IT Access Governance and Compliance Manager

BAT is evolving at pace into a global multi-category business. Our purpose is to create A Better Tomorrow™ by Building a Smokeless World. To achieve our ambition, we are looking for colleagues who are ready to join us on this journey. Tomorrow can’t wait, let’s shape it together!

Role: IT Access Governance and Compliance Manager (Compliance Manager)

Location: Subang Jaya, Malaysia

• Deliver to day-to-day work streams related to IT SOx (Sarbanes Oxley Act) and IT General compliance across SAP and Non-SAP IT Applications and Infrastructure controls. This includes IT Access Management and related Change Management controls.
• Monitor, track and review performances of centrally operated IT controls operated by 3rd party vendors and BAT teams. Performances and action plans to be reported to Compliance Manager on a regular basis.
• Collaborate and manage compliance discussions with IT System owners, and Internal/External Control Operators to ensure quality, consistency, and operability of new and existing IT controls.
• Produce structured and insightful analysis of where to remediate areas of non-compliance to the various existing control frameworks in place within BAT; Work with service owners and 3rd party vendors to resolve / handle remediations until closure.
• Plan and support SOx Design Effectiveness (DE) and Operational Effectiveness (OE) testing of centrally operated SOx and IT General Controls.
• Manage and track IT audit change request, and standard control operation queries with BCT (Business Controls Team) Auditors and DBS Risk and Compliance Team.
• Facilitate and drive discussions on new system onboarding and offboarding for centrally operated SOx (Sarbanes Oxley Act) and ITGC (IT General Controls).
• Manage operations repository and evergreening of IT compliance operations documentation (Control artifacts, Standard Operating Procedures (SOP), work instructions, reconciliation reports, etc).
• Lead Continuous Service Improvement (CSI) initiatives to identify, prioritize and drive measurable improvements in control effectiveness, automation, and operational efficiency.
• Facilitate and/or support remediation activities on any IT control deficiency or IRI (Immediately Reportable Incident) with impact to controls.
• Establish and nurture strong collaborative relationships with BAT IT Services and Tech Delivery Team, ensuring consistent engagement through regular progress updates and timely resolution of IT audit and compliance-related requests.

• Deep understanding of SOx, ITGC, and internal control frameworks specifically in the domain of Access and Change Management.
• Experience with SAP GRC (Governance, Risk, Control) and/or IAM (Identity and Access Management) interfaces and processes.
• Experience in large global organisation using in-sourced and out-sourced IT service providers, and a good working knowledge of the management of global applications services.
• Ability to assess risks, conduct audits, and implement control improvements.
• Demonstrates strong written, verbal, and presentation skills with the ability to communicate complex IT concepts in a clear and relatable manner to senior management and non-technical collaborators.
• Proficient in data analysis and reporting on MS Excel.
• Familiarity with ServiceNow (or other ITSM tool), SharePoint, and any audit tracking tools.

• Attention to Detail: Precision in reviewing policies, controls, and audit evidence.
• Analytical Thinking: Ability to interpret complex compliance data, identify risk areas and produce impact assessments and recommendations.
• Communication Skills: Clear articulation of compliance requirements to technical and non-technical stakeholders.
• Ethical Leadership: Uphold integrity and foster a culture of compliance.
• Project Management: Organize and be responsible for compliance initiatives within scope and timelines.
• Interpersonal Skills: Build strong relationships across departments and with external auditors.

• Degree Educated, 5-8 years post graduate work experience in an IT Services environment and/or business facing IT role.
• More than 3 years’ experience in audit and compliance specially in the domain of Application Access Management and Change control testing.

• Professional certifications such as CISA (Certified Information Systems Auditor) or ITIL (Information Technology Infrastructure Library).
• Data Visualization & Reporting with Power BI.

• We offer a market leading annual performance bonus (subject to eligibility).
• Our range of benefits varies by country and includes diverse health plans, initiatives for work-life balance, transportation support, and a flexible holiday plan with additional incentives.
• Your journey with us isn't limited by boundaries; it's propelled by your aspirations. Join us at BAT and become a part of an environment that thrives on internal advancement, where your career progression isn't just a statement – it's a reality we're eager to build together. Seize the opportunity and own your development; your next chapter starts here.
• You'll have access to online learning platforms and personalized growth programs to nurture your leadership skills.
• We prioritise continuous improvement within a transformative environment, preparing for ongoing changes.

We’re one of the few companies named as a Global Top Employer by the Top Employers Institute – certified in offering excellent employee conditions.

Collaboration, inclusion and partnership underpin everything we do here at BAT. We are looking forward to enabling every individual to thrive, regardless of gender, sexual orientation, marital or civil partnership status, gender reassignment, race, religion or belief, colour, nationality, ethnic or national origin, disability, age, skills, experience, education, socio-economic and professional background, veteran status, perspectives and thinking styles. We know that embracing talent from all backgrounds is what makes us stronger and best prepared to meet our business goals.

We see the career breaks as opportunities not obstacles. Through The Global Returners program, we support professionals looking to restart their careers after an extended absence from the workforce (e.g. time out caring for family, parental leave, national service, sabbatical and/or starting an own venture).

Come bring your difference and see what is possible for you at BAT. Learn more about our culture and our award winning employee experience here.

If you require any reasonable adjustments or accommodations to help you perform at your best during the recruitment process, you are encouraged to notify us. We are fully committed to support you by making appropriate arrangements for you to demonstrate your full potential.