Rodeo
ResourcesPartnersSign in

Chubb

Tech Risk & Compliance Lead

City of London
Posted 2 days ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

Tech Risk & Compliance Lead

Tech Risk & Compliance Lead – EMEA IT Risk and Compliance (Hands-on Execution Focus)

About the Role

The Tech Risk & Compliance Lead is a hands-on, execution-focused role within the EMEA IT Risk and Compliance function. The role is responsible for the practical design, implementation, and testing of SOX IT General Controls (ITGCs) across the EMEA technology estate, while also supporting compliance with the wider European regulatory landscape, including:

  • The General Data Protection Regulation (GDPR)
  • The Digital Operational Resilience Act (DORA)

The role holder works directly with architects, application owners, and internal teams to:

  • Embed IT controls into systems
  • Perform control design/testing
  • Collect/review evidence
  • Manage deficiencies and remediation
  • Serve as the day-to-day interface to:
    • Internal/external auditors (including PwC)
    • Risk and data protection functions
    • Regional IT leads

Key Responsibilities

Control Design, Implementation and Testing

  • Design and document SOX-compliant control specifications for IT platforms, covering:

    • Logical access controls
    • Change management
    • Computer operations
    • Segregation of duties (SoD)
  • Work with IT ownership teams to implement controls in production.

  • Apply controls-by-design in practice:

    • Review system designs, configurations, and change requests against control requirements
    • Validate alignment across:
      • SOX controls
      • Data protection controls (GDPR)
      • Operational resilience controls (DORA)
    • Ensure compliant configurations before technical deployments proceed.

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.

  • Plan and execute control design and operating-effectiveness testing, including:

    • Sample selection and test execution
    • Documentation (workpapers)
    • Conclusion on control adequacy
  • Maintain:

    • A detailed control inventory
    • Test calendars
    • RACI matrices per control
  • Track deficiencies via:

    • Root-cause analysis
    • Validated remediation

Architecture Review and Controls by Design

  • Evaluate infrastructure architecture documents, designs, and change requests for SOX control implications before implementation.

  • Partner with architects and engineers to embed ITGCs early, preventing design gaps.

  • Directly support:

    • Cloud migrations
    • Platform modernisation
    • Database upgrades
    • Identity management programmes
  • Develop and maintain:

    • A practical controls reference framework (design guide for architects)
    • Standardised compliance documentation

Regulatory Control Implementation and Testing – SOX, GDPR and DORA

  • Embed GDPR Technical and Organisational controls in infrastructure, including:

    • Access controls
    • Encryption
    • Logging
    • Data retention/deletion processes
    • Audit trails
  • Partner closely with:

    • Data Protection Officer (DPO)
    • Regional privacy function teams
  • Create a consolidated regulatory control mapping to ensure:

    • A single, shared set of controls addresses SOX, GDPR, and DORA (avoiding duplication)

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job
  • Generate reports on compliance status and open findings, tracking remediation progress to closure.

Advisory and Stakeholder Engagement

  • Provide compliance guidance to:

    • Application owners
    • Architects
    • Engineering teams (on ITGC-compliant access models, change workflows, and operational procedures)
  • Participate as a compliance representative in:

    • Architecture review boards
    • Governance forums
  • Serve as the primary contact for:

    • Internal audit
    • External assurance (PwC) (managing all infrastructure-related SOX testing, evidence requests, findings)
  • Deliver structured reporting to senior leadership on:

    • Compliance posture
    • Open findings
    • Remediation status

Technology Risk & Continuous Improvement

  • Conduct periodic IT risk assessments, producing:

    • Decision-ready risk reports for senior management
  • Assess compliance implications of new technologies and delivery models prior to adoption.

  • Drive:

    • Standardisation of the infrastructure compliance programme
  • Develop guidance materials and training programmes for:

    • Infrastructure teams
    • Application owners
  • Operate within an evolving regulatory environment, including:

    • GDPR, DORA
    • Financial Conduct Authority (FCA) requirements
    • Lloyd’s reporting obligations
Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

SOX ITGC
IT Compliance
Technology Risk Management
GDPR
DORA
Control Design
Operating-effectiveness Testing
Architecture Review
Privileged Access Management
Internal Audit
External Audit
Risk Assessment
Stakeholder Engagement
Remediation Management
Infrastructure Compliance
Regulatory Mapping

Location

City of London, England, United Kingdom

Sign up to applySee more jobs like this