Expression Of Interest: Compliance Manager - GRC

Add expected salary to your profile for insights

BAT is evolving at pace into a global multi-category business. Our purpose is to create A Better Tomorrow™ by Building a Smokeless World. To achieve our ambition, we are looking for colleagues who are ready to join us on this journey! Tomorrow can’t wait, let’s shape it together!

British American Tobacco has an exciting opportunity for a Compliance Manager - GRC in Malaysia

The Compliance Manager is responsible to drive the Governance Adherence and Execution of Compliance Operations associated with Control Processes across Global SOx (Sarbanes Oxley) in scope systems within BAT landscape. This role collaborates with IT System Owners, Control Owners, Global Process Owners (GPO), Risk & Compliance Team, and Business Control Team, to ensure Timely and Quality Delivery of Effective Control / Compliance Procedures in full Completeness and Accuracy (C&A).

• Deliver day-to-day work streams related to IT SOx (Sarbanes Oxley Act) and IT General compliance across SAP and Non-SAP IT Applications and Infrastructure controls.
• Monitor, track and review performances of centrally operated IT controls operated by 3rd party vendors and BAT teams. Performances and action plans to be reported to Compliance Manager on a regular basis.
• Collaborate and manage compliance discussions with IT System owners, and Internal/External Control Operators to ensure quality, consistency, and operability of new and existing controls.
• Produce structured and insightful analysis of where to remediate areas of non-compliance to the various existing control frameworks in place within BAT; work with service owners and 3rd party vendors to resolve / manage remediations until closure.
• Plan and support SOx Design Effectiveness (DE) and Operational Effectiveness (OE) testing of centrally operated SOx and IT General Controls.
• Manage and track audit change request, and standard control operation queries with BCT (Business Controls Team) Auditors and DBS Risk and Compliance Team.
• Facilitate and drive discussions on new system onboarding and offboarding for centrally operated SOx (Sarbanes Oxley Act) and ITGC (IT General Controls).
• Manage operations repository and evergreen of compliance operations documentation (Control artifacts, Standard Operating Procedures (SOP), work instructions, reconciliation reports etc).
• Lead Continuous Service Improvement (CSI) initiatives to identify, prioritize and drive measurable improvements in control effectiveness, automation, and operational efficiency.
• Facilitate and/or support remediation activities on any control deficiency or IRI (Immediately Reportable Incident) with impact to controls.
• Establish and nurture strong collaborative relationships with BAT IDT Services and Tech Delivery Team, ensuring consistent engagement through regular progress updates and timely resolution of audit and compliance-related requests.

Core Competencies

• Deep understanding of SOx, ITGC, and internal control frameworks specifically in the domain of Access and Change Management.
• Experience with SAP GRC (Governance, Risk, Control) and/or IAM (Identity and Access Management) interfaces and processes.
• Experience in large global organisation using in-sourced and out-sourced IT service providers, and a good working knowledge of the management of global applications services.
• Ability to assess risks, conduct audits, and implement control improvements.
• Demonstrates strong written, verbal, and presentation skills with the ability to communicate complex IT concepts in a clear and relatable manner to senior management and non-technical stakeholders.
• Proficient in data analysis and reporting on MS Excel.
• Familiarity with ServiceNow (or other ITSM tool), SharePoint, and any audit tracking tools.
• Attention to Detail: Precision in reviewing policies, controls, and audit evidence.
• Analytical Thinking: Ability to interpret complex compliance data, identify risk areas and produce impact assessments and recommendations.
• Communication Skills: Clear articulation of compliance requirements to technical and non-technical stakeholders.
• Ethical Leadership: Uphold integrity and foster a culture of compliance.
• Project Management: Organize and oversee compliance initiatives within scope and timelines.
• Interpersonal Skills: Build strong relationships across departments and with external auditors.

• Degree educated, 5-8 years post graduate work experience in an IT Services environment and/or business facing IT role.
• More than 3 years’ experience in audit and compliance especially in the domain of Application Access Management and Change control testing.

• Professional certifications such as CISA (Certified Information Systems Auditor) or ITIL (Information Technology Infrastructure Library).
• Data Visualization & Reporting with Power BI.

• We offer a market leading annual performance bonus (subject to eligibility).
• Our range of benefits varies by country and includes diverse health plans, initiatives for work-life balance, transportation support, and a flexible holiday plan with additional incentives.
• Your journey with us isn't limited by boundaries; it's propelled by your aspirations.
• You will have access to online learning platforms and personalized growth programs to nurture your leadership skills.
• We prioritise continuous improvement within a transformative environment, preparing for ongoing changes.

We’re one of the few companies named as a Global Top Employer by the Top Employers Institute – certified in offering excellent employee conditions.

Collaboration, inclusion and partnership underpin everything we do here at BAT. We are looking forward to enabling every individual to thrive, regardless of gender, sexual orientation, marital or civil partnership status, gender reassignment, race, religion or belief, colour, nationality, ethnic or national origin, disability, age, skills, experience, education, socio-economic and professional background, veteran status, perspectives and thinking styles. We know that embracing talent from all backgrounds is what makes us stronger and best prepared to meet our business goals.