We are looking for an ITSM Compliance Specialist to ensure transparency and reliability of IT processes, conduct internal and external audits, assess risks, and implement effective control measures. The role includes process automation, analytical reporting (Grafana, Tableau), working with ITSM and GRC platforms, and fostering a culture of compliance with ISO, SOC 2, and SOX-ITGC standards.
- GITC Program Leadership: Lead the execution of inDrive’s Design and Implementation Plan for GITC Controls; own program governance, milestone tracking, and deviation management; report progress to the Management Board and Board of Directors on a monthly/quarterly basis.
- Control Design & Implementation: Design and implement controls across all GITC domains — access security (user provisioning, SoD monitoring, privileged access, IAM/IGA integration), program change management (application, database, and system software changes), system configurations, data center and network operations, and data quality management (DWH replication, backup, application controls).
- Material Weakness Remediation: Drive full remediation of Material Weaknesses #2 (Deficient General IT Controls) and #3 (Deficient Controls over Data Warehouse) identified in the inDrive Audit reports; ensure all remediation activities are tracked, evidenced, and validated for sustained effectiveness prior to audit assessment.
- Technology Risks & Controls Function: Build and lead the Technology Risks and Controls function; establish GITC governance, monitoring, control design validation, audit support, testing of design and control effectiveness, and continuous improvement activities across the organization.
- Compensating Controls & Financial Risk Mitigation: During the remediation period, design and maintain manual compensating controls (reconciliations of PSP/platform data, DWH tie-outs, flux analysis) to reduce the likelihood of material misstatement in financial reporting arising from GITC deficiencies.
- Cross-Functional Coordination: Coordinate with 14+ Technology teams (Platform, Product, Infrastructure, DWH, Security) to ensure ownership of all in-scope assets and controls; promote awareness and adoption of GITC principles across relevant teams.
- Audit & SOX Compliance Support: Act as primary point of contact for EY and Internal Audit on GITC scope, documentation requirements, and SOX 404 compliance; ensure complete, current, and accessible evidence for all in-scope controls across all systems.
- Control Monitoring & Continuous Improvement: Establish annual control review and testing cycles to assess completeness, operational effectiveness, and sustainability of GITC controls; drive ongoing improvement practices.
- Governance Documentation: Finalize and maintain the IT Control Matrix (systems, risks, control activities, owners, frequencies, SOX alignment); complete end-to-end IT process mapping and system flow documentation across all in-scope applications and infrastructure.
- Team Building: Recruit and develop the Technology Risks and Controls team; the dedicated leader is expected to be in place by 30.09.2026; foster a culture of control ownership across all 14 Technology teams.
- 5+ years of experience in ITSM, Service Management, IT Governance, or IT Audit
- Strong knowledge of ITIL v3/v4 and hands-on experience with Incident, Problem, Change, Request, CMDB
- Experience preparing for or supporting ISO 20000, ISO 27001, SOC 2, or SOX-ITGC audits
- Technical understanding sufficient to validate engineering solutions against ITGC and compliance requirements
- Experience with ITSM platforms and GRC tools (Jira Service Management, Jira, Vanta)
- Strong analytical and reporting skills with PowerBI, Grafana, or Tableau
- Ability to formalize processes and write standards, procedures, and methodologies
- Nice to have: ITIL v4 MP, ISO 20000, COBIT-2019, experience automating compliance checks, IT control testing skills, cloud experience (AWS/GCP/Azure), understanding of DevOps/SRE practices, CISA/CISM certifications.
- Stable salary, official employment.
- Health insurance.
- Hybrid work mode and flexible schedule.
- Relocation package offered for candidates from other regions.
- Access to professional counseling services including psychological, financial, and legal support.
- Discount club membership.
- Diverse internal training programs.
- Partially or fully paid additional training courses.
- All necessary work equipment.