Reporting to the Director of Internal Audit, the Senior Manager of Internal Audit is responsible for developing, leading and reviewing both consulting and assurance engagements, as well as evaluating the effectiveness of processes and controls primarily in IT, but also within Finance and other significant business units with respect to the ICFR programs in accordance with National Instrument 52-109 ( NI 52-109) and the Sarbanes-Oxley Act of 2002 ( SOX ).
Duties and Responsibilities
- Conduct testing of design and operating effectiveness of Information Technology General Controls (ITGC) and Information Technology Application Controls (ITAC) to support SOX Section 404 and NI 52-109 assessments of compliance including, reporting of audit results and issues, partner with business process owners to determine appropriate remediation plans and coordinate the remediation and closing of all identified control gaps and reporting the results of the evaluation directly to the Audit Committee and SLT.
- Support, execute, lead or oversee financial, operational or compliance audits using a risk-based methodology, including the incorporation of data & analytic procedures where relevant.
- Conduct comprehensive assessments of the management, operational, and technical security controls of information systems.
Understanding vulnerabilities in systems and propose effective countermeasures.
- Deliver IT Risk Assessments as well as IT Governance, Cloud, Cyber, Project and IT Operational audits.
- Provide and support the implementation of business solutions by building relationships with key stakeholders, identifying business needs and monitoring the progress and adequacy of management’s actions.
- Use project management tools to monitor, validate and report on the implementation status of management action plans resulting from control assessments, and operational audit engagements.
- Contributing to other internal audit function initiatives as assigned which may include Audit Committee and SLT reporting, risk assessments, investigations, quarterly and annual certifications and / or other ad-hoc requests.
- Assist in planning, assigning, and supervising the daily activity and work of other auditors, including the execution of review procedures on audit deliverables.
- Teach, train and coach internal audit staff, and related business stakeholders.
- As part of the Integrated Audit process effectively communicate and coordinate the testing schedules with the external auditors.
Education, Training, and Experience
- 7-10 years of relevant experience.
- University degree in computer science, management information systems, or business management discipline.
- Professional designation is preferred (e.g., CISA, CISSP, CISM, CIA)
- Strong knowledge of internal control concepts, principles and techniques.
- Advanced knowledge and direct experience with frameworks / standards such as COSO, COBIT, etc.
- Experience in advanced and emerging IT risk areas such as security and risk management, asset security, security architecture, communication and network security, identity and access management, security assessment and testing, security operations, software development security, and cloud security.
- Experience working with publicly traded companies.
- Knowledge of IFRS is considered an asset.
- Experience in leading, coaching and training staff.
Skills and Competencies
- Communication, interpersonal and organizational skills; able to engage across the organization by building collaborative relationships with diverse groups at various levels within the organization.
- Result oriented professional with proven track record in managing high-performance.
- Leadership, coaching, performance management skills
- Strong analytical skills and creative approach to problem solving.
- Ability to interpret and analyze Company policies and procedures.
- Attention to detail in all areas of work.
- Flexible and adapts well to a rapidly changing environment.
22 days ago