Chubb Logo

Chubb

Tech Risk & Compliance Lead

Posted Yesterday
Be an Early Applicant
In-Office
London, Greater London, England, GBR
Senior level
In-Office
London, Greater London, England, GBR
Senior level
Hands-on role designing, implementing and testing SOX IT General Controls across EMEA infrastructure. Embed controls-by-design with architects, execute ITGC testing, collect evidence, manage deficiencies to remediation, and liaise with auditors and data protection teams to maintain SOX, GDPR and DORA compliance.
The summary above was generated by AI

ROLE PURPOSE

The Tech Risk & Compliance Lead is a hands-on, execution-focused role within the EMEA IT Risk and Compliance function, responsible for the practical design, implementation and testing of SOX IT General Controls (ITGCs) across the EMEA technology estate, alongside supporting compliance with the wider European regulatory landscape including the General Data Protection Regulation (GDPR) and the Digital Operational Resilience Act (DORA). The role holder works directly with architects and application owners to build IT controls into systems, performs control design and operating-effectiveness testing, collects and reviews evidence, manages deficiencies through to remediation, and acts as the day-to-day interface to internal and external auditors (PwC), risk and data protection functions, and regional IT leads 

 

KEY RESPONSIBILITIES

 

Control Design, Implementation and Testing

  • Design and document SOX-compliant control specifications for IT platforms - covering logical access, change management, computer operations and segregation of duties - and work with IT owners to implement them in production.

  • Apply controls-by-design in practice: review designs, configurations and change requests against control requirements and confirm SOX, data protection and operational-resilience controls are built in before changes reach production.

  • Plan and execute control design and operating-effectiveness testing across the ITGC portfolio, including sample selection, test execution, workpaper preparation, and conclusion on control adequacy.

  • Maintain a detailed control inventory, test calendar and RACI for each control, and track identified deficiencies through root-cause analysis to validated remediation.

 

Architecture Review and Controls by Design

  • Review infrastructure architecture documents, design proposals, and change requests to assess SOX control implications prior to implementation; engage at design stage with architects and engineers to embed ITGCs, preventing control gaps from being introduced through system design.

  • Provide compliance input into cloud migrations, platform modernisation, database upgrades, and identity management programmes.

  • Develop and maintain a controls reference framework as a practical design guide for architects and platform owners.

 

Regulatory Control Implementation and Testing - SOX, GDPR and DORA

  • Embed GDPR technical and organisational controls (access control, encryption, logging, data retention and deletion, and audit trails) into infrastructure design and the ITGC framework, partnering closely with the Data Protection Officer and privacy function.

  • Establish a consolidated regulatory control mapping so that a single, well-designed set of controls satisfies SOX, GDPR and DORA obligations, reducing duplication and control fatigue across the estate.

  • Report on control implementation and testing status against regulatory requirements and track remediation of identified gaps through to closure.

 

Advisory and Stakeholder Engagement

  • Act as compliance advisor to application owners, architects, and engineering teams on ITGC-compliant access models, change workflows, and operational procedures.

  • Participate in architecture review boards and governance forums as the designated compliance representative; serve as primary contact for internal audit and PwC for all infrastructure-related SOX testing, evidence requests, and findings management.

  • Provide structured reporting to senior leadership on compliance posture, open findings, and remediation status.

 

Technology Risk and Continuous Improvement

  • Conduct periodic IT risk assessments and produce decision-ready risk reporting for senior management; assess compliance implications of new technologies and delivery models prior to adoption.

  • Drive standardisation and continuous improvement of the infrastructure compliance programme; develop guidance materials and training for infrastructure and application teams.

  • Operate effectively within an evolving regulatory environment, including GDPR, DORA, FCA requirements, and Lloyd's reporting obligations.

Qualifications

EXPERIENCE

  • Minimum 5 years in IT compliance, IT external or internal audit, or technology risk within financial services, insurance, or Big 4.

  • Proven ownership of SOX ITGC programmes including proactive monitoring and deficiency remediation.

  • Track record of reviewing architectural artefacts from a compliance perspective and guiding technical teams on control implementation.

  • Prior engagement with Big 4 external audit at a senior client-side level, or equivalent auditor-side experience.

  • SOX ITGCs: logical access, change management, computer operations, and segregation of duties.

  • Privileged access management tools: CyberArk and/or SailPoint.

  • Infrastructure platforms: Windows Server, Linux/AIX, iSeries (AS400), Oracle Database, SQL Server, and DB2.

  • Ability to critically assess architecture documents and identify control design implications.

  • Working knowledge of EU regulatory frameworks affecting infrastructure, including DORA operational-resilience requirements and GDPR technical and organisational controls.

 

QUALIFICATIONS

  • Required: Bachelor's degree in Computer Science, Information Technology, or a related discipline.

  • Preferred: Certified Information Systems Auditor (CISA).

  • Advantageous: CRISC, CISM, or equivalent professional qualification

 

We offer in return!

 

Competitive salary & pension scheme, discretionary bonus scheme, 25 days annual leave plus ability to purchase additional days, hybrid working options, Private Medical cover, Employee Share Purchase Plan, Life Assurance, Subsidised gym membership, Comprehensive Learning & development offerings, Employee Assistance program.

 

Integrity. client focus. respect. excellence. teamwork

Our core values dictate how we live and work. We’re an ethical and honest company that’s wholly committed to its clients. A business that’s engaged in mutual trust and respect for its employees and partners. A place where colleagues perform at the highest levels. And a working environment that’s collaborative and supportive.

Diversity & Inclusion. At Chubb, we consider our people our chief competitive advantage and as such we treat colleagues, candidates, clients, and business partners with equality, fairness and respect, regardless of their age, disability, race, religion or belief, gender, sexual orientation, marital status or family circumstances.

We are committed to ensuring our recruitment process is inclusive and accessible to all. If you have a disability or long-term condition (for example dyslexia, anxiety, autism, a mobility condition or hearing loss) and need us to make any reasonable adjustments, changes or do anything differently during the recruitment process, please let us know.

 

Chubb London, England Office

London, United Kingdom, 0

Similar Jobs

A Minute Ago
In-Office
London, Greater London, England, GBR
Senior level
Senior level
Artificial Intelligence • Cloud • Consumer Web • eCommerce • Information Technology • Software
Lead and run enterprise compliance and audit programs (PCI DSS 4.0, SOC 2, ISO 27001, SOX) across multiple business units. Manage external auditors and control-owner relationships, drive continuous audit readiness, track remediation, maintain PCI scope/ISA functions, and integrate a multi-framework Secure Controls Framework into BAU. Provide GRC leadership on architecture and product changes and mature cloud-native compliance practices.
Top Skills: Cloud Security ToolingCloud-NativeIamIsaIso 27001Network SegmentationNistPci Dss 4.0QsasSecure Controls Framework (Scf)Soc 2Sox
An Hour Ago
Hybrid
London, Greater London, England, GBR
Senior level
Senior level
Artificial Intelligence • Big Data • Enterprise Web • Fintech • Software • Financial Services
Lead Asset Finance credit practice by advising analytical teams, chairing rating committees, ensuring methodology consistency, identifying cross-sector risks, and contributing to thought leadership and methodology development.
An Hour Ago
In-Office
London, Greater London, England, GBR
Junior
Junior
Fintech • Information Technology • Financial Services
Provide company secretarial support for listed investment trusts, managing board governance (agendas, papers, minutes), drafting interim and annual report content, ensuring regulatory compliance, liaising with auditors/brokers/registrars, maintaining statutory records, preparing Exchange announcements, and assisting with corporate actions and restructurings.

What you need to know about the London Tech Scene

London isn't just a hub for established businesses; it's also a nursery for innovation. Boasting one of the most recognized fintech ecosystems in Europe, attracting billions in investments each year, London's success has made it a go-to destination for startups looking to make their mark. Top U.K. companies like Hoptin, Moneybox and Marshmallow have already made the city their base — yet fintech is just the beginning. From healthtech to renewable energy to cybersecurity and beyond, the city's startups are breaking new ground across a range of industries.

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account