Director, Enterprise IT Risk Management & Audit Digital Leader

The Director, Enterprise IT Risk Management & Audit Digital Leader is responsible for defining, implementing, and overseeing the enterprise-wide IT risk management strategy, framework and execution.

Your role :

This role ensures alignment with internal audit, cybersecurity, compliance, and governance functions, and drives proactive risk mitigation across digital platforms, infrastructure, and applications.

The leader will serve as the primary liaison between IT and internal/external audit teams and executive stakeholders.

You will ensure alignment and readiness for all IT-related audits and will have 3 direct reports.

Your main responsibilities :

Strategic Risk Leadership


* Develop and execute the enterprise IT risk management framework aligned with business objectives and regulatory requirements.


* Define risk appetite and tolerance levels in collaboration with executive leadership.


* Lead risk identification, assessment, and mitigation strategies across IT domains.

Audit & Governance Coordination


* Act as the central point of contact for internal and external audits related to ITGC, ITAC, cybersecurity, and disaster recovery.


* Collaborate with audit teams to define scope, timelines, and deliverables.


* Facilitate walkthroughs, evidence collection, and stakeholder engagement across IT and business units.


* Track and report remediation efforts and audit findings.

Cybersecurity & Compliance


* Partner with cybersecurity teams to validate control design and effectiveness across identity management, endpoint protection, and incident response.


* Ensure readiness for frameworks such as NIST, ISO 27001, PCI-DSS, and GDPR.

IT General Controls (ITGC)


* Establish ITGC Framework for Enterprise IT.


* Support testing and documentation of controls related to access management, change management, backup and recovery, and segregation of duties.


* Ensure consistency across federated ERP systems and global platforms (e.g., SAP, Oracle, Coupa, SailPoint).

Application & Infrastructure Risk


* Oversee risk controls for application lifecycle management, including patching, configuration, and decommissioning.


* Coordinate with infrastructure and application owners to ensure DR plans are documented, tested, and aligned with policy requirements.


* Support network security audits and third-party access reviews.

Reporting & Communication


* Consolidate audit findings and track remediation plans across IT domains.


* Prepare executive dashboards and summaries for leadership.


* Communicate risk policies and processes across the organization.


* Provide training and awareness programs to foster a risk control culture.

Your profile :



* Master's or Engineer's degree in IT, Cybersecurity, Risk Management or related field


* Certifications such as CGEIT, CRISC, CISA, CISM, CISSP, PMP and/or ITIL are highly desirable.


* 10+ years of experience in IT risk manage...