IT Risk and Compliance Analyst
We are searching for highly motivated candidate and a results-oriented analyst to join our growing IT Internal controls team as an IT Risk & Compliance Analyst, focusing on the execution of our global SOX Compliance program as well as compliance across Cyber-Security, PCI-DSS and GDPR controls for IT. The ideal candidate will have hands-on experience identifying and evaluating the design of risk and controls and assesses the effectiveness of controls on critical systems in a dynamic/ complex environment. In addition, the candidate will be detail-oriented and have the skills necessary to influence people in a fast-changing environment. The position, which reports to the Head of IT Compliance will provide guidance to internal and TBS customers, external customers and vendors. This position will be part of an integrated team that believes that collaboration, flexibility, resourcefulness and attention to detail are keys to success.
Contribute to the ongoing maintenance of the IT SOX Risk and Controls Matrix.
Assist Control Owners with any on-going remediation plans throughout the year to ensure testing is carried out and tracked without delay to the overall SOX program.
Confirm and ensure operational duties for the SOX program is managed daily.
Support in tracking of controls in The Body Shop Cyber-Security framework, as defined by the Cyber-Security team, including testing, evidence gathering and audit as well as implementation for new systems and projects.
Assist with the annual global PCI-DSS audit, ensuring technical controls are operated correctly, documentation updated, and the relevant store visits and technical testing activities are completed on time.
Track IT controls for GDPR risks, measure and recommend improvements to the framework to reduce risk of Data and Privacy Breaches.
Collaborate with IT partners to identify areas where control enhancements and/ or documentation improvements are needed.
Support the team-oriented culture of the Internal Controls and SOX department. Oversee and review work completed by IT SOX testers and contractors and internal teams.
Pro-actively research and assess deficiencies identified and work with management to identify an appropriate solution. Advise Control Owners on solutions to close any remediation gaps.
Follow-up on remediation activities to verify appropriate resolution to ensure open security gaps are closed quickly.
Frequent collaboration with internal/ external auditors and serves as a liaison between external audit and IT.
Engage with external vendors to ensure SOC reports are delivered on time. Review of SOC report evaluations to ensure exceptions are appropriately addressed and that appropriate complementary controls are in place and operating effectively.
Collaborate with the Business Process team to assess any gaps found in IT to ensure compensating/ mitigating controls are identified in the Business Process to limit security exposures.
Support with the development and delivery of the annual and ongoing IT compliance trainings to key control stakeholders in enhance the SOX program.
On an ongoing basis, support the control operators/ owners on remediation activities throughout the year to ensure correct controls are operated to limit any identified control gaps.
Work in partnership with the Business Process team to ensure team collaboration with IT especially where gaps have been identified within the IT controls.
What we look for
Your proven experience working within a compliance environment to define and improve controls and compliance will be key to the role. If you're ready to take on a wide range of responsibilities and are committed to seeking out new ways to make a difference, this role is for you.
The ability to engage and challenge internal and external stakeholders including overseas teams
The ability to manage multiple stakeholder communities with varying levels of experience
Intellectual strength / flexibility to rapidly understand complex problems and rationalise these into a workable solution for the company
Proven experience of developing innovative ways of working that are current and relevant to our business
The ability to develop and deliver high quality output against stated objectives and meet tight deadlines
A high level of drive, commitment to achieving solutions and ability to work under pressure
Strong written and verbal communication, presentation and technical writing skills
Experience in developing reporting material for senior leadership teams and operationally
Technical skills Strong technical insight, practical knowledge and capability in Sarbanes-Oxley compliance including;
Experience of SAP HANA and associated GRC tool
Understanding of GDPR technology risks and controls
Strong technical and functional knowledge of IT controls including Change Management, User Access and IT Operations including experience in SAP environment
Experience of understanding and assessing third party service provider risk and control, including understanding SOC reports control
What else we look for
A Big 4 background or comparable IT audit experience is advantageous, although we will also consider candidates with excellent industry experience and demonstrable success managing SOX compliance.
ACCA, ACA, CISA, CIA or similar designations would be beneficial.
Understanding of the key business processes across business functions such as Record to Report (RTR), Purchase to Pay (P2P), Order to Cash (OTC) with a focus on automated business process controls
Experience of assessing risks around new system development
Knowledge of PCI-DSS
Exposure to new generation technology solutions including robotics.
Good knowledge of Cybersecurity frameworks such as NIST
Core skills- co-ordination and documentation control on remediation programs, experience working with external auditors, continuous improvement in process and documentation.
Versatility- Proven ability to adapt and learn in an innovative environment.
What we offer in return
* a 6% contributory pension plan,* 23 days holiday plus bank holidays - time to refresh and recharge* Group bonus scheme* 3 additional days a year to volunteer in the local community to support the causes you feel most passionate about* LOVE money to spend on YOUR wellbeing - pamper yourself on us. Every year.* 50% staff discount and access to product sample sales* Access to Perks at Work, our online shopping channel with exclusive deals & discounts* AND - we have also implemented 'Work Wise' into our HQ - flexibility of 'in-office' hours, the ability to work remotely and a new meeting charter.
Here at The Body Shop we've got your best interests at heart - it's our way of saying thank you!
If you are excited by all that - you might just be the sort of person we need to help us make the impactful change the world needs within a business that invented the culture of ‘joyful collective' and everything that means and stands for.We have something special to offer and we're looking for someone special to help us to do that. Show us how you can contribute to the next step in the evolution of The Body Shop.
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, colour, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
The Body Shop
When Anita Roddick founded The Body Shop in 1976, she had a vision. Business as a force for good - that's us. Over 40 years later, we're proud to be pioneering cruelty-free beauty every step of the way. We're the original ethical beauty brand. We've got a thing for empowering people and enriching our planet. We're all about keeping it real, in every way possible. Our activist roots remain a huge part of everything we do, from our iconic window posters to our vegetarian products to our infamous campaigns. We're never afraid to stand up and speak the truth. We like to do things a little differently around here.
The Body Shop, along with Aesop and Natura, is part of Natura & Co, a global, multi-channel and multi-brand cosmetics group that is committed to generating positive economic, social and environmental impact. Group owner Natura is Brazil's number one cosmetics manufacturer. Sustainable development has been the company's guiding principle since it was founded in 1969. In fact, this is an incredibly exciting time for The Body Shop. We're fighting for what we believe in now more than ever. No holding back. Breaking the mould has