IT Risk & Internal Controls Assistant Manager

Location:

Amsterdam – Nederland, Netherlands

Salary:

Competitive

Type:

Permanent

Main Industry:

Search Management & Executive Jobs

Other Industries & Skills:

Information Technology

Advertiser:

CRH

Job ID:

131648862

Posted On:

04 March 2025

 

Country:
Netherlands 

City: 
Amsterdam 
Req ID: 
#

About CRH

We are CRH, and we are committed to contributing to a more resilient and sustainable built environment. We understand the wider impact our businesses can make in supporting human activity. We continue to do this through the delivery of unique, superior building materials and products for use in road and critical utility infrastructure, commercial building projects and outdoor living solutions.

CRH (NYSE: CRH, LSE: CRH) is the leading provider of building materials solutions that build, connect and improve our world. Employing c.78,500 people at c.3,390 operating locations in 28 countries, CRH has market leadership positions in both North America and Europe. As the essential partner for transportation and critical utility infrastructure projects, complex non-residential construction and outdoor living solutions, CRH’s unique offering of materials, products and value-added services helps to deliver a more resilient and sustainable built environment. The company is ranked among sector leaders by Environmental, Social and Governance (ESG) rating agencies. A Fortune 500 company, CRH’s shares are listed on the NYSE and LSE.

Without you noticing our products, we are everywhere you live, work, and relax.

Our project portfolio includes some of the most sustainable and cutting-edge building projects around the world. Think of the asphalt on the Silverstone Grand Prix Circuit, the Paris Metro Rail project, but also the Louis Vuitton Museum in Paris, parts of the Burj Khalifa, and the Kennedy Space Centre.

Learn more about us through the following Link.

Position Overview

The CRH International Risk & Internal Controls team is looking to hire an IT R&IC assistant manager to support delivery of its expanding objectives, and to help support and deliver a suite of ambitious strategic improvement programs in 2025 and beyond. The purpose of the role is to support the IT leaders with the provision of IT subject matter expertise on risk and internal control related matters within and across our CRH International businesses, supporting key stakeholders with divisional-level governance and oversight. A successful candidate will collaborate with the division’s businesses and provide proactive, practical support to enable management to identify and understand the risks they are exposed to and to ensure these risks are properly managed and mitigated by an integrated internal controls framework.

This role will play a central part in the execution and delivery of strategic objectives associated with each of International R&IC’s key pillars, namely:

-Business & Process Reviews – Partnering with operating entities to deliver business critical IT control enhancements in 2025/26, namely, to deploy a baseline IT framework across our division and promote evolving best practice in relation to internal controls, governance, cybersecurity and risk mitigation
-Acquisition Integration & Divestment Separation – Supporting with the identification and mitigation of key IT risks at acquisition due diligence phase and supporting with the design and implementation of our internal control frameworks as part of post-acquisition integration
-Risk Management & Control – Supporting divisional IT stakeholders with strategic guidance and enablers to implement robust governance practices across our division and drive a focus on driving proactive risk identification, mitigation and management
-SOx 302 and 404 compliance – Support with maintaining ongoing Sarbanes Oxley compliance program across the CRH International division and working as part of the central IT R&IC team to identify ongoing opportunities for controls standardisation, automation, and rationalisation. The successful candidate will play a role in a number of key strategic priorities outlined below.
 

Key Tasks & Responsibilities

Baseline Tier 3 IT Control Framework

-Conduct risk assessments to assess the maturity of the business’s ITGC frameworks, and support divisional R&IC leads with the delivery of robust gap assessments to a standardised, central IT baseline framework, identifying potential vulnerabilities and gaps in their processes and IT controls
-Collaborate with divisional R&IC leads and process owners to coordinate remediation plans for identified deficiencies. Track remediation plans to completion
-Provide operational-level governance on the IT Framework rollout activities, control assessment results and identified issues and risks. Lead day-to-day coordination of framework deployment activities across 100+ IT control environments within our division
-Educate and support smaller operating companies on our evolving IT and security controls, policies, procedures, and best practices.

Divisional level Support for Republic Cement and Leviat

-Maintain oversight of our Leviat and Republic Cement Tier 2 IT control frameworks, supporting local management with the timely identification and resolution of IT controls issues, including SOx deficiencies where applicable
-During the annual external audit cycle, provide Senior Management with clear overview of progress emerging observations, resolution plans and highlight significant issues
-Work closely with local IT management to monitor and report on the progress of remediation and closure of open audit findings resulting from SOx or IAP audits.
 

Onboarding of IT controls into SOFY

-Lead the day-to-day operational planning, setup and deployment of the IT control framework structure in SOFY, which is one of the strategic priorities for CRH International R&IC function in 2025
-Support the division’s operating entities with the onboarding of their IT controls into SOFY, ensuring the right controls are deployed for each operating entity with the correct approval flows and frequency patterns
-Provide hands-on subject matter expertise with a focus on identifying and delivering functional improvements to the IT SOFY controls frameworks on a go-forward basis.
 

Acquisition Integration Support

-Support the wider R&IC team in identifying IT compliance, security and operational risk “red flags”, and associated mitigation strategies, at due diligence phase of certain target acquisitions
-Collaborate in an agile manner with various CRH stakeholders in the due diligence process
-As part of the post-acquisition implementation phase, partner extensively with local senior management to assess, design and implement our standard internal IT control framework.
 

Key Functional Competencies

You possess the following:

-Demonstrated knowledge of IT risk governance and internal controls requirements
-Stakeholder focus: Ability to operate effectively at multiple levels, understanding and explaining the big picture to senior stakeholders in a business manner whilst articulating a level of technical detail to IT teams
-Confident and capable to participate in, and lead where necessary, multi-stakeholder meetings, supporting discussions to drive the right outcome
-Ability to quickly understand the business and forge trusting and effective working relationships with all stakeholders
-Persuade and motivate others by collaboration and cooperation, ability to communicate and interact with staff at all levels, from all cultural backgrounds
-Ability to proactively communicate observations and other feedback in an open, collaborative honest and constructive manner
-Ability to efficiently manage workload, understand sense of priority / urgency and go the extra mile to deliver results
-Performance-Driven: Lays down measurable results, plans activities and adjusts the working method if necessary
-Manages Complexity: Has the ability to analyse complex, high quantity, and sometimes contradictory information to effectively solve problems
 

Individual Competencies

You are able to:

-Drive Results – Consistently achieving objectives, even under tough circumstances, pushing self and others to accomplish goals
-Cultivate Innovation – Embraces change and drives improvement and innovation
-Self-motivated, highly enthusiastic, and able to thrive in a fast paced, dynamic, and commercial environment
-Collaborative – Building partnerships and working collaboratively with others to meet shared objectives
-Critical thinking: apply process analysis and bring fresh perspectives to solve business problems
-Make Quality Decisions – Making good and timely decisions that keep the organisation moving forward.
 

Experience / Education

You are/have:

-5+ years post qualified experience
-Internal or external IT Audit function or other relevant IT risk and controls experience
-Relevant SOx, enterprise risk management, and controls experience, preferably in a Global organization
-Experience performing risk assessments and understanding risk assessment reviews and audit reports
-Experience / knowledge of SOC reporting requirements with US GAAP experience advantageous but not required.
 

Other (Key) Dimensions

Team Structure

This role is in the integrated CRH International Risk & Internal Controls team, reporting to the function head and ultimately to the CRH International CFO. The team consists currently of 7 FTEs.

Key stakeholders:

-Executive Management (International and Global Leadership & Finance Leadership Teams)
-Group Enterprise Risk Management
-SOX Steering Committee
-Risk and Internal Control Governance Committee
-Local Risk & Internal Control management across some Operating companies
-Divisional Management IT and Finance Directors
-Local, Division and other Group IT teams
-Internal and External Audit
-Europe IT and Group Information Security
-Group Legal & C

To help us track our recruitment effort, please indicate in your email/cover letter where (vacanciesin.eu) you saw this job posting.