×
Register Here to Apply for Jobs or Post Jobs. X

Tech Risk & Compliance Lead

Job in City Of London, Central London, Greater London, England, UK
Listing for: Chubb
Full Time position
Listed on 2026-07-08
Job specializations:
  • IT/Tech
Salary/Wage Range or Industry Benchmark: 70000 - 90000 GBP Yearly GBP 70000.00 90000.00 YEAR
Job Description & How to Apply Below
Location: City Of London

The Tech Risk & Compliance Lead is a hands‑on, execution‑focused role within the EMEA IT Risk and Compliance function, responsible for the practical design, implementation and testing of SOX IT General Controls (ITGCs) across the EMEA technology estate, alongside supporting compliance with the wider European regulatory landscape including the General Data Protection Regulation (GDPR) and the Digital Operational Resilience Act (DORA).

The role holder works directly with architects and application owners to build IT controls into systems, performs control design and operating‑effectiveness testing, collects and reviews evidence, manages deficiencies through to remediation, and acts as the day‑to‑day interface to internal and external auditors (PwC), risk and data protection functions, and regional IT leads.

KEY RESPONSIBILITIES Control Design, Implementation and Testing

Design and document SOX‑compliant control specifications for IT platforms - covering logical access, change management, computer operations and segregation of duties - and work with IT owners to implement them in production.

Apply controls‑by‑design in practice: review designs, configurations and change requests against control requirements and confirm SOX, data protection and operational‑resilience controls are built in before changes reach production.

Plan and execute control design and operating‑effectiveness testing across the ITGC portfolio, including sample selection, test execution, workpaper preparation, and conclusion on control adequacy.

Maintain a detailed control inventory, test calendar and RACI for each control, and track identified deficiencies through root‑cause analysis to validated remediation.

Architecture Review and Controls by Design

Review infrastructure architecture documents, design proposals, and change requests to assess SOX control implications prior to implementation; engage at design stage with architects and engineers to embed ITGCs, preventing control gaps from being introduced through system design.

Provide compliance input into cloud migrations, platform modernisation, database upgrades, and identity management programmes.

Develop and maintain a controls reference framework as a practical design guide for architects and platform owners.

Regulatory Control Implementation and Testing - SOX, GDPR and DORA

Embed GDPR technical and organisational controls (access control, encryption, logging, data retention and deletion, and audit trails) into infrastructure design and the ITGC framework, partnering closely with the Data Protection Officer and privacy function.

Establish a consolidated regulatory control mapping so that a single, well‑designed set of controls satisfies SOX, GDPR and DORA obligations, reducing duplication and control fatigue across the estate.

Report on control implementation and testing status against regulatory requirements and track remediation of identified gaps through to closure.

Advisory and Stakeholder Engagement

Act as compliance advisor to application owners, architects, and engineering teams on ITGC‑compliant access models, change workflows, and operational procedures.

Participate in architecture review boards and governance forums as the designated compliance representative; serve as primary contact for internal audit and PwC for all infrastructure‑related SOX testing, evidence requests, and findings management.

Provide structured reporting to senior leadership on compliance posture, open findings, and remediation status.

Technology Risk and Continuous Improvement

Conduct periodic IT risk assessments and produce decision‑ready risk reporting for senior management; assess compliance implications of new technologies and delivery models prior to adoption.

Drive standardisation and continuous improvement of the infrastructure compliance programme; develop guidance materials and training for infrastructure and application teams.

Operate effectively within an evolving regulatory environment, including GDPR, DORA, FCA requirements, and Lloyd's reporting obligations.

Qualifications EXPERIENCE

Minimum 5 years in IT compliance, IT external or internal audit, or technology risk within financial…

Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary