Global Audit and Risk (GAR) Manager-Level 4, Open to flexible working
4 days left
- Contract Type
GAR supports and challenges the Diageo group to achieve appropriate standards of risk management, controls and compliance such that Diageo achieves its ambition to be ‘best performing, most trusted and respected consumer goods company’.
The function has a reporting line to the Diageo CFO, as well as an independent reporting line to the Diageo Audit Committee Chairman.
GAR is a team of c.40 individuals based in multiple locations across the world.
The function has three primary accountabilities: designing and delivering a robust internal audit programme; providing support to the Diageo Executive to ensure an enterprise-wide Risk Management policy and framework is in place; and developing great talent across Diageo.
Purpose of Role
- To provide independent assurance to the Audit Committee and the Diageo Executive on the effectiveness of risk management and control procedures across the business, ensuring risks are being appropriately identified and managed across the business in a cost efficient, sustainable manner.
- To enable GAR to achieve our strategic goals of being the ‘Best Audit & Risk Team in its Peer Group’ and the ‘Best Place to Build a Career’.
- Travel expectation of up to 25% depending on the requirements of the function. - Note role location is flexible.
5 key accountabilities:
- Delivery of holistic risk management and internal audit assurance reviews in line with GAR’s ways of working (WoW) to provide assurance on the effectiveness of risk management and control procedures.
- To provide assurance specifically across IT general controls (ITGC), technology operations and supply operational technology controls. The direct or indirect leadership of all GAR assignments and engagement within these areas.
- Provide insights and solutions that promote effective and efficient business and IT governance, enhanced controls and better risk management. Synthesise, analyse and translate internal and relevant external data into meaningful insights and risk identification.
- GAR relationship responsibility for key elements of the business including Diageo’s Digital & Technology function. This includes acting as the GAR contact for the relevant business units, engaging with stakeholders at all levels as a trusted business partner, providing insights and challenges that enable them to proactively manage holistic performance and support the embedding of governance, risk and compliance.
- Develop, commit to and action a self-development programme, and contribute to the development of others in the team.
Leadership Attributes Required:
- Win Through Execution
- Impactful and can ‘stand your ground’ where required with senior stakeholders. Quickly build strong relationships ‘on the ground’ with business partners.
- Lead key assignments effectively. Demonstrate an understanding of business and IT risks across multiple process areas.
- Empowered to articulate effective and efficient risk mitigation strategies. Demonstrate thorough and consistent knowledge and application of our WoW.
- Stay focused with a positive outlook, demonstrate rigour and brilliant execution.
- Shape the Future
- Applies root cause and data driven analysis to support the development of impactful business insights and efficiency opportunities.
- Partner with the business in finding simple solutions for existing and emerging risks and opportunities, including understanding the internal and external risk radar.
- Inspire Through Purpose
- Role model the Diageo values and culture (especially in relation to standards of controls and compliance) and demonstrate high standards of personal integrity to inspire others.
- Build and sustain trust with key business partners.
- Invest in Talent
- Provide effective IT functional support and coaching to less experienced members of the team.
- Develop and apply self-awareness. Leverage strengths within GAR and the wider business and have humility to be open to ideas and learnings from others.
- Grow both functional and leadership capability and experience.
Qualifications and Experience:
- Minimum of 9 to 10+ years’ experience, including in a multinational (ideally multicultural/multilingual) corporate environment. Experience as an IT auditor, IT risk management consulting, IT internal audit and/or IT business process improvement.
- Possess a relevant IT audit/risk management/security professional certification, such as CISA, CISM, CRISC, CISSP or CEH.
- Possess knowledge and understanding of audit methodologies, system development methodologies, project management, ITGC frameworks and standards (including COBIT, ITIL and ISO 27001), and cyber security processes.
- Understanding of the relationships between ITGC, IT application controls (ITAC), use of service organisations and their impacts on the control environment. Experience auditing design, implementation, security, internal controls and post-implementation process for systems/applications.
- Possess knowledge and understanding of operational technology controls.
- Strong analytical skills with clear logical and strategic thinking to find out deeper insights, including root cause analysis, and ability to present findings in a structured way. Deep knowledge of and experience with various data analysis tools, including technical expertise as regards data modelling.
- Relationship management and business partnering skills – proven experience of building, developing and sustaining relationships with key stakeholders, especially senior management. The ability to influence strategic decisions across the business.
- People management skills and the ability to influence and direct where appropriate. Know when to make a difference and judge when to intervene.
- Strong interpersonal skills and the ability to communicate effectively at all levels both internally and externally (written and verbal). Fluent English is mandatory.
- While not mandatory, exposure or experience to some or all of the following areas may be beneficial:
- Experience in use of computer aided audit techniques (CAATS).
- An in-depth understanding of some of Diageo's business processes and systems.
Barriers to Success in Role:
- Inability to work as part of a global dynamic team, or to build effective relationships.
- Lack of “robustness” or ability to identify and then call issues with business stakeholders.
- Poor communication skills, including difficulty in analysing detail or telling the ‘big story’. Not being an active listener who can incorporate the business views within our own perception of risks.
- Inability to work flexibly and respond with agility to unforeseen challenges/opportunities at short notice.
- Inability to travel approximately 25% of year on short assignments.