Senior Information Technology Auditor

About This Role

Firm Overview

Lunate is an Abu Dhabi-based, Partner-led, independent global alternative investment manager with more than 200 employees and $115 billion of assets under management. Lunate invests across the entire private markets spectrum including buyouts, growth equity, early and late-stage venture capital, private credit, real assets, and public equities and public credit. Lunate aims to be one of the world’s leading private markets solutions providers through SMAs and multi-asset class funds, seeking to generate best-in-class risk-adjusted returns for its clients.

Role Overview

Lunate Capital is seeking a seasoned Manager – Technology Audit & Technology Risk to provide independent assurance and expert challenge over technology, cyber, and emerging technology risks across the Group. The role will play a critical leadership position within Internal Audit, partnering closely with senior management, risk, compliance, and regulators to ensure technology risks are effectively identified, governed, and controlled in a complex, regulated asset management environment.

This role requires deep hands‑on expertise across IT General Controls, ERP assurance (Oracle Fusion), cyber and cloud risk, AI risk, and third‑party oversight, combined with the credibility to engage confidently with Boards, executive committees, and regulators.

Key Duties & Responsibilities

Technology Audit & Risk Leadership

• Lead and deliver complex technology audit and assurance engagements across applications, infrastructure, cloud, cyber security, data, and emerging technologies.
• Define audit scopes, risk assessments, testing strategies, and remediation approaches aligned to Lunate’s risk appetite and regulatory obligations.
• Provide technical leadership and quality oversight of internal and co‑sourced audit activities.

IT General Controls (ITGC)

• Design, test, and evaluate IT General Controls across access management, change management, IT operations, and system interfaces.
• Assess ITGCs across SOX and non‑SOX environments, including remediation of control deficiencies.
• Evaluate automated controls, configurations, and dependencies across core financial and investment systems.

Oracle Fusion ERP Assurance

• Lead assurance activities over Oracle Fusion ERP, including financial modules, integrations, automated controls, configuration settings, and data flows.
• Assess ERP‑related risks across financial reporting, segregation of duties, interface integrity, and end‑user computing.
• Support ERP transformation programmes with independent risk and control insights.

Cyber Security & Cloud Risk

• Assess cyber security and cloud risk across applications, infrastructure, identity, and data.
• Evaluate secure‑by‑design principles, cyber operating models, incident response capabilities, and resilience controls.
• Provide assurance over cloud architectures and shared responsibility models.

Emerging Technology & AI Risk

• Perform risk assessments over AI and agentic AI use cases, including governance, ethical use, model risk management, explainability, data quality, and control design.
• Advise on practical control frameworks for emerging technologies within regulated environments.

Third Party Risk Management (TPRM)

• Oversee assurance activities relating to critical third‑party technology vendors and outsourced service providers.
• Evaluate third‑party risk governance, contractual controls, SOC reports, and ongoing monitoring.
• Manage and challenge co‑sourced internal audit providers.

Regulatory & Stakeholder Engagement

• Engage confidently with senior executives, Boards, Audit Committees, and regulators.
• Translate complex technical risks into clear, business‑focused insights and actionable recommendations.
• Support regulatory interactions across FCA/PRA, DORA, ADGM, CMA, and other relevant authorities.

Qualifications & Experience

• 10–15 years’ experience leading technology audit, IT risk, or technology assurance within large financial institutions, asset managers, or Big 4 firms.
• Deep, hands‑on expertise in IT General Controls, including design, testing, and remediation.
• Proven experience auditing Oracle Fusion ERP in complex, regulated environments.
• Strong understanding of cyber security, cloud risk, and secure‑by‑design principles.
• Practical experience assessing AI and emerging technology risks.
• Extensive exposure to Third Party Risk Management.
• Strong knowledge of asset and wealth management business models, systems, and risks.
• Hands‑on experience with regulatory frameworks and standards including FCA/PRA, DORA, ADGM, CMA, ISO 27001, NIST, SOC 2, GDPR.
• Mandatory professional qualification (e.g. CISA, CISSP, CISM, CRMP, or equivalent).
• Significant international experience across the UK, US, Canada, Australia, EU, and/or UAE.