Head of IT Internal Audit

We’re looking for a Head of IT Internal Audit. 

The Head of IT Internal Audit is a senior leadership role responsible for providing independent, objective assurance over the organization’s technology, cybersecurity, data governance, and IT‑enabled business processes. The role oversees the end‑to‑end lifecycle of IT audits including risk assessment, planning, execution, reporting, and stakeholder communication while also contributing to the organization’s SOX IT General Controls (ITGC) compliance program.

This leader plays a critical role in shaping the technology‑focused audit strategy, identifying emerging tech and cyber risks, mentoring audit professionals, and maintaining strong relationships with executive management, IT leadership, and external auditors.

This position is a hybrid role, and can be based in the United States, Bermuda or United Kingdom. The Head of IT Internal Audit reports to the Chief Audit Officer.

What you will do

Audit Leadership & Execution

Lead and oversee risk‑based IT internal audits covering infrastructure, applications, cybersecurity, data governance, technology operations, business‑continuity processes, and IT‑enabled business areas.

Independently manage the planning, fieldwork, and reporting phases of IT audits, ensuring high‑quality, well‑supported audit results and insights.

Develop and maintain the annual IT audit risk assessment and multi‑year audit plan.

Prepare clear, concise audit reports and present results to Senior Management and the Audit Committee.

SOX IT General Controls (ITGC) Program

Lead the planning, testing, and evaluation of SOX‑related ITGCs (e.g., access management, change management, computer operations).

Coordinate with external auditors to align on scope, testing approaches, and remediation expectations.

Partner with management to assess deficiencies, validate remediation, and strengthen the control environment.

People Leadership & Team Development

Provide coaching, mentoring, and developmental opportunities to audit team members.

Set performance standards, conduct performance assessments, and promote a culture of learning, curiosity, and professional growth.

Lead teams in a manner that embodies objectivity, independence, collaboration, and continuous improvement.

Project & Issue Management

Manage multiple, concurrent audit engagements and technology‑related special projects.

Oversee audit issue tracking, ensuring timely validation and closure of management action plans.

Apply strong project‑management discipline to ensure audits are delivered on time and within scope.

Stakeholder & Relationship Management

Engage with senior IT, cybersecurity, data governance, and business leaders to understand evolving risks, major initiatives, and technology roadmaps.

Maintain strong partnerships with external auditors, regulators (where applicable), and risk/compliance functions.

Serve as a trusted advisor while maintaining internal audit’s independence and objectivity.

Emerging Technology & Risk Awareness

Monitor developments in emerging technologies, including cloud, AI, data privacy, cyber threats, and digital transformation, and integrate these into the audit plan and risk assessment process.

Provide thought leadership on risk themes related to AI, data protection, and evolving global privacy regulations.

Conduct Standards

You must act with integrity

You must act with due skill, care and diligence

You must be open and cooperative with the CBI, FCA, the PRA and other regulators

You must pay due regard to the interests of customers and treat them fairly

You must observe proper standards of market conduct

You must act to deliver good outcomes for retail customers

What you require for the role

Skills & Competencies

Strong analytical and critical‑thinking skills with the ability to evaluate complex technological environments.

Excellent communication skills, including the ability to present to executive leadership and Audit Committees.

Ability to influence and build effective relationships while preserving audit independence.

High integrity, sound judgment, and a commitment to professional skepticism.

Curiosity and passion for understanding emerging technology, cyber, and AI‑related risks.

Proven organizational and project‑management skills.

Experience Requirements

15+ years of combined internal audit, external audit, IT audit, cybersecurity, or technology risk experience.

Deep understanding of ITGCs, cybersecurity risk frameworks (NIST, ISO, COBIT), and IT governance practices.

Demonstrated experience leading teams and managing complex audit portfolios.

Experience working in a regulated industry (insurance, financial services, or similar) preferred.

Education & Certifications

Bachelor’s degree in Information Systems, Computer Science, Accounting, Finance, Engineering, or related discipline.

Professional certifications are strongly preferred:

Certified Information Security Auditor (CISA), Certified Data Protection Professional (CDPP), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), or equivalent.

CPA, Chartered Accountant, or equivalent (a plus).

What you can expect from us

At Hamilton, we offer a vibrant, entrepreneurial and collaborative workplace shaped by our values: Be Smart, Be Sensible, Be Open and Be More.

Our employees consistently say they would recommend Hamilton as a great place to work — a testament to the inclusive, supportive, and empowering culture we’ve built together. We embrace individuality, value diverse perspectives, and recognise the unique contribution each person makes to our continued success.

Hamilton offers a competitive salary with an annual performance-based target bonus and a comprehensive benefits package, to include:

Hybrid working

Matching 401K plan

Medical, dental, vision, life, disability

Generous time off (including parental leave)

Continued support for professional development

Gym subsidy

My day (additional days leave for personal interests/wellness/charity work)

In good company.

Hamilton (NYSE: HG) underwrites specialty insurance and reinsurance risks on a global basis through its wholly owned subsidiaries. Its three underwriting platforms: Hamilton Global Specialty, Hamilton Select and Hamilton Re, each with dedicated and experienced leadership, provide access to diversified and profitable business around the world.

Headquartered in Bermuda, Hamilton has over 600 employees with key underwriting operations in London, Bermuda, the US and Dublin. We work collaboratively, we share a passion for the service and results we deliver, and we know that what we do each day is meaningful – to our customers and our business. We believe we are ‘In good company.’ with everyone we interact with.