Manager Internal Audit

Permanent Full Time

Manager, Technology Audit

We are looking for a Manager, Technology Audit** **to join our high-performance team. Given the size and scope of our organization, we have the flexibility for this position to be located in the following head office locations: Toronto, London, Winnipeg.

**What you will do**:
Reporting to the Director, Technology Audit, the Manager, Technology Audit will support the achievement of Internal Audit’s vision _t_o provide bold insights for a company that delivers on its promises to customers, by:

- Perform technology audits:

- Develop or contribute to a comprehensive audit plan clearly outlining the objective, scope, deliverables, approach, resourcing, communications, and schedule.
- Execute collaborative risk-based technology and cybersecurity audits of moderate to high complexity in a local and global context and conclude whether risks are appropriately managed through the existence of effective controls.
- Support and execute ICOFR (Internal Control over Financial Reporting) reviews and engagements as required.
- When acting as the Audit Lead, strive for efficient use of audit resources by monitoring execution of audits assigned, timely escalation, and conflict management.
- The incumbent is expected to seek and obtain direction, perspective and resources as required in order to complete the assigned audit on time and within budget.
- Prepare and deliver effective presentations to stakeholders at audit opening and closing meetings as a means of communicating and gaining their agreement and understanding of audit plans and audit results.
- Ensure audit’s conclusions and are supported by an orderly accumulation and analysis of documented evidence and that the content is clear and concise.
- Provide value-added and effective audit recommendations to stakeholder’s senior management, identifying significant issues in a business context, and through working with audit stakeholders to identify and recommend feasible solutions.
- Perform accountabilities with mínimal supervision and provide audit management and audit stakeholders with regular status updates of audits and assignments.
- Remain informed of industry and corporate initiatives, trends and risks to enhance audit’s advice to stakeholders regarding cybersecurity and information management.
- Leading and/or participating in professional practice and improvement initiatives.
- Cultivate business relationships and work collaboratively with other functional areas.
- Contribute to the creation and maintenance of a positive work environment.
- Seek learning and development opportunities in line with organizational needs and personal aspirations.

**What you will bring**:

- Strong working knowledge of governance, risk, & control frameworks and audit methodologies
- Maintain information systems competency through ongoing professional development and staying abreast of emerging technologies, risks and controls in information and cybersecurity.
- Provide direction, guidance and expert advice to audit teams globally to enhance creation of effective assessments on information and cybersecurity risk management.
- When required, prepare and deliver effective presentations on various audit and information security related matters to Audit senior management and relevant stakeholders
- Identify and advise Audit teams globally on the use of data analytics and other advanced techniques and tools in order to improve efficiency and effectiveness of audit assessments.
- Establish and maintain solid relationship with audit stakeholders to serve as a catalyst of positive change and improvement of information and cybersecurity risk management.

**Required Qualifications and Competencies**:

- 5+ years of information technology and/or cybersecurity industry experience is required.
- Experience in auditing current and emerging technologies and cybersecurity related risks
- Understanding of technology risk: Regulatory, technology, and industry best practices.
- Bachelor’s degree in information technology, Computer Science or equivalent is required.
- Excellent verbal, presentation and written communication skills and ability to communicate at all levels of the organization.
- Proven ability to build and maintain trusted collaborative business relationships with the ability to engage and influence others
- One or more of the following certifications: CISA, CISM, CISSP, CCSP, CRISC is required.

**Beneficial Qualifications and Competencies**:

- Knowledge of and practical experience with security assessment tools (exploit tools, vulnerability assessment, SAST, DAST) and Security Operations Centre software (IDS, IPS, SIEM, EDR, etc.)
- Knowledge of and experience with systems development techniques, including agile and waterfall methodologies.
- Experience in using automation and data analytics tools including ACL, Power Query, advanced Excel, Power BI, etc.
- Working knowledge of Canada Life’s primary business areas and/or