IT Audit Manager in Watford

We are Allwyn UK, part of the Allwyn Entertainment Group – a multi-national lottery operator with a market-leading presence in Austria, the Czech Republic, Greece, Cyprus and Italy.  We have been officially awarded the Fourth Licence (10 year licence) to operate the National Lottery starting February 2024.

‍We’ve developed ground-breaking technologies, built player protection frameworks, and have a proven track record of making lotteries better.  Our aim is to create one of the UK’s most inclusive organisations – where people can bring the best of themselves, to do their best work, every day, for the benefit of good causes.

Allwyn is an Equal Opportunity Employer which prides itself in being diverse and inclusive. We do not tolerate discrimination, harassment, or victimisation in the workplace.  All employment decisions at Allwyn are based on the business needs, the job requirements, and the individual qualifications.  Allwyn encourages applications from individuals regardless of age, disability (visible or hidden), sex, gender reassignment, sexual orientation, pregnancy and maternity, race, religion or belief and marriage and civil partnerships.

While the main contribution of the National Lottery to society is through the funds to good causes, at Allwyn we put our purpose and values at the heart of everything we do.  Join us as we embark on a once-in-a-lifetime, largescale transformation journey to build a bigger, better, and safer National Lottery that delivers more money to good causes.  

Role Purpose:

The IT Audit Manager role, reporting to the Head of Internal Audit, will:

• Assist the organisation in achieving its corporate goals through the provision of independent and objective reviews and formal reports of control and risk opinions, produced in accordance with the department procedures and standards to acquit the audit plan agreed with the Head of Internal Audit and the Audit Committee.
• Take the lead in the provision of technical advice and counsel to staff and management to promote and enhance the functional effectiveness and efficiency of business processes.

Department Description :

• The Internal Audit Team is an independent function which reports to the Audit Committee and provides objective assurance and consulting activities to the Business designed to add value and improve the organisation’s operations and safeguard the integrity of the National Lottery. Internal Audit works closely with the Compliance, and the Risk & Insurance teams.
• The primary responsibilities of the department are to develop and implement a robust compliance control framework, as well as map/ documenting key regulatory reporting processes, risks and controls
• The department operates as an integral part of the company’s ‘three lines of defence’ model

Team Description:

• The primary responsibilities of the team is to provide independent assurance to Executive Management and the Audit Committee. These activities can cover any activity / function / process in the company and will provide assurance that the policies, processes and systems are effective in maintaining a strong and robust control environment that helps protect the stakeholders, reputation, brand and assets of the organisation.
• The Internal Audit team is responsible for performing Internal Audit reviews across the Business.

Role Responsibilities:

• Identify and evaluate the organisation’s technology, data and security risks, and provide key input to the development of the risk-based annual internal audit plan.
• Develop and maintain collaborative working relationships within the Internal Audit team, other assurance teams, and with key stakeholders across the organisation.
• Produce clear, concise and impactful reports to communicate complex IT findings to non-technical stakeholders, and provide senior management with insight on the effectiveness of governance, risk management and internal controls.
• Have accountability to independently plan, lead, and perform IT audits, as per the approved plan and in accordance with the Allwyn Internal Audit methodology, aligned with industry best practice (IIA/IPPF).
• Identify control gaps and process improvement opportunities; and consult with management to agree pragmatic actions for improvement in line with best practices and frameworks including ISO, NIST, COBIT, ITIL etc.
• Track and monitor management action plans to ensure timely and sustainable resolution of control gaps that have been identified.
• Be the main point of contact to provide guidance, advice and support to the Internal Audit team and other assurance teams as an IT professional expert in the area.
• Supervise and support junior team members in respect of the quality of their work, particularly draft reports, and the application of the Internal Audit methodology.
• Propose ideas and contribute to ad-hoc initiatives / strategically critical work streams to promote internal control awareness throughout the organisation and to further improve the audit process.

Skills and experience:

• At least 8 years of practical IT Audit experience in the commercial or private sector (specifically covering information security and cyber related risks).
• FMCG exposure is desirable, as is experience of working in a highly regulated industry.
• Understanding of the techniques and technologies associated with cyber-attacks.
• Awareness of latest cyber security trends, developments, and threats.
• Broad understanding of security controls and the ability to audit these and assess residual risk exposure to complex threats in specific control environments.
• Knowledge of Information Security and effective IT Risk & Security Governance.
• Knowledge of CobiT, ITIL, NIST, ISO27001, Prince2 and other relevant frameworks / methodologies.
• Definition and management of audit reviews at all points in the audit lifecycle.
• Strong interpersonal and influencing skills – this is key as we have some challenging stakeholders.
• Experience of project audit/assurance
• Big picture appreciation of strategy & business drivers
• Confident, motivated, autonomous approach to working.

Strong IT General Controls (ITGC) auditing with knowledge in the following technical audit areas is desirable:

• UNIX (AIX) & Linux
• SAP (or other leading ERP systems)
• SQL / DB2
• AWS Cloud Computing (or other cloud provider platforms)
• Microsoft Active Directory
• Java, XML, eCommerce development
• Use of CAATs for data analysis (e.g. ACL)
• Information Security (ISO 27001 / 27002)
• ITIL IT service delivery & service management

 Here is our list of benefits:

• 34 days paid leave (This includes bank holidays)
• 2 x Life Days
• 4 x Salary of Life Insurance
• Pension: We’ll contribute 8.5%
• BUPA
• £500 wellness allowance
• Income Protection

As part of our onboarding processes, all successful candidates will need to complete both a Pre-Employment Screening process and a Fit & Proper check by the Gambling Commission. These checks include a DBS (an enhanced check, which shows convictions and conditional cautions), credit and social media checks. As part of our application process, you will be asked to identify in advance if you have spent or unspent convictions that we need to be aware of.

Should you not disclose convictions at the application stage, not pass the Fit & Proper Check process or not complete your Pre-Employment Screening then unfortunately you may not pass our probation process.

All data will be handled in accordance with our data policies and treated with utmost confidentiality.