Chubb
Tech Risk & Compliance Lead

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Tech Risk & Compliance Lead
Tech Risk & Compliance Lead – EMEA IT Risk and Compliance (Hands-on Execution Focus)
About the Role
The Tech Risk & Compliance Lead is a hands-on, execution-focused role within the EMEA IT Risk and Compliance function. The role is responsible for the practical design, implementation, and testing of SOX IT General Controls (ITGCs) across the EMEA technology estate, while also supporting compliance with the wider European regulatory landscape, including:
- The General Data Protection Regulation (GDPR)
- The Digital Operational Resilience Act (DORA)
The role holder works directly with architects, application owners, and internal teams to:
- Embed IT controls into systems
- Perform control design/testing
- Collect/review evidence
- Manage deficiencies and remediation
- Serve as the day-to-day interface to:
- Internal/external auditors (including PwC)
- Risk and data protection functions
- Regional IT leads
Key Responsibilities
Control Design, Implementation and Testing
-
Design and document SOX-compliant control specifications for IT platforms, covering:
- Logical access controls
- Change management
- Computer operations
- Segregation of duties (SoD)
-
Work with IT ownership teams to implement controls in production.
-
Apply controls-by-design in practice:
- Review system designs, configurations, and change requests against control requirements
- Validate alignment across:
- SOX controls
- Data protection controls (GDPR)
- Operational resilience controls (DORA)
- Ensure compliant configurations before technical deployments proceed.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
-
Plan and execute control design and operating-effectiveness testing, including:
- Sample selection and test execution
- Documentation (workpapers)
- Conclusion on control adequacy
-
Maintain:
- A detailed control inventory
- Test calendars
- RACI matrices per control
-
Track deficiencies via:
- Root-cause analysis
- Validated remediation
Architecture Review and Controls by Design
-
Evaluate infrastructure architecture documents, designs, and change requests for SOX control implications before implementation.
-
Partner with architects and engineers to embed ITGCs early, preventing design gaps.
-
Directly support:
- Cloud migrations
- Platform modernisation
- Database upgrades
- Identity management programmes
-
Develop and maintain:
- A practical controls reference framework (design guide for architects)
- Standardised compliance documentation
Regulatory Control Implementation and Testing – SOX, GDPR and DORA
-
Embed GDPR Technical and Organisational controls in infrastructure, including:
- Access controls
- Encryption
- Logging
- Data retention/deletion processes
- Audit trails
-
Partner closely with:
- Data Protection Officer (DPO)
- Regional privacy function teams
-
Create a consolidated regulatory control mapping to ensure:
- A single, shared set of controls addresses SOX, GDPR, and DORA (avoiding duplication)


Get help with your application
Your very own career expert that helps elevate your application to the next level.
- Generate reports on compliance status and open findings, tracking remediation progress to closure.
Advisory and Stakeholder Engagement
-
Provide compliance guidance to:
- Application owners
- Architects
- Engineering teams (on ITGC-compliant access models, change workflows, and operational procedures)
-
Participate as a compliance representative in:
- Architecture review boards
- Governance forums
-
Serve as the primary contact for:
- Internal audit
- External assurance (PwC) (managing all infrastructure-related SOX testing, evidence requests, findings)
-
Deliver structured reporting to senior leadership on:
- Compliance posture
- Open findings
- Remediation status
Technology Risk & Continuous Improvement
-
Conduct periodic IT risk assessments, producing:
- Decision-ready risk reports for senior management
-
Assess compliance implications of new technologies and delivery models prior to adoption.
-
Drive:
- Standardisation of the infrastructure compliance programme
-
Develop guidance materials and training programmes for:
- Infrastructure teams
- Application owners
-
Operate within an evolving regulatory environment, including:
- GDPR, DORA
- Financial Conduct Authority (FCA) requirements
- Lloyd’s reporting obligations
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills