Rodeo
ResourcesPartnersSign in

Chubb

Tech Risk & Compliance Lead

London
Posted 2 days ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

Tech Risk & Compliance Lead

Tech Risk & Compliance Lead – EMEA ITRisk and Compliance

ROLE PURPOSE

The Tech Risk & Compliance Lead is a hands-on, execution-focused role within the EMEA IT Risk and Compliance function. They are responsible for:

  • Designing, implementing, and testing SOX IT General Controls (ITGCs) across the EMEA technology estate
  • ** Supporting compliance** with GDPR, DORA, and wider European regulatory frameworks
  • Collaborating with architects, application owners, and IT leaders to embed compliance controls
  • Serving as the day-to-day interface for:
    • Internal/external auditors (PwC)
    • Risk and data protection functions
    • Regional IT leads

The role ensures that controls are client-side-external audit-ready, proactive monitoring are in place, and deficiencies are managed through remediation—defining the infosec and technological compliance frameworks.


Key Responsibilities

1. Control Design, Implementation & Testing

  • Design documented SOX-compliant control specifications, covering:
    • Logical access controls
    • Change management
    • Computer operations
    • Segregation of duties
  • Implemented by IT owners in testing in production environment
  • Embed controls-by-design:
    • Review of designs, configurations, and change requests
    • Ensuring SOX, data protection, and operational resilience are built in before production release
  • Conduct and report on control effectiveness testing, including:
    • Sample selection
    • Test execution
    • Workpaper preparation
    • Documentation for audit evidence
  • Maintain and update:
    • Control inventory (with test calendars and RACI matrices)
    • Root-cause analysis of deficiencies and remediation tracking

2. Architecture Review & Controls by Design

  • Assess SOX implications at the design stage across:
    • Infrastructure architecture documentation
    • Change requests
    • Modernisation migrations
  • Guide technical teams to design ITGC-compliant secure platforms, including:
    • Cloud migrations
    • Platform modernisation
    • Database upgrades
    • Identity management
  • Develop and maintain a controls reference framework for architects and platform owners

3. Regulatory Compliance: SOX, GDPR & DORA

  • Embed GDPR technical and organisational controls into infrastructure, including:
    • Access controls
    • Encryption
    • Logging
    • Data retention/deletion policies
    • Audit trails
  • Partner with the Data Protection Officer (DPO) and privacy function
  • Establish and maintain:
    • A consolidated regulatory control mapping for home solutions, ensuring no duplication
  • Report on compliance coverage against SOX, GDPR, and DORA and track remediation status

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.

4. Advisory & Stakeholder Engagement

  • Serve as the compliance advisor for application owners, architects, and engineering teams on:
    • IT risk controls
    • Secure infrastructure
    • Compliance process documentation (SoC Report)
  • Represent compliance in key forums:
    • Architecture Review Boards
    • Governing structures (SAE and GRC teams)
  • Ability to speak with both technical rigor and managerial readability to communicate risk posture
  • Primary contact for internal/external audit (PwC) on:
    • Infrastructure-based IT policy
    • Evidence requests
    • Findings management
  • Produce detailed status reports for senior leadership on:
    • Compliance posture
    • Open findings
    • Vendor remediation progress

5. Technology Risk & Continuous Improvement

Perform periodic risk assessments to identify control deficiencies and report ability through troubleshooting to senior management, including gaps on:

  • Compliance implications of emerging technologies

  • Modernisation programmes and infrastructure strategies

  • Meet new obligations (e.g., FCA and Lloyd’s’ requirements)

  • Forefront containerisation, regulatory reporting risks, and emerging infrastructure risks

  • Standardise and continuously improve the compliance programme, e.g., through structured guidance and training for:

    • Infrastructure teams
    • Multidiscipline application owners
  • Strategically align ISO 27001 requirements when applicable to the broader environment

  • Maintain organisation-wide compliance awareness, interfacing with regional Business Risk Owners, the Internal Audit (IA) Office, and PwC


Experience: Required Skills & Qualifications

Experience & Knowledge

Minimum 5 years in relevant field, including:

  • Experience in IT compliance, audit, or technology risk, preferably within:
    • Financial services
    • Insurance
    • Big 4 consultancy-facing audit
  • Proven ownership of managing SOX ITGC programmes, including:
    • Proactive monitoring
    • Failure/failures management
  • Technical collaboration with architects in managing infrastructure and platform risk (from highly unstructured to structured, highly integrated systems) process
  • Previous engagement with Big 4 external audit, either from a client perspective or equivalent auditor-side experience
  • Technical expertise in SOX ITGC domains, including:
    • Logical access controls
    • Change control governance
    • Credential management
    • Thermal data protection and integrity validation
  • Familiarity with privileged access management tools, such as:
    • CyberArk
    • SailPoint
  • Infrastructure expertise, including:
    • Microsoft Windows Server, including API management
    • Linux/AIX, iSeries (AS400)
    • Oracle Database & SQL server & other database platforms
    • Server hardening and data protection
  • Ability to critically assess architecture documents, identifying potential hotspots before production release — with Cybersecurity common controls experience
  • Regulatory working knowledge of European compliance frameworks, including:
    • GDPR technical/legal obligations
    • Operational resilience (DORA)
    • Financial Conduct Authority (FCA) and Lloyd’s regulatory standards

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job

Qualifications

  • Bachelor’s degree in:
    • Computer Science
    • Information Technology or related field
  • Preferred certifications:
    • Certified Information Systems Auditor (CISA)
  • Advantageous certifications:
    • CRISC, CISM or equivalent

We Offer

Competitive Package

  • Competitive salary & pension scheme
  • Discretionary bonus scheme
  • 25 days annual leave, with option to purchase additional days
  • Hybrid working policy
  • Private Medical Cover (pmpc)
  • Employee Share Purchase plan
  • Life Assurance
  • Subsidised gym membership
  • Comprehensive learning and development
  • Employee Assistance Programme

Our core values define the way we work: Integrity. Client focus. Respect. Excellence. Teamwork Fundamentals.


Workplace Mission & Culture

At Chubb, people are our competitive advantage.

Our recruitment process is inclusive, fair, and driven by diversity. We encourage candidates to:

  • Any adjustment is necessary to accommodate disabilities, long-term health conditions, or needs during recruitment
  • continue as: , support, professionalism, and business.
Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

IT Compliance
SOX ITGC
Control Design
Change Management
Data Protection
Risk Assessment
Cloud Migrations
Infrastructure Architecture
Privileged Access Management
GDPR
DORA
Continuous Improvement
Stakeholder Engagement
Audit Management
Technical Controls
Operational Resilience

Location

London, England, United Kingdom

Sign up to applySee more jobs like this