Senior IT and Business Change Auditor

Business Area

Head Office, IT



Contract Type

Full Time



Closing Date


Company description

We are the AA. And we keep everyone’s show on the road. There for our customers wherever and whenever they need us, we’re always ready for anything. That’s why, for over 100 years, we’ve continued to evolve and adapt. Today, as the nation’s number one motoring organization, we offer a range of excellent products and services to millions of customers.

Location: Basingstoke                                                                                                                                         

Salary: £41,716 - £80,166

This is the job

To plan, manage and deliver audits and other assurance work across a variety of business areas, to support development and delivery of the annual internal audit plan and provide a sound opinion to the business on the effectiveness of the internal governance, risk management and control systems with a particular focus on technology, digital and programme governance areas.

What will I be doing?

  • Delivering individual audit assignments, end to end, working with a high degree of autonomy. Audit delivery will include designing and executing appropriate testing strategies to provide a robust opinion on the design and operating effectiveness of the controls, agreeing pragmatic management actions and using knowledge of the business and risk to ensure that the significant issues are identified, and reported with authority and credibility.
  • Delivering advisory audit activity, in the area of programme change management. Among other things this will include building strong relationships with key IT and Change stakeholders, providing ongoing / real-time assessments in respect of key Change programmes, adding significant value to programmes with a key objective to help management continually improve governance and internal control.
  • Completing issues follow-up work to validate the effectiveness of the actions taken by management, to address audit issues and to mitigate risk to an acceptable level.
  • Leading the assessment of controls and processes across the business in respect of cyber and digital risks, programme governance and change management, and general IT controls.
  • Provide knowledge, input and support to the rest of the Group Internal Audit team as required to help ensure technology, digital and change aspects are appropriately considered in all assignments.
  • From time to time as may be appropriate, support the HIA with duties and tasks as his representative in his absence.
  • Adherence to the Chartered Institute of Internal Audit Professional Standards and the AA’s internal audit methodology.
  • Building and managing strong working relationships with management and other stakeholders.
  • Self-identifying training needs to ensure knowledge of internal audit standards is up-to-date and develop soft skills, such as relationship building as well as technical and industry knowledge.

What do I need?

Capability, Knowledge and Experience:

  • Someone with proven post-qualification experience in a medium or large-sized organisation in a senior internal audit role undertaking reviews of key technology risk areas, such as cyber security and digital, and major change and transformation programmes.
  • Someone who clearly understands the concepts of risk, controls and governance.
  • An individual with good analytical skills; a logical, structured approach; sound judgement and intellectual curiosity to understand and analyse a range of different business and commercial scenarios.
  • Experience of working within an FCA regulated business would be advantageous.
  • An individual who can demonstrate they have the aptitude and commitment to develop and progress within both the role and the organisation.
  • Someone who has good listening and communication skills – both written and oral – and is able to use these skills effectively to build strong relationships across the business.

Education and Qualifications:

  • Educated to degree level (desirable) and a good level of secondary education (necessary).
  • Professional qualifications that may be suitable for the role include – CISA, CISSP, MIIA, CIA other accountancy or risk qualifications, or relevant experience.

Personal Characteristics:

  • Ability to proactively manage a portfolio of work, and to balance the demands of maintaining high quality work and delivering to deadlines.
  • Has an enquiring mind and tenacity, whilst maintaining objectivity.
  • Quickly gets to grips with understanding new businesses, process or products. Able to logically analyse and assess these.
  • A great communicator. Can form a rapport with people at all levels of the business. Listens to others, and demonstrates that they have listened.
  • Is not intimidated by challenging or senior individuals in the business. Has the courage of their conviction.
  • Sound use of judgement. Raises and reports only material issues, and is able to agree practical and efficient solutions with the business.
  • A “team player” – someone who others like to work with, and who supports the team but who is also comfortable working on their own.

Additional Information

What else is expected of me?

Good conduct matters at the AA.  It's very important that you act with honesty & integrity, are respectful of others and have a consistent desire to do the right thing. You must be able to keep sensitive business or department information secure and confidential.

Everyone at the AA lives these behaviours, so we are all able to support the delivery of good outcomes for our customers.