IT Control Compliance & Assurance Manager

Summary

The IT Control Compliance & Assurance Manager will be responsible for planning, executing, and overseeing IT Control Compliance & Assurance programs across the company's operations. This includes evaluating IT general controls (ITGC), application controls and compliance with relevant industry and internal standards.

This role also conducts IT compliance assessments and IT practice audits to evaluate the maturity, effectiveness, and consistency of IT practices to drive measurable improvement in control posture across sites.

Key Responsibilities

A. IT General Control Assessment & Independent Assurance

Perform design and operating effectiveness assessments for key ITGC domains:

Access Management

Change Management

Backup, Restore & DR

Logging & Monitoring

Patch & Vulnerability Management

Configuration Baselines / Hardening

SDLC & Release Management

Validate that LoD 1 maintains evidence, logs, tickets, and control documentation.

Evaluate the design and operating effectiveness of IT controls.

B. Pre-Project Implementation Audit and Audit Readiness Checks

Perform pre-project implementation audits for significant IT initiatives prior to go-live or major deployment.

Provide independent assurance and recommendations to project teams and control owners to address control gaps early in the project lifecycle.

Conduct pre-audit walkthroughs with control owners.

Verify completeness and quality of evidence before Internal Audit/External Audit testing.

Identify gaps early and ensure timely remediation.

C. IT Compliance Assessments and IT Practice Audit

Plan and perform periodic IT compliance assessments across operational locations.

Assess site-level adherence to:

• IT General Controls (ITGC)
• Security, operational controls and standards
• Control design effectiveness, operating effectiveness, and consistency of execution across sites.
• Identify systemic weaknesses, location-specific gaps, and recurring control failures.

Conduct risk-based IT practice audits focusing on how LoD1 executes day-to-day IT practices

Translate findings into clear, actionable improvement recommendations.

D. Compliance & Policy Adherence Monitoring

Perform periodic compliance reviews against:

Group IT policies

Security standards

Hardening baselines

Flag non-compliance and escalate unresolved issues.

Required Qualifications & Skills

Bachelor's degree in Information Technology / Computer Science / Information Systems / Cybersecurity / Business or related field.

At least 5 years experience in IT audit, IT compliance, internal audit, risk management, or related role.

Solid understanding of IT control frameworks and standards (e.g. COBIT, COSO, ISO/ISO-27001, general ITGC and application control concepts).

Strong analytical, problem-solving and risk-assessment skills; ability to identify control gaps and propose practical remediation actions.

Excellent written and verbal communication skills able to produce clear compliance and assurance reports and communicate findings to technical and non-technical stakeholders at all levels.

Preferred / Additional Qualifications

Professional certifications such as CISA, CISM, CRISC, or ISO-27001 Lead Auditor are a strong plus.

Prior experience working in manufacturing, industrial, or production-oriented organizations understanding of the interplay between IT systems and production/operations.

Experience with audit or compliance tools/software, data analytics tools (e.g. audit data analytics, log analytics), and ability to work with cross-functional teams.