Head of IT SOx

Location: UK, London
Reports to: Group Head of SOx
Department: Risk
Type: Full-Time | Permanent

We are a newly listed, fast-growing global insurance brokerage firm committed to delivering innovative risk solutions and exceptional client service. With operations spanning multiple continents, we are building a resilient, compliant, and technology-enabled business platform to support our ambitious growth strategy.

As the Head of IT SOx, you will lead the global IT SOx compliance program, ensuring the organisation meets all technology related regulatory requirements under Sarbanes‑Oxley (SOx) Section 404. You will be responsible for designing, implementing, and maintaining effective IT general controls (ITGCs), application controls, and automated controls across our technology landscape. This is a strategic leadership role requiring deep expertise in IT risk, controls, and audit, as well as the ability to influence cross‑functional stakeholders in a dynamic, post‑IPO environment.

Develop and execute the global IT SOx strategy aligned with the company's risk and compliance framework.

Build and lead the IT SOx function, including policies, standards, RACI, control library, and playbooks.

Lead the annual IT SOx scoping, risk assessment, and control design process.

Oversee the documentation, testing, and remediation of ITGCs and automated controls.

Partner with IT, Internal Audit, Finance, and external auditors to ensure timely and effective execution of SOx activities.

Provide guidance and training to control owners and process leads across the business.

Ensure robust design and operation of ITGCs; drive control design in project/change life cycles and cloud migrations.

Maintain a high quality evidence repository and documentation standards that are test ready.

Coordinate SOx walkthroughs, control owner training, and readiness assessments before formal testing.

Establish governance mechanisms to monitor control effectiveness and remediation progress.

Leverage GRC platforms for control inventory, issues, and evidence workflows.

Articulate KPIs/KRIs, dashboards, cadences, and executive reporting to the CRO, CTO, Risk and Audit Committee.

Report regularly to senior leadership and the Audit Committee on IT SOx status, risks, and issues.

Drive automation and efficiency in control testing and monitoring.

Stay abreast of regulatory changes and industry best practices to enhance the SOx program.

Service Now GRC, Audit Board, or similar platforms

Role‑based access controls, segregation of duties, privileged access management

Service Now

COBIT, SOC 1/2, CIS Controls, ISO 27001, NIST CSF

Bachelor's degree in Information Systems, Accounting, or related field; CISA, CISSP, or CPA preferred.

10+ years of experience in IT audit, SOx compliance, or IT risk management, ideally within financial services or insurance.

Proven track record of leading IT SOx programs in a public company environment.

Expert knowledge of SOx
404, ITGCs, IPE, EUC, IAM/SoD, and SDLC/change management across on-premise and cloud environments.

Demonstrated success passing Internal Audit and External Audit testing under PCAOB standards and closing complex deficiencies.

Strong understanding of ITGCs, application controls, cloud environments, and cybersecurity frameworks.

Leading global teams and managing different level of stakeholders.

Excellent communication, leadership, and coaching.

Be part of a high‑impact leadership team shaping the compliance culture of a newly listed global firm.

Work in a collaborative, entrepreneurial environment with opportunities for growth and innovation.

Competitive compensation, benefits, and flexible working arrangements.