Control Tester - 82957

Role Title: Control Tester

Line of Business: Procurement

Duration: 1 year (possibility of extension or conversion)

Location: Hybrid - 3 days in office (Downtown Toronto)

High level team overview: This role is with the Procurement team and consists in Monitoring & Testing Controls.

Team culture: Collaborative environment

Team Size: 16 to 17 people

Selling points: Great team to work with - collaborative. Work together to get to the end goal. Interesting work - testing across multiple teams within Procurement.

Main Responsibilities:

Monitoring & testing related to the control environment.

Purpose

The Intermediate Control Tester helps maintain and strengthen an effective internal control framework within the Procurement Line of Business-Global Third Party Risk Management, Sourcing, Supplier Relationship Management, Procurement Operations, and Accounts Payable-by performing quarterly PRC (Process, Risk, Controls) monitoring and testing. The role combines a risk-based IT audit approach aligned to the CISA job practice domains with project management discipline to ensure controls are well designed, operating effectively, and reported on reliably.

Responsibilities

• Perform design and operating effectiveness testing of Procurement controls in accordance with the Monitoring & Testing Handbook; identify testing populations and select statistically sound samples; document procedures, evidence, and conclusions.
• Conduct control walkthroughs with stakeholders across Procurement functions to validate process understanding and control design; review internal operating procedures for alignment with control objectives.
• Apply risk-based audit planning and execution, including sampling methodology, audit evidence collection techniques, audit data analytics, and clear reporting and communication of results to stakeholders.
• Test IT Automated controls and project management related controls
• Assess IT-related control dependencies (e.g., IT governance, vendor/third-party management, data governance and classification) that impact Procurement controls and third-party risk oversight.
• Execute risk-based IT testing, including general IT controls, application controls, and cybersecurity assessments, across on-premise and cloud environments.
• Evaluate data management practices, including data classification, protection, privacy controls, and overall data lifecycle management to safeguard sensitive information
• Plan and manage testing activities, schedules, and deliverables using PMP domain practices-People, Process, Business Environment-including stakeholder engagement, communications, risk management, and benefits/value alignment.
• Assist the Senior Manager with periodic reporting, governance meeting materials, and status updates, ensuring clarity of results, remediation actions, and timelines.
• Support consistency, transparency, and accuracy of the internal control governance framework across Procurement; identify emerging issues and recommend enhancements to controls and testing approaches.
• Contribute input to operational programs supporting risk/control frameworks (e.g., COSO/COBIT/SOX methods and testing standards).

Competencies

• Risk-based audit planning and execution, including audit standards, sampling methodology, and evidence collection; quality assurance of audit process.
• IT governance and vendor/third-party management understanding to evaluate control effectiveness across IT automated controls
• People domain: stakeholder engagement, team leadership, conflict management, and communication.
• Process domain: planning and managing scope, schedule, quality, risks, procurement, and change to deliver testing outcomes with urgency and value.
• Business Environment domain: alignment to compliance, benefits/value realization, and responsiveness to external changes impacting Procurement controls.

Must Have

• Post-secondary degree in Business, Finance, Accounting, Information Systems, or related field; 3+ years of relevant experience (internal controls testing, risk management, preferably audit, or compliance).
• Strong analytical, sampling, and audit data analytics skills; excellent written and verbal communication; influence and collaboration skills across cross-functional teams; ability to manage ambiguity in a dynamic environment.
• Data-driven decision-making capabilities.

Nice to Have

• Working knowledge of risk policy and control frameworks (e.g., SOX 404, COSO, COBIT) and banking/regulatory environments.
• Financial Industry experience

Interview Process: In person - Min 1 round, max 2 - Hiring manager & Director (Maybe 1 additional - Sr Manager). Duration 30 mins.