CSOX Consultant

Northleaf Capital Partners•Toronto, ON

2d•Onsite

About The Position

Northleaf is seeking a CSOX Consultant to support a critical phase of our internal controls and financial reporting journey. This position is a new role and an 8‑month contract with the potential to convert to a permanent full‑time position. The CSOX Consultant will lead the documentation, assessment, and enhancement of internal controls over financial reporting (ICFR) in support of Northleaf’s CSOX program. The role plays a key part in audit readiness, finance risk management, and cross‑functional coordination during a period of organizational and systems transformation. Working closely with Finance, Enterprise Risk Management, IT, and business stakeholders—both internal and external—the CSOX Consultant will ensure that financial processes, risks, and controls are clearly documented, consistently applied, and aligned with regulatory requirements and external auditor expectations. This role requires strong technical accounting and controls expertise, sound professional judgment, and the ability to lead complex, multi‑stakeholder initiatives.

Requirements

CPA designation or equivalent combination of education, professional certification, and experience.
Experience within the financial services industry.
Strong background in accounting, auditing, and/or internal controls over financial reporting (ICFR).
Demonstrated experience supporting SOX or SOX like compliance programs preferred.
Proven ability to work effectively across cross functional teams and with senior stakeholders.
Experience managing complex projects with multiple dependencies and tight timelines.
Comfortable leveraging modern tools and technologies, including AI enabled solutions, to improve efficiency and documentation quality.

Nice To Haves

Exposure to Enterprise Risk Management (ERM) activities for non-investment risks (operational, regulatory, reputational, strategic, third‑party), aligned at a high level with internal control frameworks (e.g., COSO/ISO).
Facilitating risk and control assessments, including identification of key risks and evaluation of control effectiveness.
Supporting incident and issue management for non-investment risk events, including root cause analysis and remediation tracking.
Assisting with the development and monitoring of key risk indicators (KRIs) to identify emerging non-investment risks.
Supporting third-party and service provider risk management, including due diligence and ongoing monitoring (e.g., SOC report review).

Responsibilities

Lead the documentation of key financial processes (process narratives), risks, and controls in support of the CSOX program, leveraging established methodologies, templates, and examples.
Coordinate and facilitate control walkthroughs in collaboration with Finance, Risk, and business stakeholders, ensuring timely completion and high quality documentation.
Perform gap assessments against existing processes and controls to identify deficiencies, design gaps, or documentation inconsistencies.
Assess the design effectiveness of existing controls and recommend enhancements where gaps are identified.
Work closely with stakeholders to drive remediation activities and validate that gaps are addressed effectively and sustainably.
Design and execute management self‑testing of key CSOX controls to assess both design and operating effectiveness, ensuring issues are identified and remediated.
Support or perform risk identification and risk assessments across in scope financial reporting processes, in alignment with organizational and regulatory expectations.
Partner with Finance, Risk, IT, and other cross functional teams to validate process flows, key risks, and control ownership.
Apply strong professional judgment to evaluate control design and ensure risks are appropriately mitigated.
Ensure all process and control documentation is complete, consistent, and audit ready.
Align documentation and evidentiary standards with external auditor expectations.
Serve as a key point of contact for audit preparedness activities related to ICFR and CSOX.
Provide regular, clear updates to the project leadership team on progress, challenges, risks, and outcomes.
Manage workplans, timelines, and dependencies across multiple process areas and stakeholders.
Identify risks to delivery and proactively resolve issues to maintain momentum.
Leverage available technology, including AI enabled tools (e.g., Teams meeting recordings and transcriptions), to support efficient and accurate process documentation.
Support ERM activities for non-investment risks (operational, regulatory, reputational, strategic, third‑party), aligned at a high level with internal control frameworks (e.g., COSO/ISO).
Facilitate risk and control assessments, including identification of key risks and evaluation of control effectiveness.
Support incident and issue management for non-investment risk events, including root cause analysis and remediation tracking.
Assist with the development and monitoring of key risk indicators (KRIs) to identify emerging non-investment risks.
Support third-party and service provider risk management, including due diligence and ongoing monitoring (e.g., SOC report review).