IT Risk and Compliance Manager
Are you a highly motivated and a results-oriented manager searching for a role in which you will play a pivotal part in the execution of our global IT SOX Compliance program as well as compliance across Cyber-Security, PCI-DSS and GDPR controls. The success of this role will hinge on you having hands-on experience identifying, evaluating and managing the design of risk and controls and being able to assess the effectiveness of controls on critical systems in a dynamic/ complex environment. In addition, you will be detail-oriented and have the skills and flair necessary to influence key control stakeholders at all levels in a fast-changing environment. The position, which reports to the Head of IT Compliance, will provide critical guidance to internal and TBS customers, liaise with external customers and vendors. This position will be part of an integrated team that believes that collaboration, flexibility, resourcefulness and attention to detail are keys to success. More about the role
- Manage, drive and maintain the IT SOX Risk and Controls Matrix on an annual and ongoing basis and ensure its defined correctly.
- Manage remediation plans by working closely with Control Owners to ensure the gaps identified are closed quickly limiting security gaps.
- Manage and drive the daily operational duties for the SOX program including producing sustainable reporting to leadership to demonstrate status and effectiveness of the SOX program.
- Track controls in The Body Shop Cyber-Security framework, as defined by the Cyber-Security team, including testing, evidence gathering and audit as well as implementation for new systems and projects.
- Be the single point of advisory contact for Control Owners.
- Research and assess deficiencies identified and advise management appropriate solutions. Manage the ongoing follow-up on remediation activities to verify appropriate resolution.
- Manage relationship with IT internal & external auditors to ensure there is full collaboration throughout the Audit period.
- Manage external relationship such as vendor to ensure SOC reports are delivered timely, perform evaluations to ensure exceptions are appropriately addressed and that appropriate complementary controls are in place and operating effectively.
- Develop and deliver annual and ongoing IT compliance trainings to key control stakeholders in enhance the SOX program.
- Collaborate and be ready to challenge and support Control effectiveness outcome with key stakeholders i.e. Audit parties
- Assist with the annual global PCI-DSS audit, ensuring technical controls are operated correctly, documentation updated, and the relevant store visits and technical testing activities are completed on time.
- Track IT controls for GDPR risks, measure and recommend improvements to the framework to reduce risk of Data and Privacy Breaches.
- Pro-actively engage with IT partners to identify areas where control enhancements and/ or documentation improvements are needed.
- Support the team-oriented culture of the Internal Controls and SOX department. Oversee and review work completed by IT SOX testers and contractors.
- Collaborate with the Business Process team to assess any gaps found in IT to ensure compensating/ mitigating controls are identified in the Business Process to limit security exposures.
What we look for
Your proven experience working within a compliance environment to define, improve controls and overall SOX compliance will be crucial to the role. If you're ready to take on a wide range of responsibilities and are committed to seeking out new ways to make a difference, this role is for you.
- The ability to engage and challenge internal and external stakeholders including overseas teams
- The ability to manage multiple stakeholder communities with varying levels of experience
- Intellectual strength / flexibility to rapidly understand complex problems and rationalise these into a workable solution for the company
- Continues improvement - proven experience of developing innovative ways of working that are current and relevant to our business
- The ability to develop and deliver high quality output against stated objectives and meet tight deadlines
- A high level of drive, commitment to achieving solutions and ability to work under pressure
- Strong written and verbal communication, presentation and technical writing skills
- Experience in developing accurate reporting material for senior leadership teams and operational teams
What else are we looking for?
Technical skills Strong technical insight, practical knowledge and capability in Sarbanes-Oxley compliance including;
- Demonstrated experience of SAP HANA and associated GRC tool
- Deep experience of assessing risks around new system development
- Exposure to new generation technology solutions including robotics.
- Knowledge of PCI-DSS
- Good knowledge of GDPR technology risks and controls
- Good knowledge of Cybersecurity frameworks such as NIST
- Strong technical and functional knowledge of IT controls including Change Management, User Access and IT Operations including experience in SAP environment
- Understanding of the key business processes across business functions such as Record to Report (RTR), Purchase to Pay (P2P), Order to Cash (OTC) with a focus on automated business process controls
- Experience of understanding and assessing third party service provider risk and control, including understanding SOC reports control
- A Big 4 background or comparable IT audit experience is advantageous, although we will also consider candidates with excellent industry experience and ACCA, ACA, CISA, CIA or similar designations would be beneficial.
The Body Shop
When Anita Roddick founded The Body Shop in 1976, she had a vision. Business as a force for good - that's us. Over 40 years later, we're proud to be pioneering cruelty-free beauty every step of the way. We're the original ethical beauty brand. We've got a thing for empowering people and enriching our planet. We're all about keeping it real, in every way possible. Our activist roots remain a huge part of everything we do, from our iconic window posters to our vegetarian products to our infamous campaigns. We're never afraid to stand up and speak the truth. We like to do things a little differently around here.
The Body Shop, along with Aesop and Natura, is part of Natura & Co, a global, multi-channel and multi-brand cosmetics group that is committed to generating positive economic, social and environmental impact. Group owner Natura is Brazil's number one cosmetics manufacturer. Sustainable development has been the company's guiding principle since it was founded in 1969. In fact, this is an incredibly exciting time for The Body Shop. We're fighting for what we believe in now more than ever. No holding back. Breaking the mould has always come naturally to us, and we need someone who's not afraid to mix things up.
What do we offer in return
- a 6% contributory pension plan,
- 23 days holiday plus bank holidays - time to refresh and recharge
- Group bonus scheme
- 3 additional days a year to volunteer in the local community to support the causes you feel most passionate about
- LOVE money to spend on YOUR wellbeing - pamper yourself on us. Every year.
- 50% staff discount and access to product sample sales
- Access to Perks at Work, our online shopping channel with exclusive deals & discounts
- AND - we have also implemented 'Work Wise' into our HQ - flexibility of 'in-office' hours, the ability to work remotely and a new meeting charter.
Here at The Body Shop we've got your best interests at heart - it's our way of saying thank you!
If you are excited by all that - you might just be the sort of person we need to help us make the impactful change the world needs within a business that invented the culture of 'joyful collective' and everything that means and stands for.
We have something special to offer and we're looking for someone special to help us to do that. Show us how you can contribute to the next step in the evolution of The Body Shop.
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, colour, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.