Sr IT Auditor

Peoples Group•Toronto, ON

2d•CA$60,000 - CA$75,000•Hybrid

About The Position

The Senior IT Auditor is responsible for planning, executing, and reporting on risk-based technology audits across Peoples. The role provides independent assurance over the design and operating effectiveness of information technology controls, cybersecurity practices, technology governance, data management, change management, third-party technology arrangements, and resilience capabilities. The Senior IT Auditor works closely with business, technology, risk management, compliance, and internal audit stakeholders to identify control gaps, assess technology and cyber risks, and support timely remediation in alignment with internal audit standards, enterprise risk management practices, and applicable Canadian regulatory expectations. The role requires awareness of the expectations applicable to Peoples, including guidance and supervisory expectations issued by the Office of the Superintendent of Financial Institutions (OSFI). Relevant areas include technology and cyber risk management, third-party risk management, operational resilience, incident reporting, data protection, governance, and internal control effectiveness. The Senior IT Auditor should also understand how technology risks can affect prudential safety and soundness, customer outcomes, regulatory compliance, operational continuity, and reputational risk. The Senior IT Auditor will report to the Assistant Vice President, Corporate Services and IT Internal Audits. The role regularly interacts with technology leaders, cybersecurity teams, business process owners, enterprise risk management, compliance, privacy, third-party risk management, external auditors, and senior management.

Requirements

University degree or college diploma in information systems, computer science, cybersecurity, accounting, business, risk management, or a related discipline.
Three or more years of experience in IT audit, technology risk management, cybersecurity, internal audit, external audit, or technology controls within financial services or another highly regulated environment.
Experience auditing ITGC, cybersecurity controls, application controls, infrastructure, cloud services, technology projects, and third-party technology providers.
Knowledge of internal audit standards and technology control frameworks such as IIA Standards, COBIT, NIST Cybersecurity Framework, ISO/IEC 27001, ITIL, and relevant privacy and security practices.
Professional certification such as CISA is strongly preferred. CIA, CISSP, CISM, CRISC, CPA, or similar designations are considered assets.
Strong understanding of technology risk, cyber risk, operational risk, regulatory compliance, governance, and internal control principles.
Experience with audit management tools, data analytics, control testing techniques, and workpaper documentation standards.
Strong risk assessment, critical thinking, problem-solving, and analytical skills.
Ability to translate complex technology and cybersecurity concepts into clear, business-relevant audit findings.
Excellent written and verbal communication skills, including the ability to prepare concise audit reports and present findings to stakeholders.
Sound professional judgment, independence, objectivity, and attention to detail.
Ability to manage multiple audits, deadlines, stakeholder expectations, and competing priorities.
Strong relationship-building skills and the ability to challenge constructively while maintaining effective working relationships.
Curiosity and commitment to continuous learning in emerging areas such as cloud security, artificial intelligence, automation, data governance, digital transformation, and cyber resilience.

Responsibilities

Lead and execute technology-focused audits in accordance with the approved internal audit plan, internal audit methodology, and professional standards.
Assess IT general controls (ITGC), including access management, change management, computer operations, backup and recovery, incident management, job scheduling, logging and monitoring, and segregation of duties.
Evaluate cybersecurity controls across areas such as identity and access management, vulnerability management, endpoint protection, network security, security monitoring, data loss prevention, incident response, and cyber resilience.
Review technology governance practices, including IT strategy alignment, technology risk management, policy frameworks, risk appetite measures, control ownership, issue management, and management reporting.
Assess controls over critical applications, infrastructure, databases, cloud environments, system development life cycle activities, DevSecOps practices, and technology projects.
Evaluate controls over third-party and outsourcing arrangements involving technology services, including due diligence, contracting, ongoing monitoring, service level management, resilience, and exit planning.
Perform audit planning activities, including inherent risk assessments, process walkthroughs, audit scope development, control identification, testing strategies, and audit program preparation.
Conduct audit fieldwork, document workpapers, evaluate evidence, identify root causes, and develop clear, practical, and risk-focused audit observations.
Prepare and present audit findings, ratings, recommendations, and reports for technology management, business stakeholders, senior leadership, and audit committees as required.
Monitor and validate management action plans to confirm timely and effective remediation of audit issues.
Support continuous auditing, data analytics, and automation initiatives to enhance audit coverage and identify emerging technology and cyber risks.
Contribute to annual audit planning by providing insight into technology risk trends, regulatory developments, business changes, incidents, and control environment themes.
Provide coaching, guidance, and quality review support to junior auditors and cross-functional audit team members.