IT Auditor

IT Auditor

Audit / Control / Quality Permanent contract Montreal, Quebec, Canada Hybrid Reference 25000JTH Start date 2026/01/05 Publication date 2025/09/30

Responsibilities

Société Generale (“SG”) is a top-tier global European bank, headquartered in France, with 120,000 employees serving some 26 million clients in more than 62 countries around the world. We have been supporting the development of our economies for more than 160 years by providing our corporate, institutional and individual clients with a broad array of value-added financial solutions and advisory services.

Our longstanding relationships of trust with clients, our cutting-edge expertise, our unique ability to innovate, our ESG capabilities and our leading franchises are part of our DNA and serve our core objective: to create sustainable value for all our stakeholders.

The Group operates in three complementary business areas, incorporating ESG offers for all its clients:

• Global Banking and Investor Solutions, the Wholesale Banking arm of SG, is a top-tier player providing large corporates and investors with tailormade solutions with unique global leadership in equity derivatives, structured finance and ESG;
• French Retail Banking, Private Banking & Insurance, comprises the core of retail banking, private banking, insurance activities, and the leading online banking activities;
• Mobility, International Retail Banking & Financial Services includes universal banks that are well-established on their local markets, Ayvens, a global player in sustainable mobility, as well as specialized financing activities.

In the Americas specifically, SG consists of and Canadian subsidiaries, branches and representative offices, as well as branches, subsidiaries and representative offices in Brazil, Chile, Mexico and other countries in Latin America relating to the Wholesale Banking Division of SG (collectively, “SG Americas”).

The SG Internal Group Audit Division (IGAD) represents SG’s independent internal audit function, comprised of over 1,200 professionals covering SG's global business and services in over 150 countries. Moreover, we have a dedicated team of about 60 professionals to cover SG Americas, SG Internal Audit Americas (“SGIAA”). The team is composed of individuals with diverse backgrounds and subject matter expertise based in the New York, Sao Paulo, and the newly formed team in Montreal.

SGIAA conducts independent audits of operational entities in an objective, thorough and impartial manner in line with professional standards. In addition, SGIAA assesses the compliance of the Group's operations, the effective level of risk exposure and management, the adequate enforcement of procedures and the effectiveness and relevance of the permanent control set-up.

1. ROLE & RESPONSIBILITIES

The IT Auditor Associate will be part of the Internal Audit IT Team covering Information Technology systems, Cyber Security and Data Management functions. The Associate is expected to have a high degree of independence and autonomy and participates to all stages of the audit process, under the supervision of the head of assignment.

The candidate’s primary responsibilities will be to assist in:

• Participate to all types of regional or global IT audits, as part of either dedicated audits of IT functions or as part of integrated audit conducted in conjunction with the business/financial auditors.
• Independently and autonomously participate in the audit process: create diagnostic matrix with proposed processes and controls for review, identify use cases for data quality testing and relevant sampling strategies, provide concise and comprehensive debriefing presentation for IGAD management and auditees.
• Ensure that Audit management is informed, on a timely basis, of all significant issues arising from missions and of any event that may have an impact on the company.
• Write clear and impactful findings and audit reports that provide added value to the organization.
• Perform diligent follow-up of audit recommendations and action plans.
• Contribute to the development of risk assessment, internal control evaluations, and other processes necessary to determine areas of risk or weakness that will contribute to the development of audit plan and strategy.
• Participating in department wide transformation projects (data analytics, digital transformation, etc) and actively contribute, communicate and implement the changes, and support others through the process.

Profile required

Required Skills and Qualifications:

• Bachelor's degree in Computer Science, Information Systems, Information Technology or a business discipline.
• Candidate should have at least 3 years of information systems experience, preferably within banking/financial institutions.
• Knowledge of cyber security principles, practices, and technologies.
• Knowledge of one or more IS/IT areas: governance, projects, developments and SDLC, production, security, risk management, disaster recovery planning, and technical infrastructure components.
• Familiarity with IS/IT processes (incident management, change management, release management, configuration management, etc.)
• Knowledge of IT Security concepts, familiarity with vulnerability testing and awareness of security exploits
• Familiarity with Infrastructure components, such as: Database management systems (, DB2, SQL Server and Oracle), major computing platforms (Windows NT/2000, UNIX operating systems) and client/server architectures, commonly used systems and applications, and web-based technologies, Network components (firewalls, routers, switches, IAPs)

• Proficiency in security assessment tools and methodologies (, vulnerability scanners, penetration testing).
• Understanding of network security, application security, and data protection.
• Familiarity with investment banking/financial services business and products
• Familiarity with one or more security and control frameworks such as ISO 17799, COBIT, COSO, Common Criteria, FFIEC, etc.
• Familiarity with regulations and statutes such as: GLBA, the California Privacy Bill, or the Volker Rule / Dodd Frank Act

LANGUAGE:

Ability to communicate in English, both orally and in writing, is a requirement as the person in this position will need to collaborate regularly with colleagues and partners in the United States.

Due to US Federal Securities law applying to this position, candidates who will apply for this position will be required to submit to an enhanced background screening, including the collection of their fingerprints by a third-party vendor selected by the Financial Industry Regulatory Authority ("FINRA")

Why join us

OUR BENEFITS:

WHAT WE DO DIFFERENTLY AT SOCIÉTÉ GÉNÉRALE

Competitive compensation & benefits offering, including but not limited to:

• Minimum of 20 Vacation days + 4 personal days Supportive Maternity, paternity, parental and adoption leave policy Health spending ($2,000/year) and personal spending ($1,000/year) accounts with 75+ eligible reimbursement categories (health, training, electronics etc.)

Fully sponsored virtual healthcare assistance and Employee Assistance Program to you and your immediate family

Various Employee Resource Groups (ERG) to engage with such as Pride and Allies, American Women Network, Black Leadership Network, One planet, etc.

• A culture of continuous development by encouraging our employees various training programs (online training and coaching platform such as Coursera, GoFluent, Pluralsight, First Finance, and others)