Senior Information Technology Auditor

Job Description

Firm Overview

Lunate aims to be one of the world's leading private markets solutions providers through SMAs and multi-asset class funds, seeking to generate best-in-class risk-adjusted returns for its clients.

Role Overview

Lunate Capital is seeking a seasoned Manager – Technology Audit & Technology Risk to provide independent assurance and expert challenge over technology, cyber, and emerging technology risks across the Group. The role will play a critical leadership position within Internal Audit, partnering closely with senior management, risk, compliance, and regulators to ensure technology risks are effectively identified, governed, and controlled in a complex, regulated asset management environment.

This role requires deep hands‑on expertise across IT General Controls, ERP assurance (Oracle Fusion), cyber and cloud risk, AI risk, and third‑party oversight, combined with the credibility to engage confidently with Boards, executive committees, and regulators.

Key Duties & Responsibilities

• Lead and deliver complex technology audit and assurance engagements across applications, infrastructure, cloud, cyber security, data, and emerging technologies.
• Define audit scopes, risk assessments, testing strategies, and remediation approaches aligned to Lunate's risk appetite and regulatory obligations.
• Provide technical leadership and quality oversight of internal and co‑sourced audit activities.

• Design, test, and evaluate IT General Controls across access management, change management, IT operations, and system interfaces.
• Assess ITGCs across SOX and non‑SOX environments, including remediation of control deficiencies.
• Evaluate automated controls, configurations, and dependencies across core financial and investment systems.

• Lead assurance activities over Oracle Fusion ERP, including financial modules, integrations, automated controls, configuration settings, and data flows.
• Assess ERP‑related risks across financial reporting, segregation of duties, interface integrity, and end‑user computing.
• Support ERP transformation programmes with independent risk and control insights.

• Assess cyber security and cloud risk across applications, infrastructure, identity, and data.
• Evaluate secure‑by‑design principles, cyber operating models, incident response capabilities, and resilience controls.
• Provide assurance over cloud architectures and shared responsibility models.

• Perform risk assessments over AI and agentic AI use cases, including governance, ethical use, model risk management, explainability, data quality, and control design.
• Advise on practical control frameworks for emerging technologies within regulated environments.

• Oversee assurance activities relating to critical third‑party technology vendors and outsourced service providers.
• Evaluate third‑party risk governance, contractual controls, SOC reports, and ongoing monitoring.
• Manage and challenge co‑sourced internal audit providers.

• Engage confidently with senior executives, Boards, Audit Committees, and regulators.
• Translate complex technical risks into clear, business‑focused insights and actionable recommendations.
• Support regulatory interactions across FCA/PRA, DORA, ADGM, CMA, and other relevant authorities.

• 10–15 years experience leading technology audit, IT risk, or technology assurance within large financial institutions, asset managers, or Big 4 firms.
• Deep, hands‑on expertise in IT General Controls, including design, testing, and remediation.
• Proven experience auditing Oracle Fusion ERP in complex, regulated environments.
• Strong understanding of cyber security, cloud risk, and secure‑by‑design principles.
• Practical experience assessing AI and emerging technology risks.
• Extensive exposure to Third Party Risk Management.
• Strong knowledge of asset and wealth management business models, systems, and risks.
• Hands‑on experience with regulatory frameworks and standards including FCA/PRA, DORA, ADGM, CMA, ISO 27001, NIST, SOC 2, GDPR.
• Mandatory professional qualification (e.g. CISA, CISSP, CISM, CRMP, or equivalent).
• Significant international experience across the UK, US, Canada, Australia, EU, and/or UAE.