Senior IT Auditor to support ongoing audits within cybersecurity, IT GC controls, application audits, payments security audits with one of our major banki

Senior IT Auditor to support ongoing audits within cybersecurity, IT GC controls, application audits, payments security audits with one of our major banking clients- 38582

Location Address: Hybrid - Toronto - 3 days in office Tue, Thu + 1 day of their choosing Subject to change: 3-4 days onsite may be required based on business needs

Contract Duration: 5 months

Schedule Hours: 9am-5pm Monday-Friday; standard 37.5 hrs/week

Reason: To augment capacity and meet committed deliverables

Story Behind the Need

Business group: IT and Cyber Security Audit - team partners with other audit groups to execute integrated audits and leads and develops their own audits which are technology focused.

Project: To support ongoing audits - could be deployed on any planned projects, cybersecurity, IT GC controls, application audits, payments security audits

Candidate Value Proposition:

The successful candidate will have the opportunity to continue gaining experience and insight into the IT and cyber auditing field within one of the top banks by contributing to the overall success of the Audit Function.

Typical Day in Role:

• Execute assigned audit activities independently as a team member under the direction of the Officer-In-Charge (OIC) or Audit Principal. This includes completion of audit testing, discussions with management and documentation of work performed.
• Executes, plans, and reports on the assigned audit projects. Obtains a thorough understanding of the business/unit/process and associated risks, develops a risk-based audit plan/procedures, and schedules timing and resources.
• Delivers end-to-end process of the execution of the audit, and ensures nature and extent of testing is appropriate to support the objective, scope and overall opinion. Completes timely review of workpapers, ensures internal control weaknesses are clearly documented with recommendations addressing the root cause and are timely communicated to management.
• Ensures audit results are gathered, determine the root cause of the problem and the associated impact and report accordingly. Review/edit reports and summarize issues. Present an overview of the audit results and findings to line management.
• Ensures audit reports are written to a consistent high standard and are finalized within established department metrics.
• Execute agreed upon procedures for specific projects or investigations of a low to moderate complexity and/or confidential nature. May assist other audit staff in more complex projects that Audit may be requested to perform. Plan, document and seek agreement in advance to the project approach and confirm conclusions upon completion in writing.
• Act primarily as Team Participant or in some cases act as OIC on assignments of low to medium complexity for assigned projects, processes and units.
• Ensure Scotiabank standards and the Institute of Internal Auditors (IIA) Code of Ethics are maintained in completion of all assignments.
• Manage self-development by confirming/communicating job expectations, identifying mentors/coaches and enquiring about training needs, ensuring timely completion of performance appraisals and manages assigned staff.

Candidate Requirements/Must Have Skills:

1) 10+ years of hands-on IT applications and IT general controls auditing experience (ITGC), SOX testing, application controls, data, third-party, technology controls, Project audits

2) CISA certification

3) Practical and hands-on experience with processes, risks, and controls in the following domains: Software Development Life Cycle, IT Change Management, Release Management, data protection, cybersecurity, identity and access management.

4) 8+ years’ experience applying risk-based auditing standards, practices, techniques, processes and methodologies to the performance and review of audits.

5) 5+ years’ hands-on experience in executing audits in heavily regulated and highly matrixed environments (e.g banking, financial services, telecom, insurance)

Nice-To-Have Skills:

1) FI experience

2) Big 4 accounting firms experience (PwC, EY, KPMG, Deloitte)

Education:

• Bachelor’s degree in IT, business, accounting, related discipline, or equivalent education/experience.

• CISA required

• CRISC/CPA an asset

Best VS. Average Candidate:

Ideal candidate has worked in big 4 in the past and has good hands-on testing experience with ITGC (IT General controls) testing experience, SOX control testing experience; someone who understands risk-based auditing

Candidate Review & Selection

1 panel interview - MS Teams Video- with HM + 2 peers - 45 minutes

Hiring Manager’s availability to interview: ASAP