Skip to main content


BAT is evolving at pace - truly like no other organisation.

To achieve the ambition, we have set for ourselves, we are looking for colleagues who are ready to live our ethos every day. Come be a part of this journey!


JOB TITLE: Access Management & Compliance Analyst

FUNCTION: DBS (Digital Business Solutions)


CITY & COUNTRY: Selangor, Malaysia


What are the key objectives and expectations from this role?  

The Access Management & Compliance Analyst is responsible for  managing the processes, interfaces and compliance controls related to Identity and Access Management as part of the Joiner, Mover, Leaver (JML) Service Line and tosupport Access Controls of various systems and hosting platform to comply to defined BAT IT Security Controls (ITGC) controls as well as SOx (Sarbane Oxley Act) control operations and audit testing activities.

Reports to

Compliance Manager (Global Technology Services)

Number of Direct Reports

N/A, to manage outsourced service providers

Core Relationships

Internal -

  • Peer group and internal customers across IDT Services
  • Audit and compliance groups
  • Service Architecture

External -

  • 3rd Party Vendors –supplier relationships focused on operational / project activities.

Geographic Scope 


Travel Required

0% (project demand could provide opportunity to travel as per business requirements)


  • Deliver to day-to-day work streams related to IT SOx compliance across application/infrastructure IT controls.
  • Monitor, track and review performances of centrally operated IT controls under Compliance Operations. Performances and action plans to be reported to Compliance Manager on a regular basis.
  • Collaborate and handle compliance discussions with IT System owners, and Internal/External Control Operators to ensure quality, consistency, and operability of new and existing controls.
  • Produce structured and insightful analysis of where to remediate areas of non-compliance to the various existing control frameworks in place within BAT; Work with service owners and 3rd party vendors to resolve remediations until closure.
  • Participation in SOx Design Effectiveness (DE) and Operational Effectiveness (OE) testing of centrally operated SOx and IT General Controls (ITGC).
  • Lead and track audit change request, and standard control operation queries with BCT Auditors and DBS Risk and Compliance Team.
  • Facilitate and drive discussions on new system onboarding and offboarding for centrally operated SOx and ITGC
  • Manage operations repository and evergreening of compliance operations documentation (Sox evidence, Standard Operating Procedures (SOP), work instructions, reconciliation reports etc)
  • Participate and/or drive Continuous Improvement initiatives and projects pertaining to Access Management controls.
  • Work closely with HR and GBS HR to support the JML service model and the necessary governance for JML, aligned with agreed global, standardised IT Service Management processes.



Experience Required

  • Degree Educated, 6-8 years post graduate work experience in an IT Services environment and /or business facing IT role.
  • More than 3 years experience in audit and compliance specially in the domain of Access Management control execution and testing
  • Experience in large global organisation using in-sourced and out-sourced IT service providers, and a solid grasp of the management of global applications services
  • Well-versed in handling IT controls or any access compliance experience.
  • Resourceful, able to work independently and possess good communication skills
  • Process oriented and hands on with high level of attention to details and accuracy.

Technical / Functional / Leadership Skills Required

  • Proficient in data analysis and reporting on MS Excel
  • Good IAM (Identity and Access Management) knowledge on Active Directory, MIM and Azure AD
  • Good understanding on Application or Infrastructure compliance for a large corporation.
  • Strong knowledge of ITIL best practice IT Service Management with experience in ServiceNow


  • CISA (Certified Information Systems Auditor)/ ITIL certification
  • Operations experience in handling SOx Controls


At BAT we are committed to our Purpose of creating A Better Tomorrow. This is what drives our people and our passion for innovation. See what is possible for you at BAT.

  • Global Top Employer with 53,000 BAT people across more than 180 markets
  • Brands sold in over 200 markets, made in 44 factories in 42 countries
  • Newly established Tech Hubs building world-class capabilities for innovation in 4 strategic locations
  • Diversity leader in the Financial Times and International Women’s Day Best Practice winner
  • Seal Award winner – one of 50 most sustainable companies


Collaboration, diversity and teamwork underpin everything we do here at BAT. We know that collaborating with colleagues from different backgrounds is what makes us stronger and best prepared to meet our business goals. Come bring your difference!


BAT is evolving at pace
truly like no other organisation

You’ll paint the picture of
A Better Tomorrow with us

Apply today and you can help us become carbon neutral by 2030