Head of IT SOx

Howden is a global insurance group with employee ownership at its heart. Together, we have pushed the boundaries of insurance. We are united by a shared passion and no-limits mindset, and our strength lies in our ability to collaborate as a powerful international team comprised of 23,000 employees spanning over 56 countries.

People join Howden for many different reasons, but they stay for the same one: our culture. It’s what sets us apart, and the reason our employees have been turning down headhunters for years. Whatever your priorities – work / life balance, career progression, sustainability, volunteering – you’ll find like-minded people driving change at Howden.

Location: UK, London
Reports to: Group Head of SOx
Department: Risk
Type: Full-Time | Permanent

About the Company

We are a newly listed, fast-growing global insurance brokerage firm committed to delivering innovative risk solutions and exceptional client service. With operations spanning multiple continents, we are building a resilient, compliant, and technology-enabled business platform to support our ambitious growth strategy.

Role Overview

As the Head of IT SOx, you will lead the global IT SOx compliance program, ensuring the organisation meets all technology related regulatory requirements under Sarbanes‑Oxley (SOx) Section 404. You will be responsible for designing, implementing, and maintaining effective IT general controls (ITGCs), application controls, and automated controls across our technology landscape. This is a strategic leadership role requiring deep expertise in IT risk, controls, and audit, as well as the ability to influence cross‑functional stakeholders in a dynamic, post‑IPO environment.

Key Responsibilities

• Program Leadership

  • Develop and execute the global IT SOx strategy aligned with the company’s risk and compliance framework.

  • Build and lead the IT SOx function, including policies, standards, RACI, control library, and playbooks.

  • Lead the annual IT SOx scoping, risk assessment, and control design process.

  • Oversee the documentation, testing, and remediation of ITGCs and automated controls.

• Stakeholder Engagement

  • Partner with IT, Internal Audit, Finance, and external auditors to ensure timely and effective execution of SOx activities.

  • Provide guidance and training to control owners and process leads across the business.

• Controls Design, Execution & Quality

  • Ensure robust design and operation of ITGCs; drive control design in project/change lifecycles and cloud migrations.

  • Maintain a high quality evidence repository and documentation standards that are test ready.

  • Coordinate SOx walkthroughs, control owner training, and readiness assessments before formal testing.

• Governance & Reporting

  • Establish governance mechanisms to monitor control effectiveness and remediation progress.

  • Leverage GRC platforms for control inventory, issues, and evidence workflows.

  • Articulate KPIs/KRIs, dashboards, cadences, and executive reporting to the CRO, CTO, Risk and Audit Committee.

  • Report regularly to senior leadership and the Audit Committee on IT SOx status, risks, and issues.

• Continuous Improvement

  • Drive automation and efficiency in control testing and monitoring.

  • Stay abreast of regulatory changes and industry best practices to enhance the SOx program.

Tech Stack & Systems Expertise

Candidates should have hands‑on experience or oversight capabilities across the following technologies and platforms:

• ERP & Finance Systems:

  • Unit 4, OneStream, Workday Financials.

• Governance, Risk & Compliance (GRC):

  • ServiceNow GRC, AuditBoard, or similar platforms

• Cloud Infrastructure & Security:

  • Microsoft Azure, Amazon Web Services (AWS)

  • Azure EntraID, CyberArk, Sailpoint, CrowdStrike, GitLab

• Identity & Access Management (IAM):

  • Role‑based access controls, segregation of duties, privileged access management

• IT Service Management (ITSM):

  • ServiceNow

• Security & Compliance Frameworks:

  • COBIT, SOC 1/2, CIS Controls, ISO 27001, NIST CSF

Qualifications & Experience

• Bachelor’s degree in Information Systems, Accounting, or related field; CISA, CISSP, or CPA preferred.

• 10+ years of experience in IT audit, SOx compliance, or IT risk management, ideally within financial services or insurance.

• Proven track record of leading IT SOx programs in a public company environment.

• Expert knowledge of SOx404, ITGCs, IPE, EUC, IAM/SoD, and SDLC/change management across on‑premise and cloud environments.

• Demonstrated success passing Internal Audit and External Audit testing under PCAOB standards and closing complex deficiencies.

• Strong understanding of ITGCs, application controls, cloud environments, and cybersecurity frameworks.

• Leading global teams and managing different level of stakeholders.

• Excellent communication, leadership, and coaching.

Why Join Us?

• Be part of a high‑impact leadership team shaping the compliance culture of a newly listed global firm.

• Work in a collaborative, entrepreneurial environment with opportunities for growth and innovation.

• Competitive compensation, benefits, and flexible working arrangements.

A career that you define. At Howden, we value diversity – there is no one Howden type. Instead, we’re looking for individuals who share the same values as us:

• Our successes have all come from someone brave enough to try something new

• We support each other in the small everyday moments and the bigger challenges

• We are determined to make a positive difference at work and beyond

We're committed to providing reasonable accommodations at Howden to ensure that our positions align well with your needs. Besides the usual adjustments such as software, IT, and office setups, we can also accommodate other changes such as flexible hours* or hybrid working*.

If you're excited by this role but have some doubts about whether it’s the right fit for you, send us your application – if your profile fits the role’s criteria, we will be in touch to assist in helping to get you set up with any reasonable adjustments you may require.

*Not all positions can accommodate changes to working hours or locations. Reach out to your Recruitment Partner if you want to know more.

Permanent