Global Head of Technology Controls Assurance

The Apex Group was established in Bermuda in 2003 and is now one of the world’s largest fund administration and middle office solutions providers.

Our business is unique in its ability to reach globally, service locally and provide cross-jurisdictional services. With our clients at the heart of everything we do, our hard-working team has successfully delivered on an unprecedented growth and transformation journey, and we are now represented by over circa 13,000 employees across 112 offices worldwide.Your career with us should reflect your energy and passion.

That’s why, at Apex Group, we will do more than simply ‘empower’ you. We will work to supercharge your unique skills and experience.

Take the lead and we’ll give you the support you need to be at the top of your game. And we offer you the freedom to be a positive disrupter and turn big ideas into bold, industry-changing realities.

For our business, for clients, and for you

Job Description

The Global Head of Technology Controls is accountable for defining, implementing, and overseeing Apex Group’s global technology control framework. The role ensures that key technology and cyber controls are consistently designed, implemented, and operating effectively across all regions, legal entities, and technology platforms.

Working closely with the Group CISO, Technology, Risk, Compliance, cyber and IT service areas and Audit functions, this role provides assurance that Apex’s technology control environment meets regulatory expectations, supports operational resilience, and enables secure business growth.

Champion & Ensure delivery against compliance requirements like the Apex Gold standard, NIST, DORA, SOC1 and SOC 2, ISO27001 and all relevant group controls.

Liaising with key stakeholders, partners and group entities,  internal and external.

Key Responsibilities

Technology Control Framework & Strategy

• Define and maintain Apex’s global technology control framework, aligned to the Group’s risk appetite, cyber strategy, Apex Gold Standard and regulatory obligations.
• Establish clear control standards, policies, and minimum requirements covering infrastructure, applications, cloud, identity, data, and end-user computing.
• Ensure consistent adoption and maturity of technology controls across regions and entities.
• Perform all Duties requested by the Group CISO to delivery the Target Operating Model and Cyber Strategy.

Control Design, Implementation & Effectiveness

• Oversee the design and implementation of preventive and detective technology controls across the enterprise.
• Ensure controls are clearly mapped to key technology and cyber risks, regulatory requirements, and industry standards.
• Drive continuous improvement of control effectiveness, consistency, and automation.

Assurance, Testing & Monitoring

• Lead global technology control testing and assurance activities, partnering closely with Technology Assurance, Risk, and Internal Audit.
• Ensure timely identification, escalation, and remediation of control weaknesses and issues.
• Provide clear, risk-based reporting on control effectiveness, issues, and remediation progress to the Group CISO and governance forums.

Regulatory & Risk Management

• Support regulatory examinations, client due diligence, and external audits related to technology and cyber controls.
• Ensure technology controls support Apex’s operational resilience, data protection, and cyber security obligations.
• Partner with Enterprise Risk Management to ensure technology risks are appropriately assessed and managed.

Third-Party & Cloud Controls

• Ensure robust technology control requirements are embedded into third-party, outsourcing, and cloud arrangements.
• Oversee control expectations for managed service providers and offshore service models.
• Address evolving risks associated with cloud platforms, SaaS solutions, and emerging technologies.

Stakeholder Engagement & Governance

• Act as a key advisor to the Group CISO on technology control maturity, risks, and investment priorities.
• Engage senior Technology, Risk, Compliance, and business leaders to drive accountability for control ownership.
• Present control posture, key risks, and remediation themes to executive and board-level forums.

People Leadership & Capability

• Build and lead a high-performing global technology controls team with strong technical and risk capability.
• Drive skills development, succession planning, and consistent ways of working across regions.
• Foster a culture of accountability, continuous improvement, and collaboration.

Leadership & People Management

• Lead and develop global cyber Technical and Operational Services, advisory and service delivery teams
• Build a strong delivery culture focused on accountability, quality, and continuous improvement
• Manage strategic cyber security vendors and service providers
• Support talent development in line with Apex’s growth and acquisition strategy

Key Skills & Experience

• Minimum of 10 years of extensive cybersecurity experience, with at least 7 years in a senior leadership role and a proven track record in leading a global cyber GRC function.
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate cybersecurity and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from senior leadership to technical specialists.
• Extensive experience leading technology controls, IT risk, cyber controls, or technology assurance in a global, regulated environment.
• Strong understanding of enterprise technology environments, including cloud, infrastructure, applications, identity, and data.
• Track record of successfully managing a high-performing cybersecurity organization with the ability to motivate and mentor high-performing security teams and foster a culture of excellence.
• Proven experience working with regulators, auditors, and client assurance teams.
• Ability to operate at executive level, providing clear, pragmatic, and risk-based advice.
• Strong leadership skills to influence organizational change, build teams, and communicate security priorities effectively across the enterprise, influencing, and stakeholder management skills.
• Business acumen to understand enterprise operations, risk tolerance, and industry dynamics.
• Analytical skills to conduct technical assessments, prioritize vulnerabilities, and develop risk treatment plans.
• Project management skills to assist with the development and execution of the cybersecurity strategy and roadmaps to strengthen and continuously improve the cybersecurity posture.
• Passion for continuous learning to stay current on advancing threats and security best practices.
• Ability to maintain a calm structured mindset even when under pressure.

Qualifications

• Degree in Information Technology, Information Security, or a related discipline (or equivalent experience).
• Relevant certifications such as CISA, CISSP, CISM, CRISC, or equivalent are preferred

Disclaimer: Unsolicited CVs sent to Apex (Talent Acquisition Team or Hiring Managers) by recruitment agencies will not be accepted for this position. Apex operates a direct sourcing model and where agency assistance is required, the Talent Acquisition team will engage directly with our exclusive recruitment partners.