Controls Testing & Assurance (CT&A) – ORM IT & IS Testing - Assistant Vice President

About The Position

Requirements

• Bachelor’s degree in computer science, Mathematics, Engineering, or a related field, or equivalent deep expertise in information security; professional certifications such as CISA, CISSP, CISM, or CRISC; familiarity with ITIL 4, COBIT5, or ISO 27001 is a plus
• Experience in project or process/quality management, with solid knowledge of auditing IT application controls (e.g., through IT audits or IT risk management)
• Deep understanding of how IT and Information Security risks relate to business process risks, especially in regulated financial institutions
• Hands-on technical experience in IT operations plus expertise in at least one area: cybersecurity, infrastructure, SDLC, cloud engineering, or similar; familiarity with ITIL 4, COBIT5, or ISO 27001 is a plus
• Excellent written and verbal communication skills, with the ability to navigate and resolve conflict effectively
• Strong organizational and project management abilities, with keen attention to detail
• Proven ability to work under pressure, manage multiple priorities, and meet deadlines
• Analytical thinker with a structured approach, able to clearly articulate control deficiencies and associated risks
• Flexible, proactive, and innovative mindset, taking ownership of objectives and delivering projects on time and within budget

Responsibilities

• Support planning and execution of ORM IT & Information Security (IS) risk oversight testing projects across all areas of CT&A under the direction of the ORM IT&IS Team Lead
• Evaluate technology control testing in accordance with regulatory standards, internal firm policies, and industry best practices
• Partner with the ORM IT & IS Team Lead and CT&A stakeholders to create a review work plan based on annual risk assessment findings
• Assess IT and Information Security operational risks, identify root causes, implement remediation plans, and escalate critical issues or exceptions to senior management for review and follow-up
• Support the preparation of reports to senior management detailing review findings and recommendations, report periodically on major activities completed and planned for the upcoming period, ensure all findings and recommendations are recorded in CT&A’s issue tracker, and follow up on open issues to ensure proper resolution
• Develop and maintain strong relationships with key stakeholders, including the Technology Testing Team, CT&A (e.g., business testing teams), Compliance, AFC, Business Divisional Control Officers, the Technology, Data and Innovation Group (TDI), and Group Audit

Benefits

• A diverse and inclusive environment that embraces change, innovation, and collaboration
• A hybrid working model, allowing for in-office / work from home flexibility, generous vacation, personal and volunteer days
• Employee Resource Groups support an inclusive workplace for everyone and promote community engagement
• Competitive compensation packages including health and wellbeing benefits, retirement savings plans, parental leave, and family building benefits
• Educational resources, matching gift and volunteer programs