IT Risk & Compliance (SOX) Lead

Job PurposeThe primary purpose of this role is to ensure the organization’s IT systems and processes comply with CCEP’s internal policies and procedures and that we are aligned to Sarbanes-Oxley Act (SOX), and other external requirements. The professional will be responsible for developing, implementing, and maintaining IT security policies, procedures and controls to safeguard the integrity, confidentiality, and availability of our information assets. This role involves conducting regular 2nd line review activities such as; risk assessments/audits and compliance checks to identify and mitigate potential security threats and vulnerabilities. The professional will collaborate with various departments to ensure that all IT-related activities align with regulatory standards and best practices, thereby supporting the organization’s overall governance, risk management, and compliance objectives.Key ResponsibilitiesAs a Senior Manager IT Risk & Compliance, your key responsibilities will be:Ensuring that our IT system landscape is managed in line with our control framework, policies and procedures and our SOX requirements as well as our other compliance frameworksEnsuring that future system integrations as part of our transformational projects are CCEP and SOX compliant.Identifying opportunities and improvements and drive for change to implement improvement processes and improved controlsEngaging and supporting the IT organization and business to align priorities and plans with key business objectives while ensuring that our key risks and controls are addressedActing as an empowered representative of the information security office during IT planning initiatives to ensure that security measures are incorporated into strategic IT plans and that service expectations are clearly definedResponsible for working with business and IT stakeholders to balance real-world risks with business drivers such as speed, agility, flexibility and performance. As such, the candidate is responsible to build strong relationships at all levels and across all business units and organizations, and understand business imperativesEXPERIENCE (On The Job)Overall, extensive hands-on experience with SOX compliance, including conducting risk assessments, project improvements and implementing controls, including but not limited to:Monitoring of IT General control initiation, execution, quality and compliance with (different) requirementsConducting and managing SOX compliance audits, including IT General Controls (ITGC) and application controlsPerforming risk assessments to identify potential security threats and vulnerabilitiesDeveloping and implementing remediating and mitigating strategies to address identified risksWorking closely with various departments, including finance, internal audit, and IT, to ensure alignment with SOX compliance requirementsLeading the transformation and transition of control ownership to the appropriate departments (structure, setup and support transition)Educating control owner on effective compliance processes and the importance of maintaining robust controlsMaintaining comprehensive documentation of compliance activities, audit results and risk assessmentsReporting to senior management and external auditorsStrong understanding of business applications, including ERP and financial systemsQualificationsAt minimum, 6-8 years of experience in IT Security, Compliance or audit roles with relevant SOX auditing and/or Risk Management experienceBachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related field. Advanced degrees (e.g., Master’s) in relevant fields would be an advantage. Relevant and recent working experience with a BIG-4 firm is a preferableHands-on SAP (ECC, GRC, HANA) experience in running detailed analysis through SAP default t-codes, programs or reportsExperience with management and implementation of information security risk management standards e.g. NIST or ISOCertifications such as ‘Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Sarbanes-Oxley Expert (CSOE) or similar