Halfords

IT Risk & Controls Analyst 

About us 

At Halfords, our mission is to inspire and support a lifetime of motoring and cycling. As a specialist retailer, we lead the market through customer-driven innovation and a distinct product range. We are dedicated to providing our customers with an integrated, unique, and convenient service experience, from e-bike and electric vehicle servicing to on-demand solutions. Our commitment is to foster customer loyalty by offering compelling reasons to keep coming back to our stores, ensuring a lifetime of motoring and cycling enjoyment. 

The teams at our Support Centre work with every other area of our business, putting them at the heart of the action and playing a key role in our success and growth. Everyone brings their individual knowledge and experience to work every day, working as one team to keep things moving smoothly. 

If you’re willing to get stuck in, you’ll love it here too. So put yourself at the heart of a dynamic, fast-paced working environment where expertise and focus take people far. 

The role 

As an IT Risk & Controls Analyst at Halfords, you will be responsible for designing and implementing the control environment around our existing legacy systems to ensure that we are ready to meet the Provision 29 deadline as of 31st March 2027. You will also be instrumental in shaping a stronger control environment for the future as part of our planned  ERP programme.  This position plays a key role in ensuring our IT and financial controls are robust, practical, and compliant. You’ll work for the Group Controls Manager as part of the wider Risk and Controls team, working closely with our external IT providers as well as supporting the external auditors through the audit process in a highly visible, business-wide role.   

This is not a pure second line IT controls position. The role is very hands on with an emphasis on working with the business to embed the controls across systems, cybersecurity governance, and wider material controls. The upcoming ERP rollout offers a rare opportunity to have a direct input into controls design from the outset. 

The role suits someone from a risk, audit or controls background, looking to step into a broader and more commercially connected environment. Strong stakeholder engagement, an autonomous approach, and the ability to understand frameworks such as SOX, COBIT, NIST or ISO27001 and embed practical controls are key. 

Key responsibilities 

• Lead the assessment and monitoring of IT General Controls across areas such as access management, change control, system operations, backups and recovery. 

• Support the design, testing and improvement of material IT and business controls in line with Provision 29 and internal control frameworks. 

• Work closely with external auditors, internal audit, and risk teams to provide assurance over the effectiveness of the control environment. 

• Identify control gaps, assess risk impact, and track remediation activities through to resolution. 

• Partner with process owners across IT and the wider business to strengthen and streamline control processes without hindering operations. 

• Contribute to risk assessments to prioritise key control activities across the organisation. 

• Support and influence control design as part of the upcoming ERP implementation and wider system improvements. 

• Maintain clear documentation of control processes, testing outcomes, and risk assessments for audit and governance purposes. 

• Build strong cross-functional relationships to promote control awareness and best practice across the business. 

About you  

• Experience in IT audit, IT risk, cybersecurity governance, or internal controls within a complex business or practice environment. 

• Strong working knowledge of control frameworks such as SOX, COBIT, NIST, ISO 27001 and wider governance standards. 

• Comfortable assessing, testing and improving IT and material business controls with a risk-focused mindset. 

• Confident working with auditors, risk teams and senior stakeholders across both technical and non-technical functions. 

• Analytical and detail-focused, with the ability to interpret complex information and translate it into practical improvements. 

• Proactive and autonomous, able to plan work independently and drive actions through to completion. 

• Clear communicator who can explain control concepts in a straightforward way to a wide range of stakeholders. 

• Motivated by the opportunity to influence large-scale change, including ERP implementation and legacy system improvement. 

Reward & benefits  

• A fair and competitive salary evaluated against market data, annual discretionary bonus scheme, pension, life assurance, 25 days annual leave plus bank holidays and enhanced family leave. 

• Commitment and dedication to your ongoing personal and professional development. We help you to own and grow your potential so you can be at your best in your current role and to support your future career aspirations. 

• We offer hybrid working with a blend of working in our Support Centre and from home.   

• You will have access to a wealth of employee discounts across the Halfords suite of products and services.  

• Wellbeing and inclusion are at the heart of our colleague experience. We offer resources and ongoing support to enhance your wellbeing at work and active Colleague Networks supporting inclusion initiatives across Halfords. 

Not sure you meet all the criteria? We'd encourage you to take the wheel and apply anyway! At Halfords we are committed to creating an inclusive workplace for our colleagues. We're an equal opportunities employer and proud to welcome applications from all backgrounds and embrace diversity within our one Halfords Family. 

Halfords operates a Hybrid working policy with this position bring based 2 days per week at our Support Centre in Redditch, West Midlands.