Internal Control Assurance Manager

Are you a critical thinker who likes to analyze complex topics and provide insights on technologyrisks Do you enjoy working in a global and diverse team Join us at Internal Control Assurance &Reporting (ICAR) Team and help us to advance Swiss Re's resilience.

About the Role:

As an Internal Control Assurance Manager in ICAR team, you will mainly perform internal controlstesting and reviewing activities by reviewing front-to-back processes and controls in CyberSecurity and Information Technology areas and developing automated control testing solutions.You will have the opportunity to get to know many areas of Swiss Re and learn about theirprocesses and controls.

This role offers you regular exposure to Swiss Re's Management and an opportunity to deal withthemes that have organizational impact and to drive the risk culture and control related behaviorof Swiss Re.

Key Responsibilities:

• Perform testing and review procedures on internal controls (ITGC/ITAC) over CyberSecurity and Information Technology across various areas such as Identity and AccessManagement, Backups, Incident, Change & Continuity Management, etc.
• Ensure timely and accurate documentation of testing procedures and clearpresentation of findings to the relevant stakeholders
• Assess and validate identified control deficiencies, ensuring appropriate severityassessment and clear, well-articulated documentation of observations
• Define the testing approach, sampling methodology, and timelines as well as Reviewand challenge workpapers prepared by team members to ensure completeness,accuracy, and high-quality of documentation in line with internal standards
• Engage with various stakeholders such as control owners, IT stakeholders, ExternalAuditors and Control functions across the business representing the ICAR team
• Develop and maintain automated control testing solutions by leveraging dataanalytics
• Provide guidance, coaching, and technical support to team members as well asactively contribute to continuous improvement initiatives, including standardization oftesting practices and team capability building

About the Team:

The Internal Control Assurance & Reporting (ICAR) Team is responsible for assessing the designadequacy and operating effectiveness of Swiss Re's internal controls. We liaise closely withOperational Risk Managers, Group Internal Audit, Governance Teams, External Auditors andSwiss Re Management. Through our controls testing and assurance activities, we identify areasof control weaknesses and contribute to an improved control framework to ensure operationalrigor and effective control related behavior across the Swiss Re Group.

In our work, we apply innovative techniques and use data analytics and automation within ourassurance and testing processes. The ICAR team is part of Group Functions and Operational Risk Management, which consists ofrisk professionals with diverse backgrounds spanning different locations andcompetencies.

About You:

We are looking for candidates who meet these requirements:

• 10+ years of work experience in IT assurance functions (internal / external auditing,control testing, risk management) and/or practical experience in the field of IT and CyberSecurity within financial services industry
• Thorough understanding of IT risk and control frameworks (e.g., COSO, COBIT),Domains of Access Management, SDLC & Change Management, Computer Operations, andControl Design and Testing of SOX IT General Controls (ITGC) and/or IT Application Controls(ITAC).
• Strong knowledge of SQL and relational databases, with proficiency in programminglanguages such as Python or R, and experience in developing and maintaining automatedcontrol testing solutions leveraging data analytics familiarity with data analytics andvisualization tools (e.g., Palantir Foundry, Power BI) is preferred
• Experience in auditing financial applications, cyber security practices, privacy, andvarious infrastructure platforms - Unix, Linux, Windows, SQL Server, Oracle Databases aswell as knowledge of Cloud Security (AWS, Azure and Google Cloud) and DevSecOpspractices will be considered advantageous
• Hands-on experience with AI is considered a value-add, particularly in applying AI fordriving audit efficiency and leveraging Generative AI solutions for automated testing,documentation, and data analysis
• High attention to detail with a strong risk and control mindset with proven experiencein reviewing workpapers and identifying control gaps and communicating audit findings andcontrol deficiencies to Senior Management
• University degree in related field, and a qualified CISA / CISM / CRISC / CISSP / ISO27001 LA professional certification is a plus.
• Critical thinker that sees the big picture (e.g. overall themes, trends, goals)
• Result oriented individual, with agile mindset and ability to work independently, ableto plan well, work in the field, collaborate in a global and fast-paced environment andable to deliver results in time
• Effective stakeholder management and communication skills, able to gain andmaintain trust while delivering difficult messages
• Team worker, able to listen to others/but also influence and guide team members aswell as ability to review, challenge, and provide constructive feedback
• Fluent in English, written and spoken.

Our company has a hybrid work model where the expectation is that you will be in the office atleast three days per week.