Internal Only - Deputy Head of Internal Audit (IT Specialist) en Cardiff University
Cardiff University · Cardiff, Reino Unido · Onsite
- Senior
- Oficina en Cardiff
Advert
This post is currently open to employees of Cardiff University only. Please do not apply if you do not have a current contract of employment with the University.
Internal Applicants Only - Deputy Head of Internal Audit (IT Specialist)
The Deputy Head of Internal Audit (IT Specialist) will spearhead the planning, development, and implementation of all University’s IT Audit and Data Analytics strategies. This role is pivotal in moving the Internal Audit Service forward through ensuring that it can adapt its processes to meet the demand of the University as the use of technology and AI increases. The Deputy Head of Internal Audit (IT Specialist) will lead not only the IT Audit Strategy but will also be responsible for ensuring wider audit coverage in non-IT audits through increased use of data analytics as well as identifying areas for continuous auditing.
The role holder will be responsible for the overall management and delivery of the University’s IT Audit Strategy as well as increasing the use of data analytics across the whole of the IT Audit Plan. They will also be responsible for evaluating the service’s use of technology and incorporating generative AI where possible into audit techniques to improve efficiency of audits, increase audit coverage and keep pace with the rapidly changing digital environment at the University.
This role ensures that digital infrastructure, data management, and cybersecurity practices align with sector regulations, institutional policies, and strategic objectives.
In order to achieve this the role holder will be expected to:
Internal Applicants Only - Deputy Head of Internal Audit (IT Specialist)
The Deputy Head of Internal Audit (IT Specialist) will spearhead the planning, development, and implementation of all University’s IT Audit and Data Analytics strategies. This role is pivotal in moving the Internal Audit Service forward through ensuring that it can adapt its processes to meet the demand of the University as the use of technology and AI increases. The Deputy Head of Internal Audit (IT Specialist) will lead not only the IT Audit Strategy but will also be responsible for ensuring wider audit coverage in non-IT audits through increased use of data analytics as well as identifying areas for continuous auditing.
The role holder will be responsible for the overall management and delivery of the University’s IT Audit Strategy as well as increasing the use of data analytics across the whole of the IT Audit Plan. They will also be responsible for evaluating the service’s use of technology and incorporating generative AI where possible into audit techniques to improve efficiency of audits, increase audit coverage and keep pace with the rapidly changing digital environment at the University.
This role ensures that digital infrastructure, data management, and cybersecurity practices align with sector regulations, institutional policies, and strategic objectives.
In order to achieve this the role holder will be expected to:
- Develop and own the University IT Audit Universe, identifying the key areas of risk and assurance in the digital sphere at the University.
- Define and develop the University’s approach to IT Audits, including the development of programmes that predict vulnerabilities that may occur and provide relevant and timely recommendations to address any weaknesses identified.
- Work with senior stakeholders to identify key digital developments across the University and assess how internal audit can best be used to provide assurance over their risk and control environments.
- Develop the Internal Audit Service’s use of data analytics including identifying how and where they can best be used to optomise outcomes for management. This will include training of non-IT auditors within the team to develop audit capability and resilience.
- Report findings of IT related audits to senior management, UEB and the Audit & Risk Committee to ensure that issues can be surfaced and addressed in a timely manner.
- Identify opportunities for upskilling the existing Internal Audit team in terms of IT Audit to increase coverage and resilience in this area.
This post is full-time and open-ended.
Salary: £61,759 - £67,468 per annum (Grade 8). This may be increased up to £74,458 per annum for exceptional candidates.
Closing date: Friday, 14 November 2025
External applications are currently not being considered for this post. If the decision is made to open the post to external candidates, the strapline at the top will be removed and you will be given ample time to apply – please check back periodically for details.
Cardiff University is committed to supporting and promoting equality and diversity and to creating an inclusive working environment. We believe this can be achieved through attracting, developing, and retaining a diverse range of staff from many different backgrounds. We therefore welcome applicants from all sections of the community regardless of sex, ethnicity, disability, sexual orientation, trans identity, relationship status, religion or belief, caring responsibilities, or age. In supporting our employees to achieve a balance between their work and their personal lives, we will also consider proposals for flexible working or job share arrangements.
Applications may be submitted in Welsh, and an application submitted in Welsh will not be treated less favourably than an application submitted in English.
Salary: £61,759 - £67,468 per annum (Grade 8). This may be increased up to £74,458 per annum for exceptional candidates.
Closing date: Friday, 14 November 2025
External applications are currently not being considered for this post. If the decision is made to open the post to external candidates, the strapline at the top will be removed and you will be given ample time to apply – please check back periodically for details.
Cardiff University is committed to supporting and promoting equality and diversity and to creating an inclusive working environment. We believe this can be achieved through attracting, developing, and retaining a diverse range of staff from many different backgrounds. We therefore welcome applicants from all sections of the community regardless of sex, ethnicity, disability, sexual orientation, trans identity, relationship status, religion or belief, caring responsibilities, or age. In supporting our employees to achieve a balance between their work and their personal lives, we will also consider proposals for flexible working or job share arrangements.
Applications may be submitted in Welsh, and an application submitted in Welsh will not be treated less favourably than an application submitted in English.
Job Description
Key Duties
- Provide leadership and expert professional advice and guidance to senior leaders in the area of IT risk and controls, including the University Executive Board, Vice-Chancellor, the Audit & Risk Committee, Council and Medr (through the University’s Audit & Risk Committee)
- Shape and drive the IT and digital elements of the internal audit strategy, to ensure audit activity is aligned with the University’s strategic priorities, emerging risks and vulnerabilities
- Partner with senior leadership to develop a comprehensive IT Audit Universe, assurance map and an annual IT Audit Plan, that drives the design, execution and reporting of IT-specific audits, while ensuring IT risks are effectively addressed across non-IT audits
- Lead the adoption and development of advanced data analytics, AI and technology-enabled audit techniques for the Internal Audit Service, to ensure audit programmes are able to challenge and interpret changing university practices and processes
- Deputise for the Head of Internal Audit, providing leadership and strategic direction to the internal audit function of the university, managing the internal audit team to provide operational guidance and professional development
- Ensure the Annual IT Audit Plan is delivered to time and budget providing the required assurances and identifying key areas for improvement in the digital sphere
- Provide technical leadership and guidance to the internal audit service in ensuring compliance with the IT and data analytics elements of the Global Internal Audit Standards
- Assess the adequacy and effectiveness of IT controls in line with sector standards (e.g., UCISA, Jisc, ISO 27001, Cyber Essentials)
- Identify risks and control gaps and provide practical recommendations to improve resilience and compliance
- Review and update the IT Audit plan on a regular basis to ensure that audit resource is targeted to those areas where it is most needed, reflecting the changing risks and priorities of the University
- Identify opportunities for improved use of technology and AI within the Internal Audit Service and lead on their development and embeddedness within the service’s procedures
- Manage (directly or in the absence of the HoIA) individuals, ensuring clarity of role and alignment of performance objectives with those of the Internal Audit Strategy 2025-28.
- Provide training and guidance to all team members in the use of data analytics and generative AI and develop procedures for the team to follow in these area.
- Mentor team members in developing their IT audit skills and where team members would like to gain an IT audit accreditation provide the professional sign-off required by the awarding body.
- Assist the Head of Internal Audit with the development of a Quality Assurance and Improvement Plan to ensure compliance with the Global Internal Audit Standards
- Work closely with University IT Department and the Head of Internal Audit to ensure that digital risks are adequately captured and responded to in a timely manner
- Proactively manage and understand the interdependencies between the IT Audit plan and the wider University plan, ensuring that there is effective communication across both the Internal Audit Service and wider university
- Actively participate in internal audit and higher education networks to develop good practice and provide benchmarking where possible
- Undergo personal and professional development that is appropriate to the role and which will enhance performance
- Ensure that an understanding of the importance of confidentiality is applied when undertaking all duties
- Abide by University policies on Health and Safety and Equality and Diversity
- Perform other duties occasionally which are not included above, but which will be consistent with the role
Salary Range Max.
67,468 (up to £74,458 for exceptional candidates)
Grade
Grade 8
Salary Range Min.
61,759
Job Category
Management & Executive
Career Pathway
Managerial, Professional and Specialist Staff – MPSS
Person Specification
Essential Criteria
- Professional certification such as CISA, CISM, CISSP, or equivalent
- Proven ability in the management and successful delivery of audit plans in a large multifaceted organisation.
- Demonstrable experience in IT auditing, risk management, and cybersecurity.
- Knowledge of cloud platforms (e.g. Microsoft Azure) and enterprise systems (e.g. Oracle).
- Proficient with data analytics tools such as Power BI, ACL, IDEA.
- Demonstrable leadership and mentoring skills including assisting more junior staff in achieving their IT audit qualifications.
- Excellent Senior stakeholder management skills with the ability to communicate at all levels, employ differing communication techniques to support assimilation of information. demonstrating the sensitivities required to balance and resolve issues, define priorities and ensure understanding and buy in to the audit process and benefits.
- Excellent analytical, communication, and report-writing skills.
- Ability to work independently and manage multiple priorities
- Experience in the UK Higher Education sector or public sector.
- Familiarity with research data management, student systems and virtual learning environments.
- Commercial audit experience.
- Welsh Speaker
