Global IT Compliance Auditor

Job Description

Security, trust and strong controls are critical to how Sage operates — and this role helps make sure they stay that way.

We’re looking for an IT Compliance Auditor to join our Global IT Controls Compliance team. This is a hands‑on, mid‑level role where you’ll work across our technology landscape, partnering with teams to make sure our IT controls are not only compliant, but practical, effective and fit for a modern, global business.

Rather than acting as a “checker”, you’ll be a trusted partner — helping teams understand risk, strengthen controls and continuously improve how we govern our systems, data and change processes.

This is a hybrid role – three days per week in our Newcastle office.

Key Responsibilities

What you’ll be responsible for

Driving meaningful IT controls assurance

•  Oversee IT compliance and operational audits across security, data, operations and change management
•  Assess how controls are designed and how they work in practice — not just whether they exist on paper
•  Produce clear, robust audit evidence that can be relied upon by both internal and external auditors
  
  

Improving how we do governance

•  Refresh and improve audit approaches as technologies, risks and ways of working evolve
•  Help strengthen and standardise governance processes through the effective use of GRC tooling
•  Identify where controls can be simplified, strengthened or made more effective — and help teams get there
  
  

Working in partnership across Sage

•  Collaborate with application, infrastructure and IT operations teams across multiple regions
•  Clearly communicate audit findings, risks and recommendations to senior stakeholders
•  Support teams in defining realistic remediation plans and seeing them through to completion
  
  

Supporting external audit and compliance activity

•  Work closely with internal and external auditors to support annual IT General Controls and SOx testing
•  Act as a key point of contact, helping ensure audits run smoothly and findings are well understood
  
  

What we’re looking for:

You don’t need to tick every box, but the right person will likely bring:

•  Experience in IT compliance, risk or audit roles, with exposure to ITGC, SOx and control frameworks
•  A working knowledge of how controls apply to applications, infrastructure, operations and change
•  Confidence to challenge, influence and support teams in a constructive way
•  Strong analytical skills and the ability to get to the root cause of control issues
•  Clear communication skills — especially when translating technical or risk topics for non‑technical audiences
•  A collaborative, pragmatic mindset and the ability to manage competing priorities
  
  

Nice to have (not essential)

•  CISA (Certified Information Systems Auditor) or equivalent experience