Internal Control Assurance Professional

About the Role 

You will mainly perform internal controls testing activities by reviewing front-to-back processes and controls in Cyber Security and Information Technology areas and develop automated control testing solutions. You will have the opportunity to get to know many areas of Swiss Re and learn about their processes and controls.  

This role offers you regular exposure to Swiss Re's Management and an opportunity to deal with themes that have organizational impact and to drive the risk culture and control related behavior of Swiss Re. 

Key Responsibilities 

• Perform testing procedures on internal controls over Cyber Security and Information Technology across various areas such as Identity and Access Management, Backups, Incident, Change & Continuity Management etc. 

• Document your testing procedures and present findings to the relevant stakeholders 

• Develop and maintain automated control testing solutions leveraging on data analytics 

• Engage with various stakeholders across the business representing the ICAR team  

About the Team 

The Internal Control Assurance & Reporting (ICAR) Team is responsible for assessing the design adequacy and operating effectiveness of Swiss Re's internal controls. We liaise closely with Operational Risk Managers, Group Internal Audit, Governance Teams, External Auditors and Swiss Re Management. Through our controls testing and assurance activities, we identify areas of control weaknesses and contribute to an improved control framework to ensure operational rigor and effective control related behavior across the Swiss Re Group. ​ 

In our work we apply innovative techniques and use data analytics and automation within our assurance and testing processes.  

The ICAR team is part of Group Functions and Operational Risk Management, which consists of risk professionals with diverse backgrounds spanning different locations and competencies.   

About You 

• 4-6 years of work experience in IT assurance functions (internal / external auditing, control testing, risk management) and/or practical experience in the field of IT and Cyber Security 

• Good understanding of IT risk and control frameworks and the underlying technologies, concepts, and processes 

• Strong knowledge of SQL and relational databases and proficiency in programming languages such as Python or R. Knowledge of data analytics and visualization applications (e.g., Palantir Foundry, Tableau) is preferred.  

• University degree in related field, qualified or working towards a CISA, CISM, CISSP, CSX-P, CIA or CRISC professional certification is a plus.  

• Knowledge of Cloud Security and DevSecOps practices will be considered advantageous 

• Critical thinker that sees the "big picture" (e.g. overall themes, trends, goals) 

• Result oriented individual with agile mindset and ability to work independently, able to plan well, work in the field and able to deliver results in time 

• Good communicator, able to gain and maintain trust while delivering difficult messages 

• Team worker, able to listen to others but also influence 

• Fluent in English, written and spoken.