Sr. Manager, IT Audit Programs
City : Toronto, Ontario, Canada
Category : Full time
Industry : Public Services/Utilities
Employer : Healthcare of Ontario Pension Plan (HOOPP)
Why you’ll love working here:
high-performance, people-focused culture
our commitment that equity, diversity and inclusion are fundamental to our work environment and business success, which helps employees feel valued and empowered to be their authentic selves
learning and development initiatives, including workshops, Speaker Series events and access to LinkedIn Learning, that support employees’ career growth
competitive, 100% company-paid extended health and dental benefits for permanent employees with recent additions to promote inclusive coverage to a diverse employee population. These recent additions include gender affirmation and fertility drug and treatment coverage
membership in HOOPP’s world class defined benefit pension plan, which can serve as an important part of your retirement security
access to an annual wellness reimbursement program for health and wellness-related expenses for permanent employees
virtual fitness, yoga and meditation classes, nutritional consultations and wellness seminars
we offer a hybrid flexible work model that embraces remote work in Ontario for eligible roles
the opportunity to make a difference and help take care of those who care for us, by providing a financially secure retirement for Ontario healthcare workers
The Product Owner/Senior Manager, IT Audit Programs (“Product Owner”) plays an integral role within the Technology Risk and Resilience team of HOOPP’s IT Security, Risk and Governance group (“SRG”). SRG is one of four groups within the Information Technology & Facilities Services (“ITFS”) Division of HOOPP.
The Product Owner reports to the Director, IT Operational Resilience and is a leader in technology audit and control for the organization by delivering, optimizing, and maintaining HOOPP’s IT Audit and ICFR Programs (“IT Audit Programs”). The Product Owner is responsible for leading a team of IT risk professionals in building, remediating, and sustaining a strong internal controls environment. This role will define and lead IT’s approach and strategy to technology audit and ICFR.
This person provides direction, influences team, offers leadership, defines and oversees activities, mobilizes relevant business partners and advances our Audit and Control function through process, automation and innovation. The chief activities that the Product Owner is expected to lead include IT audits, annual ICFR program (for IT), and ongoing remediation.
This role will work collaboratively with HOOPP’s IT Leadership team, Finance/ICFR, internal and external audit, and IT and infrastructure teams.
What you will do:
As a Product Owner, this person will play a strategic role and will provide thought leadership and subject matter expertise related to IT controls, and audit process.
Drive the design, implementation, and advancement of HOOPP's IT Audit and ICFR programs - methodology, framework and testing approach mapped to industry best practices that defines the key IT controls that are performed across IT.
Partner with all levels of IT to ensure that testing and remediation is conducted in a cooperative, timely and efficient manner.
As HOOPP’s expert on IT Audit and ICFR programs, govern to ensure that HOOPP adheres to all applicable IT standards.
Lead the development of strategy, and associated execution roadmaps, for the IT Audit and ICFR programs that aligns and supports the HOOPP’s IT Technology Strategy and IT Balanced Scorecard
Proactively anticipate internal and external business challenges related to technology and IT; make recommendations and advise course of action to address risks.
Provide expert advice and direction on IT general controls, ensuring the coverage and effectiveness.
Ensure IT Audit and ICFR programs are effectively executed by collaborating with and gaining buy-in with stakeholders and leaders within IT and business teams across HOOPP.
Act as main point of contact on all external and internal audits, ensure the coordination, facilitation, tracking and reporting on audits is efficient and effective, represent the IT division in audits.
Ensure that the team of IT risk professionals is high performing, provide coaching and mentoring, help in team member growth and development.
Work closely and effectively with other leaders within various groups at HOOPP including Cybersecurity, Technology Teams, Enterprise Risk Management, Operational Risk Management, Internal and External Auditors, ICFR/Finance and Senior Executive Leaders
Define and deliver IT audit and compliance reporting, metrics, insights, and dashboards to enable Leadership to make decisions.
Lead the audit lifecycle for IT and work with Internal and External Auditors to facilitate the audit process including the resolution of identified deficiencies (including ICFR)
Understand and review IT and business processes (including key systems) and the related control environment to assess risk and support ongoing risk monitoring.
Facilitate the development and maintenance of process documentation on behalf of process owners.
Engage with business and technical groups to provide advisory technology risk and control subject matter knowledge in support of various lines of business.
Collaborate with technical staff including software developers, infrastructure engineers, security engineers and department leaders.
Facilitate and monitor projects to remediate vulnerabilities and other issues identified during audits and risk assessments.
What you bring:
8-10 years of progressive experience in IT Risk & Compliance, IT Audit, IT Governance, Operational Risk, developing, implementing, and managing IT risk programs with specific in-depth knowledge of: change management, governance, IT operations, business continuity and disaster recovery
Proven experience and success with managing IT, Internal Audit or Information Security compliance programs
Bachelor's degree in business, Computer Science, Information System, Engineering, or equivalent experience
Expert understanding of risk methodologies, frameworks, and practices – (ISO standards, COBIT, ISACA Risk IT, COSO, NIST, etc.)
Strong business acumen and understanding of current technology landscape.
Proven ability to identify risks, analyze issues and deduce meaningful insights about risk trends by conducting interviews and analyzing large volumes of data.
Experience working in cross-functional, collaborative partnerships with stakeholders at all levels.
Ability to develop strategic direction, work cross-functionally to effectively meet strategic and tactical goals.
Superior communication skills to present findings and recommendations in a logical and easily understandable manner that focuses on business value.
Excellent analytical skills with an attention to detail
Able to operate successfully in a lean, fast-paced Agile organization.
In depth knowledge and have a proven track record of information systems auditing and/or business process controls auditing gained through on-the-job experience
Candidates must be able to demonstrate this expertise and be recognized for developing thought leadership or sharing lead practices on IT risks and controls
Candidates must be self-motivated in order to work independently
Attention to detail in depth knowledge and have a proven track record of information systems auditing and/or business process controls auditing gained through on-the-job experience is essential
Communicate complex information to facilitate management response and to facilitate decision making
Experience facilitating an Internal Control Over Financial Reporting (ICFR) or SOX program for a technology organization
Industry certifications (CRISC, CGEIT, CISA, CISM, CGEIT, CISSP, CPA, CA etc.)
Experience working in an agile environment
Experience working closely with cybersecurity teams
Experience with ServiceNow GRC platform
Knowledge of public cloud infrastructure (Azure and AWS)