IT Audit Manager
City : Toronto
Category : Full-time
Industry : Finance
Employer : Sun Life Financial
You are as unique as your background, experience and point of view. Here, you’ll be encouraged, empowered and challenged to be your best self. You'll work with dynamic colleagues - experts in their fields - who are eager to share their knowledge with you. Your leaders will inspire and help you reach your potential and soar to new heights. Every day, you'll have new and exciting opportunities to make life brighter for our Clients - who are at the heart of everything we do. Discover how you can make a difference in the lives of individuals, families and communities around the world.
Internal Audit contributes to the company through the execution of high quality audit services, which help our clients pro-actively manage risks in their business. The Audit Manager (Information Technology) is a specialist role within IA and reports to the Director – IT Audit for Sun Life.
What will you do?
Understand the company’s technology strategy, operations and regulatory environment to proactively identify areas of emerging and heightened risk related to technology that affect the company. Reach agreement with management about the risks affecting the technology unit; develop risk management objectives and audit programs to evaluate these risks.
Assess technology that is new to the company or the market, such as cloud computing, mobile technology and high performance computing programs, and their related support models to provide assurance that key risks are managed while introducing new capabilities for our customers.
Manage multiple simultaneous projects within time budgets and target dates, reporting any timing problems or budget over-runs to Director or AVP. Lead audit staff assisting on projects and review completed files to ensure quality of work completed.
Manage audit projects to cover key risks and produce meaningful audit reports that clearly articulate the position on risks and related issues, while meeting Audit Services operational targets related to budget, timeline and quality of execution.
Identify opportunities to automate testing using toolsets deployed internally (CAAT and analytical tools) or through the assessment of other monitoring/analytic tools available on the market.
Perform an inherent risk assessment of assigned audit units, annually. Define and propose changes for information services audit units, maintain record of risks, key activities, systems and processes for sub audit units. Draft and maintain coverage strategy for sub audit units. Provide recommendations and ideas into the development of the IS audit plan.
Perform assessments of information services processes new to the company.
Act as a relationship manager between Audit Services and information services management to proactively understand emerging and developing risk areas.
What do you need to succeed?
Bachelor’s degree, plus an auditing / accounting designation (CMA, CA, CPA) with an interest in technology / IT or a recognized IT audit / security (CISA, CIA, CISM, CISSP) designation, with at least 5 years of relevant experience.
Experience working in a client-facing, matrix, project-based organization; typically gained through prior audit, advisory, consulting, or public accounting experience in a "Big Four" firm or other large organization.
Working knowledge of financial institution processes, including those relating specifically to group functions such as Finance, Treasury, Communications, Compliance, HR, Wealth Management and Investments is an asset.
Proven managerial skills with progressive experience in leadership and professional development.
Ability to quickly comprehend business processes and identify the risk implications, to analyze complex situations, to reach appropriate conclusions, and make value-added and practical recommendations.
In depth knowledge of audit methodologies, project management and system development methodologies, control frameworks and risk management practices, and regulatory requirements.
Proven track record for developing and carrying out plans to deliver quality results on time and within budget.
Proven relationship management skills including a demonstrated ability to deal effectively with staff of all levels including functional VPs and AVPs.
Knowledge and Skills
A strong technical background is required with advanced, preferably hands-on knowledge, in 5 or more of the following Technology Infrastructure areas:
Information Security: Governance; Access Administration; Incident & Vulnerability Management; Internal & External Threat Management; Security policies, standards, and management control processes including current tools & technologies.
Technology Platforms: including zOS/RACF, UNIX (AIX, Solaris, Linux (Redhat); HP Non-Stop (Tandem), iSeries, VMware, Windows servers; Storage (SAN, NAS, CAS) and Middleware.
Information/Database Management: Data Warehouses and Business Intelligence & Reporting Solutions; Database Management systems including Sybase, Oracle, SQL, DB2/UDB and IMS.
Network Technologies: network security & management; Internet/Intranet technologies; Firewalls, Routers & Switches; IDS/IPS; VOIP; Radius, TACACS; Wireless; DNS.
Computer Operations, Cloud Computing, Data Center, Call Center and Network Control Center processes including problem management, service level management, environmental controls, physical security, job scheduling, job entry systems, media management, backup and recovery, and capacity & performance management.
Information Security Operations: Vulnerability assessments, Threat and Risk assessments, Third-party Risk assessments, Security Monitoring, Threat Intelligence, Data Leak Prevention, Incident Response management, Continuity management and regulatory compliance.
Proven skills and experience in developing CAATS packages in Audit Command Language (ACL) and other tools and experience in data analytics / Big Data initiatives.
Demonstrated ability to effectively understand the risks associated with emerging, new or existing technologies and to formulate practical audit procedures to evaluate and monitor controls.
Proven understanding of auditing principles and techniques and IAS policies and standards.
Knowledge of the regulatory environment within the Financial Services industry.
7 years of IT infrastructure audit experience in a large corporate organization (5 years should be in an audit management role)
What's in it for you?
20 vacation days per year
Flexible Benefits from the day you join to meet the needs of you and your family
Pension, stock and savings programs to help build and enhance your future financial security
The opportunity to move along a variety of career paths with amazing networking potential
The Base Pay range is for the primary location for which the job is posted. It may vary depending on the work location of the successful candidate or other factors. In addition to Base Pay, eligible Sun Life employees participate in various incentive plans, payment under which is discretionary and subject to individual and company performance. Certain sales focused roles have sales incentive plans based on individual or group sales results.
Diversity and inclusion have always been at the core of our values at Sun Life. A diverse workforce with wide perspectives and creative ideas benefits our clients, the communities where we operate and all of us as colleagues. We welcome applications from qualified individuals from all backgrounds.
Persons with disabilities who need accommodation in the application process or those needing job postings in an alternative format may e-mail a request to firstname.lastname@example.org.
At Sun Life we strive to create a flexible work environment where our employees are empowered to do their best work. Several flexible work options are available and can be discussed throughout the selection process depending on the role requirements and individual needs.
We thank all applicants for showing an interest in this position. Only those selected for an interview will be contacted.
Salary Range:68,400/68 400 - 111,700/111 700
Job Category:Internal Audit
Posting End Date:05/10/2022