IT Risk & Compliance Director

Canon is hiring an IT Risk & Compliance Director to provide overall leadership and accountability for IT Compliance across the Canon EMEA organisation, including the definition, implementation, audits and improvement of IT Controls frameworks (User Access Management, Identity Access Management, GDPR and Quality Assurance).

Lead and manage IT interaction and communication with key internal and external stakeholders: Finance, HR, Internal Control, Internal Audit as well as External Auditors in the context of SoX compliance, financial year closure and statutory reporting.

Responsibilities

IT Internal Control Framework including User Access Management Framework:

• Ownership of defining, reviewing and updating of IT Internal Control Framework and UAM Framework
• Set all controls and define the control owner in IT Delivery, IT Operations and associated Business Operations
• Successfully obtain the approval of the external auditor at the beginning of the annual audit, as a fundamental control design to assess
• Ownership of implementing UAM Framework, including communication and stakeholder management with the Canon EMEA organisation

Identity Access Management Owner:

• Ownership of IAM within Canon EMEA
• Lead a fundamental revision of the IAM system and associated processes in IT Operations and Business Units/Functions (including HR)
• Maintain the IAM as the foundation of the Access Management
• Responsible for setups/controls through the IAM process
• Lead and manage the process for Business Unit/Function stakeholders to approve the IAM setup under their remit, with full understanding of good practice and appropriate setup

Governance:

• Ownership of IT Governance Framework (Charter)
• Ensure an IT Governance Framework (Charter) is defined, current, monitored and communicated. Ensure the IT Governance Framework is aligned with internal/external stakeholders and supporting the IT strategy and initiatives.
• Ensure set-up and execution and reporting on internal IT and external IT service providers are compliant with overall IT governance

GDPR:

• Ensure GDPR compliancy in IT Application systems
• Ensure the correction and prevention of non-compliancy in IT Applications, IT Organisation and all the associated processes
• Work closely with CDO and maintain the Data Privacy Charter

External Auditor Support:

• Be the owner of the IT relationship with External Auditors
• Organise all requests/questions from external auditor to IT Governance Committee
• Support Business Users to understand and execute their responsibilities related to IT Application Control (ITAC)
• Centrally manage all the communication from IT with external auditors
• Place all required explanations & discussions and make the recommendation to the SVP and VP of IT for the final judgement as Canon IT on the deficiency

Assess & Approve:

• Risk Control Matrix (RCM) in IT - Define Control Owner & Control Executer
• SoD (Segregation of Duties) & Roles
• Owner of System / Standard User Access Group
• User Access Group
• User Access Assignment (Check against SoD, Assignment through FAM)
• Internal Produced by the Entity (IPE’s) in Project
• Mitigation & Remediation plan & implementation
• Compliancy assessment and approval to all the delivery project through Quality Gates

Audit:

• IT General Control (ITGC) & IT Application Control (ITAC) process/execution
• Audit all related processes in IT and Business
• Identify the deficiencies, instruct corrections, ensure the implementation (remediation) and report to Sr. Management

Periodic Review:

• Business & IT User Access
• SoD Scan
• Leavers

Control Testing:

• Conduct internal testing and proving (right or wrong) upon IT Internal Control Framework
• Assess the materiality of any Deficiency incident and ensure implementation of mitigation and remediation. Ensure the correct production and collation of evidence.

Quality Assurance of the Compliance documentation:

• Ownership of documentation regarding the required quality of control execution
• Quality of control and the execution

Competence:

• Assess the competence of the organisation/units in the IT upon request and periodically for the IT Strategy. Keep the standard current and application to real operations.
• Frameworks include but are not necessarily limited to COSO, ITIL, CobiT, IT-CMF, CMMi, Prince2, MSP and relevant ISO standards.

People Leadership:

Lead, manage, recruit, develop and coach team members to be a high-performing, motivated and knowledgeable team.

IT Risk Management:

• Lead, oversee and maintain IT risk management framework
• Ensure development, implementation, and maintenance of IT Risk policies, standards, and procedures to manage IT risks effectively
• Ensure regular IT risk assessments are conducted
• Ensure the IT Risk Register is continuously maintained, updated, and aligned to ensure leadership visibility and judgement on risks, and mitigation actions
• Collaborate with IT, security, legal, and Regional Risk to address and mitigate identified risks
• Ensure creation of IT risk reporting to senior leadership aligning with regional risk reporting requirements and regulatory expectations

Review and challenge IT Strategy and IT Division MTPs, and provide feedback to IT leadership.

Qualifications

Skills and knowledge required:

• In-depth knowledge of best practices in IT Governance and IT Compliance in particular COBIT, IT-CMF and COSO
• Good understanding of ITIL, CMMi and relevant ISO chapters
• ITIL Foundation certified
• ISACA certified (2 out of 4)
• IT-CMF certified (Core & Assessor)
• General understanding of IT infrastructure components supporting IT Services
• Knowledge of definition and reporting on KPI’s
• Strong leadership capability to influence and ensure others comply with EIT standards of practice (frameworks), controls, policies and quality assurance principles
• Collaborates with others to achieve a common goal; authoritative leadership and decision-making when required
• Provide proactive recommendations for continuous improvement (quality-driven)
• Experience of defining, leading and driving broad-reaching process/policy reviews and audits
• Good understanding of the Canon Business
• Significant professional experience in IT, including leadership of people/projects
• Excellent communication and presentation skills, including presenting to and influencing at senior leadership level

Canon Leadership Principles

• Inspires a shared vision
• Is courageous and has conviction
• Ensures delivery of the outcome
• Understands the customer
• Drives growth and innovation
• Inspires and motivates others
• Collaborates building trust-based relationships
• Develops self, others and the organisation