IT&D Manager - Access Management
We are Reckitt
Information Technology & Digital
Working globally across functions, you'll own your projects and process from start to finish, with the influence and visibility to achieve what needs to be done. And if you're willing to bring your ideas to the table, you'll get the support and investment to make them happen.
Your potential will never be wasted. You'll get the space and support to take your development to the next level. Every day, there will be opportunities to learn from peers and leaders through working on exciting, varied projects with real impact. And because our work spans so many different businesses, from Research and Product Development to Sales, you'll keep learning exciting new approaches.
About the role
The IT&D Manager – Access Tower will be accountable for the end‑to‑end management, governance and delivery of Access Management services across Reckitt’s in‑scope applications.
The role will act as client‑side service manager, project manager and subject‑matter expert, overseeing third‑party delivery while ensuring Access Tower controls are operated effectively, consistently within 1LoD and in line with UK Corporate Governance Code requirements.
Your responsibilities
Overall Delivery, Governance and Project Management
- Own the end‑to‑end delivery of all Access Tower services in line with the agreed Statement of Work, operating model and timelines.
- Act as the primary Reckitt project manager and service lead, coordinating delivery across multiple sub‑services, applications and stakeholders.
- Develop and maintain integrated delivery plans, review calendars, milestones and dependencies across all Access Tower activities.
- Track delivery progress against plan, maintaining risks, issues and dependencies, and ensuring timely mitigation and escalation where required.
- Ensure delivery is aligned to approved SOPs, control definitions and methodologies.
Third‑Party Delivery Oversight and Vendor Management
- Act as the primary Reckitt point of contact for the third‑party provider delivering Access Tower services.
- Provide clear direction, prioritisation and oversight to third‑party resources to ensure alignment with Reckitt expectations and ways of working.
- Oversee third‑party performance against contractual scope, service commitments and agreed deliverables.
- Review, challenge and formally accept third‑party outputs, ensuring quality, consistency and audit‑readiness.
- Coordinate onboarding, knowledge transfer and ongoing enablement of third‑party resources.
Governance, Reporting and Budget Control
- Oversee service governance and establish clear escalation routes with Reckitt and third‑party stakeholders.
- Prepare, present and contribute to management reporting covering service status, risks, issues and budget‑to‑actuals.
- Monitor third‑party effort and cost against budget and forecast, supporting cost control and value‑for‑money outcomes.
- Support commercial governance activities, including scope clarifications, change requests and year‑end delivery assurance.
Access Management Controls – Design, Operation and Oversight
- Own oversight of all Access Management control activities across in‑scope applications, ensuring the effective design and operation of the following controls:
- User Access Reviews (UAR): Periodic confirmation that all users retain only the access required for their current role and responsibilities, and that leavers, movers and dormant access are identified and removed in a timely manner.
- Segregation of Duties (SOD) Reviews: Identification and assessment of conflicting system access that could allow inappropriate execution and concealment of transactions, ensuring that conflicting access is either removed or appropriately mitigated through approved controls.
- Sensitive Access Reviews: Oversight of access to roles or permissions that provide elevated business impact, ensuring such access is explicitly justified, approved and limited to individuals with a legitimate business need.
- Privileged User Access Reviews (PUAR): Independent validation that privileged, administrative and technical access (including generic and default accounts) is restricted, authorised, monitored and not used for business‑as‑usual activities.
- Ruleset Governance: Maintenance and periodic review of SOD and sensitive access rules to ensure risk definitions remain complete, current and aligned to the control framework and evolving business processes.
- Firefighter / Emergency Access Monitoring: Oversight of emergency access usage to ensure it is time‑bound, approved, logged, reviewed and not relied upon as a substitute for properly provisioned access.
The experience we're looking for
- Relevant degree qualification or equivalent professional experience in Technology Risk controls, or a related discipline.
- Strong, demonstrable experience in ITGC testing, operation and oversight, with deep understanding of access‑related controls across:
- User provisioning, modification and de‑provisioning
- Privileged and emergency access
- Segregation of Duties and Sensitive Access
- Proven experience performing or overseeing design and operating effectiveness testing (ToD / ToE) for ITGCs in a regulated environment.
- Ability to interpret control failures, identify root causes and drive remediation in collaboration with IT and business stakeholders.
- SAP Controls Expertise: hands‑on experience with SAP access controls, including
- SAP ECC / S4HANA access controls
- Roles, authorisations and profiles
- Privileged access and Firefighter usage
- Segregation of Duties frameworks and rulesets
- Experience applying Access Management and ITGC principles across Non‑SAP platforms, including Tier 1 and Tier 2 applications.
- Ability to adapt access control concepts (SOD, privileged access, sensitive access) to systems without native GRC tooling.
- Demonstrable understanding of IT General control and risk frameworks and how these are applied within large, complex IT environments.
- Working knowledge of IT General Controls, IT Application, Manual Dependent and Interface controls and UK Corporate Governance Code requirements, including how General IT Controls operate across applications, infrastructure, identity and access management, and supporting utility/platform tools.
- Hands‑on experience in IT controls testing and remediation, including assessing control design and operating effectiveness, supporting root‑cause analysis, and validating the sustainability and effectiveness of remediation actions. Ability to interpret and communicate analytics outputs clearly, translating testing results, trends, and control insights into meaningful information for IT, business, and assurance stakeholders.
- Strong team‑building and people leadership capabilities, with a collaborative and inclusive approach that supports both internal teams and third‑party partners.
The skills for success
What we offer
Equality
Job Segment:
Counseling, Nutrition, Healthcare