IT Audit Portfolio Manager

Act as a risk/control subject matter expert (SME) for Information Technology Infrastructure that includes technology infrastructure and systems, information & cyber security, technology systems including Cloud services as well as access and data related controls for CTC and outsourced technology environments

Contribute to CTC’s Internal Audit Services annual planning process ensuring suitable coverage of technology risk within the audit universe

Lead information technology process audits by developing and executing comprehensive audit plans that contain objectives, scope, deliverables, approach, resourcing and schedule

Conclude whether risks associated with information technology processes are appropriately managed through existence of effective controls. Ensure that audit conclusions and recommendations are properly supported by audit evidence and that the audit report content is clear, concise and supported by the audit work completed

Prepare and discuss audit findings with client and audit senior management; identifying significant issues in a business context, working with audit clients to identify and recommend feasible solutions

Collaborate with Operations and Finance audit teams on audits of significant CTC projects by addressing various system development and implementation risks

Assess and report on the adequacy and effectiveness of IT General controls

Identify weaknesses and recognize opportunities for IT General control enhancements and advise clients of best practices

Promote compliance to CTC policies and procedures, standards, and guidelines

Maintain a broad perspective on CTC clients’ operations while retaining detailed knowledge concerning processes, policies, and procedures in order to audit operations across CTC

7+ years of experience with IT auditing, information & cyber security, network management or IT operations management

University degree and auditing (CIA, CISA) or security (CISSP, GSEC) designation

Excellent knowledge of audit, project management, and system development methodologies such as Agile and DevOps

Solid working knowledge and application of IT and Information Security control frameworks, specifically COBIT and NIST

Experience in the assessment of threats and risks over IT processes and assets

Knowledgeable in IT and Information Security processes such as private and public cloud operations and architecture, enterprise architecture, secure application development, network management, threat & vulnerability management, and data protection

Knowledge of various industry regulations such as 52-109, PCI, PIPEDA, GDPR

Excellent relationship management, negotiating, time management, organization, planning, and process mapping skills

Well-developed influential skills to resolve situations when there can be distinct differences of opinion between the client and the auditor

Ability to negotiate mutually satisfactory compromises regarding audit findings with executive level clients when there can be multiple interests and underlying concerns to be interpreted and dealt with

Superior verbal and written communication skills sufficient to prepare and communicate audit reports dealing with facts and concepts for presentations to client executives and external auditors

Committed to providing a customer focus and valued added service

Developed business knowledge of retail industry practices

Detailed working knowledge of CTC’s business processes or business lines is considered an asset.