Context
Cutomer must comply with the SOX requirements (i.e. 404 A & B)
IT organization is largely centralized even though some teams are deployed within the geographical and business areas.
Located in La Defense (Flexible scheme with remote working).
Profile
Master Degree in Engineering or Finance with IT skills
At least 3 to 7 years post qualification experience in IT Audit, SOX, Security, GRC Governance, Risk and Compliance
Good knowledge on IT Processes and standard referential (ex. ITIL, Cobit, COSO)
Excellent communication skills in a multicultural and technical environment, fluent in English (other language(s) would be appreciated)
Demonstrated good working knowledge of MS Office
Excellent planning, time management and communication skills
Flexible working hours during peak business periods
Ability to work independently and as part as a team as required
Knowledge in internal controls models deployed in ERPs environment
Demonstrable business process and internal control knowledge skills
Design and management of communication tools
Facilitation skills (mentoring, workshops, scenario building )
Activities
The Internal Control (IC) Central team is looking for an IT Internal Controller to:
contribute to and support the IT internal controls assessment process performed in liaise with the IT Applications and Process Owners,
perform and consolidate IT systematic testing, carry on some part of the activity,
develop automated testing based on business analytics,
contribute to the reporting module of the GRC application BWise,
ensure the training of end users/testers as well as the design and management of the IC communication tools.
The IT Internal Controller's role will be to oversight and contribute to the full implementation and run of the IT IC program for the Group to meet SOX requirements. These activities require a close and permanent coordination with the various teams, Application and Processes Owners and Experts involved.
The consultant will quickly need to gain a clear understanding of the IT business and processes, establish credibility, authority and good working relationship with your line Manager and the wider organization.
Manage IT internal controls assessment performed by and with the IT team
Make sure the IT IC self-assessment campaign will be timely completed by the ERP/Application Owners, and the Process Owners
Maintain articulation between IT- Risk & Compliance Team, Shared Services IC staff and IC team members
Review the control execution implemented by the Control Owners to mitigate our key risks
Maintain permanent contact with IT correspondents
Make sure that internal controls IT assessments are conducted in compliance with Group Standards & Policies, with the appropriate documentation, evidence and testing workpapers
Make sure that BWise processes are applied and timely managed
Anticipate on issues that may prevent to meet the deadlines
Follow-up on remediation actions and input in reporting
Contribute to the IT yearly IC evaluation reports
Contribute in the process of integrating business controls into IT applications
Propose areas where business controls can leverage with IT applications
Organize and manage workshops for the selected areas, possibly involving some business people
Manage remote staff who performs testing and formalize workpaper under his/her responsibility
Perform and document some assessments and testing
Provide inputs in the workshops, design revised controls embedded in IT applications, identify possible new risks, propose mitigation controls and summarize outcomes for validation
Follow-up on standard framework upgrade and deployment
Develop IT automated controls to support some Business controls
Use data analytics tools
Specify, build, document and maintain the selected controls
Execute the controls and automatize them as far as possible
Build the communication process to make these controls effective
Prepare the transfer of the mature controls to Share Services staff and ensure the execution monitoring them
