 31,000 people worldwide. Additional information can be found at: chubb.com.

Similar Jobs

ServiceNow Logo ServiceNow

Architect

Artificial Intelligence • Cloud • HR Tech • Information Technology • Productivity • Software • Automation
Remote or Hybrid
Staines, Surrey, England, GBR
29000 Employees

Boeing Logo Boeing

Graduate RCM Engineer- 2026

Aerospace • Information Technology • Software • Cybersecurity • Design • Defense • Manufacturing
In-Office
Bristol, England, GBR
170000 Employees

Boeing Logo Boeing

Support Engineer

Aerospace • Information Technology • Software • Cybersecurity • Design • Defense • Manufacturing
In-Office
Bristol, England, GBR
170000 Employees

Boeing Logo Boeing

Programme Manager-Aircraft Design Organisation Services (E-7)

Aerospace • Information Technology • Software • Cybersecurity • Design • Defense • Manufacturing
Hybrid
Bristol, England, GBR
170000 Employees

Similar Companies Hiring

Globe Life Thumbnail
Insurance • Financial Services
McKinney, TX
3000 Employees
MassMutual India Thumbnail
Big Data • Fintech • Information Technology • Insurance • Financial Services
Hyderabad, Telangana
Granted Thumbnail
Mobile • Insurance • Healthtech • Financial Services • Artificial Intelligence
New York, New York
23 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account