Purpose

As the Regional IT Control Manager (RITCM) within the EMEA region, you are responsible for overseeing and managing information technology controls and control compliance. This role involves ensuring that IT systems, processes, and practices align with regulatory requirements, industry standards, and internal policies to safeguard the organization’s information assets.

Knowledge, education, skills and experience

-    Bachelor’s degree in Information Technology, Computer Science, or a related field.
-    Advanced degrees and certifications (e.g., CISA, CISSP, CISM or Dutch (register) equivalents are preferred.
-    Several years of experience in IT compliance, risk management, or audit roles, with a multinational region or global/international focus and responsibility area.
-    Strong understanding of multinational region and global IT control requirements.
-    Experience with (IT) Control model frameworks and management systems.
-    Strong interest in current IT developments.
-    Excellent analytical and problem-solving skills.
-    Effective communication and interpersonal skills.
-    Ability to lead and manage cross-functional teams.
-    Detail-oriented with a strong commitment to accuracy and compliance.

Areas of Responsibility

-    Act as a first point of contact for the Viterra SOX implementation Program toward local / regional management and Group Internal Control.
-    Steer and coordinate local activities in relation to the program, ensure that Local / regional Management and Service provider works effectively and efficiently.
-    Facilitate and hands-on enable the changes with local management from content point of view; and ensure timely delivery.
-    Update and provide inputs on local context/content to global functions.
-    Attend on meetings as required by the different phases of the SOX Program.
-    Supervise and evaluate the performance of involved teams.
-    Via ongoing review of deliverables, ensure completeness and quality.
-    Provide ongoing training & awareness to involved stakeholders, process owners and control owners.
-    Assist, advise and track remediation of control deficiencies following agreed timeline. (including open Internal Audit / External Audit findings)
-    Monitor and ensure compliance with regional and international IT control requirements, standards, and best practices.
-    Stay up to date with evolving IT compliance requirements and adjust policies and procedures accordingly.
-    Conduct risk assessments to identify potential IT security and compliance risks within the region.
-    Develop strategies to mitigate identified risks and implement necessary controls.
-    Develop, update, and maintain IT control policies and procedures that align with legal and regulatory requirements.
-    Enforce IT control policies across the region and ensure awareness among employees.
-    Coordinate and participate in internal and external IT audits.
-    Collaborate with audit teams to address findings and implement corrective actions.
-    Collaborate with IT teams, legal departments, and external partners to address control and compliance related issues.
-    Guide and oversee the Regional Risk and Control Analyst function (RCA’s).
-    Pro-actively review incident response plans for IT security breaches or compliance violations.
-    Support incident response activities within the region.
-    Provide IT control training and awareness programs to employees within the region.
-    Promote a culture of security and compliance among staff members.
-    Assess IT controls of third-party vendors and service providers operating within the region.
-    Ensure vendor compliance with contractual and regulatory obligations.
-    Oversee data protection and privacy initiatives, ensuring compliance with data protection laws (e.g., GDPR, CCPA).
-    Prepare and maintain documentation related to IT controls, compliance assessments, and audit reports.
-    Monitor control tests of design and operating effectiveness as performed in the IT teams or by the RCAs (self-assessments) and perform control tests of operating effectiveness on monitoring controls performed by the RCAs.
-    Generate periodic reports for senior management and stakeholders.

Areas of Accountability

-    Directly responsible for: Work collaboratively with IT- and SOx program leadership to ensure policies, standards and procedures are adhered to, best practices are being utilized and innovations are being shared.

-    Accountable for: ensuring that the organization's IT systems, processes and practices remain compliant and secure, facilitating the reduction of risk of data breaches, financial penalties, and damage to the organization's reputation.
-    Active contribution and dedication to the local implementation of the Viterra SOX Framework (considering local regulatory requirements and specifics), ensure availability and competency.
-    Ongoing review of quality provided by Service Provider as part of the SOX implementation program.
-    Stakeholder management.
-    Reporting to Local Management and Group Internal Control on the overall progress of the SOX implementation program.
-    Once the SOX implementation program dissolves, ongoing maintenance of the local framework, including change management and control assessment.


Personal competences

-    Service orientated, pro-active and responsible in attitude and actions.
-    Able to act independently, (self) structuring and organizing ability.
-    Organizational skills.
-    Problem solving mind-set.
-    Control focus.
-    Working and communicating together to achieve more.
-    Strong analytical skills.
-    Attention to detail.
-    Time management.
-    Hands on, getting things done mentality.
-    Able to effectively liaise with stakeholders to realize the IT Control and SOx program goals.
-    Project skills: Flexible to open to develop and adapt ongoing, certain degree of resilience.
-    Co-operative: working together towards the same program goal.
-    Supportive where needed.
-    Communicating to solve any concerns effectively and timely.
-    Precise: first time right delivery, checking twice before delivering/ sending out.
-    Structured in organizing yourself, preparing meetings, consistent in following up on actions out of the meetings.
-    Available 3 p/week at the office.
-    Ability to translate any observations/ patterns/ issues out of periodic meetings into opportunities for improvements broader, recognizing the pattern and solving in a structural approach on mid-long term.