Technology Risk and Audit Manager

In a nutshell

As an IT Risk & Audit Manager, you will be responsible for leading and delivering a portfolio of internal audits across Sainsbury’s Group with minimal supervision. You will have responsibility for reviewing aspects of Information Technology (IT) and Information Security (InfoSec), which includes application and infrastructure controls, core IT processes and emerging technology. You will own relationships with senior business stakeholders to support them in identifying and managing risks. You will also support the continuous improvement activities in the Internal Audit team.

What you need to do

• Lead end-to-end IT and InfoSec audit processes, managing multiple audits to meet time, budget, and quality targets across various business areas.
• Build and maintain strong, collaborative relationships with audit stakeholders, acting as the key divisional contact to drive engagement, support, and follow-up whilst maintaining independence.
• Exercise sound judgment during audit work, raise significant issues and risks, develop balanced recommendations that consider both commercial and assurance requirements, and prepare clear reports for senior management and the board.
• Provide real-time support, challenge, and actionable insights during the implementation of new processes and change projects.
• Utilise data tools and analytics to enhance audit effectiveness and offer insights, especially in technology and InfoSec audits.
• Track the closure of audit actions, thoroughly investigate evidence, and ensure that risks are promptly addressed and reported in a timely manner.
• Ensure consistent application of audit methodology, adhering to IIA standards and maintaining high-quality execution.
• Support the Head of Risk & Audit in developing a risk-based audit plan.
• Contribute to team success through continuous improvement initiatives.

What you need to know

Essential:

• Proven track record in delivering IT / InfoSec internal audits for in-house teams or through professional services firms
• Strong understanding of risk, control, and internal audit practices, including tech and InfoSec risks and control environments.
• Strong understanding of technology, systems, data flows, and their impact on business operations.
• Excellent communication and interpersonal skills, with the ability to explain technology and InfoSec risks to non-IT stakeholders.
• Experience in developing strong stakeholder relationships at various seniority levels.
• Self-starter with strong time and project management skills to ensure work is delivered on time, within budget, and to the expected quality.
• Strong analytical, report writing, and business acumen.
• Knowledge of the Internal Audit industry and experience in auditing complex IT environments, including Agile teams.
• Commitment to personal development and continuous learning.

Desirable:

• CISA, CISM, CISSP, CCSP, or equivalent technology assurance certification.
• Proven experience in IT audit and InfoSec auditing, with a strong understanding of risk management principles.
• Expertise in core technology management processes and controls, including security, change management, and software development. Familiarity with technology infrastructure, eCommerce systems, and SAP for retail.
• In-depth knowledge of relevant regulations, standards, and frameworks (e.g., ISO 27001, GDPR, NIST, COBIT) and a focused understanding of InfoSec risks, controls, and data governance.
• Proficiency in data analysis, with experience in forensic data interrogation, handling large data sets, and using advanced data analysis tools.
• Experience deploying agile methodology to deliver audits.

What you need to show

You will need to demonstrate our valued behaviours:

• Own it: Do what you say you’ll do. Don’t walk past a problem
• Make it Better: Improve things for your customer. Spot opportunities to simplify.
• Be Human: Walk in the shoes of your colleagues and customers. Show care and respect to everyone.

We’d all like amazing work to do, and real work-life balance. That’s waiting for you at Sainsbury’s. For a FTSE business, we move incredibly fast. When we’re not handling projects, we’re helping all corners of the wider group with what they’re trying to achieve. And around here, you can see the results of your work as soon as you walk into a store, which gives you a real sense of purpose and responsibility. Better still, the team around you will listen to your ideas and opinions, and you’ll have every chance to try something new. The sheer scale and complexity of our set-up means there’s always something else around the corner, and we’ll help and support you every step of the way. We’re trusted to get on with it. So get ready to make things happen here.

We are committed to being a truly inclusive retailer, so you’ll be welcomed whoever you are and wherever you work. Around here, there’s always the chance to try something new - whether that’s as part of an evolving team or somewhere else across the business - and we take development seriously and promise to support you. We also recognise and celebrate colleagues when they go the extra mile and, where possible, offer flexible working. When you join our team, we’ll also offer you an amazing range of benefits. Here are some of them:
 
 Starting off with colleague discount, you'll be able to get 10% off at Sainsbury's, Argos, TU and Habitat after 4 weeks. This increases to 15% off at Sainsbury’s every Friday and Saturday and 15% off at Argos every pay day. We've also got you covered for your future with our pensions scheme and life cover. You'll also be able to share in our success as you may be eligible for a performance-related bonus of up to 20% of salary, depending on how we perform.  
 
 Your wellbeing is important to us too. You'll receive an annual holiday allowance, and you can buy additional holiday. We also offer other benefits that will help your money go further such as season ticket loans, interest free car loan of up to £10k, cycle to work scheme, health cash plans, pay advance (where you can access some of your pay before pay day) as well access to a great range of discounts from hundreds of other retailers. And if you ever need it there is also an Employee Assistance Programme, you will also be eligible for private healthcare too.

Moments that matter are as important to us as they are to you which is why we give up to 26 weeks’ pay for maternity or adoption leave and up to 4 weeks’ pay for paternity leave. 
 
 Please see www.sainsburys.jobs for a range of our benefits (note, length of service and eligibility criteria may apply).

Sainsbury’s company vision
Our vision is to be the most trusted retailer, where people love to work and shop. That means harnessing the talent, creativity and diversity of our colleagues to ensure that customers receive great service every time they shop with us.
If you would like to hear more about our vision and values, be sure to visit our corporate page.
We invest in training, development and multiple initiatives to ensure our teams feel enabled to offer the best shopping experience to our customers and that Sainsbury’s is truly a ‘Great Place to Work’.