Position:

Primary responsibilities of the "IT Controls Manager" are the ongoing maintenance and improvement of JTI's global internal controls framework, including IT controls. As a Japanese-listed multinational Company, JTI must comply with JSOX (Sarbanes Oxley equivalent) reporting, which requires managing the overall JSOX control framework (Finance and IT controls), performing self-assessment processes, liaising with internal & external auditors and remediating any issues highlighted.

The role reports directly to JTI HQ and the work demands a substantial understanding of IT processes. Regular cross-functional collaboration with all levels of management will be required to perform the role effectively.

Furthermore, the individual will also support the wider Corporate Controlling Team with Agile Project Support.

Responsibilities: 

• IT Controls Design – lead the design and implementation of IT Security controls across the organization, ensuring alignment with JSOX requirements and broader Corporate Policies and Procedures
• Access Management – oversee the controls related to access management, including provision, deprovisioning, and monitoring user access to ensure proper Segregation of Duties and prevent unauthorized access
• Change Management – manage IT change management controls to ensure that all changes to IT systems, application, and infrastructure are reviewed, approved, and documented in compliance with JSOX and IT Policies
• Operational controls – ensure operational IT controls are in place to support day-to-day function, including regular monitoring, backup processes
• Segregation of Duties – manage Segregation of Duties ruleset for SAP and non-SAP systems
• Control Assessment – oversee internal processes related to management self-assessment of internal security controls and JSOX remediation process
• JSOX Compliance – conduct comprehensive reviews of projects to ensure that they adhere to JSOX and IT control requirements
• Collaboration – work with cross-functional teams including Information Security, Identify and Access Governance, SAP Functional Consultants, Compliance, IT JSOX Coordinators, and External and Internal Auditors to ensure that security and control framework are integrated into day-to-day operations
• Reporting - preparation of the presentations and reports for Senior Management based on the obtained requirements