IT Audit Manager

November 1 2021
Industries Bank, Insurance, Financial services
Categories Accounting, Finance, Actuarial Services, Bank, Insurance, Financial services, Certification, Audit, Data Business Analyst, Executive, CTO, Information Technology, Management, Consulting, Sales, Business Development
Langley, BC

We are seeking an IT Audit Manager to join our team.

The IT Audit Manager will be accountable for planning and executing on assigned information technology (IT) and cybersecurity assurance and consulting engagements as per the annual Audit Plan, with the primary focus of evaluating and improving the effectiveness of the Credit Union’s risk management, control and governance processes in place to provide reasonable assurance regarding confidentiality, integrity and availability of information services, as well as compliance with relevant regulations. This role will interact directly with stakeholders at all levels throughout the Credit Union and provide a high level of professional service in line with the Institute of Internal Auditors’ “International Standards for the Professional Practice of Internal Auditing, the Definition of Internal Auditing, and the Code of Ethics” (“IIA Standards”).

Here’s what would be included as a part of your typical day:

  • Leadership: Provides leadership and direction to assigned Internal Audit staff including recruitment, ongoing training and development, knowledge-sharing, coaching, goal-setting and performance management.
  • IT & Cybersecurity Audit Management and Delivery: Plans the objectives and scope for comprehensive IT and cybersecurity assurance and consulting engagements using a risk-based approach. Designs and develops risk-based audit programs and related procedures for areas in the IT and cybersecurity audit universe. Completes files to ensure sufficient work was completed and evidence obtained to meet the objectives of the engagement. While there is no permanent supervisory responsibilities, supervises or assists on an as-needed basis, a team of internal auditors and/or external consultants to complete specific IT or cybersecurity audit engagements, integrated audit engagements with such components, or general audit engagements with no such components, where possible.
  • Reporting and Communication: Delves into audit findings to isolate and identify root causes of control deficiencies. Writes concise, risk-focused reports with pragmatic recommendations. Communicates with and engages stakeholders in a diplomatic and tactful manner, in discussions of complex and sensitive issues, audit findings, and recommendations. Facilitates and ensures open communication with other members of the Internal Audit department, as well as IT, Risk, external auditors, regulators and other organizational partners, in the areas of IT and cybersecurity controls, risk management, governance, regulatory compliance, and internal policies/procedures.
  • Guidance, Assistance and Thought Leadership: Assists the Internal Audit leadership team in managing and updating the IT and cybersecurity audit universe, as well as performing the risk assessment and developing an IT and cybersecurity audit plan, by staying current with the Credit Union’s business operations, IT and cybersecurity environment and major projects, as well as changing regulations, and emerging risks. Provides advice to and perform value-add activities for key internal stakeholders (e.g., IT and Risk), without compromising independence and objectivity, on IT and cybersecurity risk management, control and governance processes, and recommends process improvements to mitigate risk to the Credit Union. Provides technical expertise and appropriate training to members of the Internal Audit department relative to TeamMate and ACL, and acts as the administrator of these applications by managing software upgrades, configurations, user privileges and user access, among others.
  • Professional Standards: Ensures adherence to the IIA Standards and maintains a professional standard of conduct. Maintains an understanding of departmental quality standards, policies and procedures, industry regulations, and relevant organizational policies and procedures, and imparts that understanding to the Internal Audit team and incorporates it into all assurance, consulting, and value-add activities. Keeps abreast of leading practices, latest trends, and technological and cybersecurity developments, and incorporates them into engagements.
  • Internal Audit Development and Advancement: Assists the Internal Audit leadership team in establishing, developing and maturing the IT and cybersecurity audit practice/service by providing technical expertise and developing IT and cybersecurity audit-specific tools, practices and methodologies. Contributes to the advancement of overall Internal Audit practices and methodologies by providing technical guidance and assistance in implementing and maturing continuous auditing capabilities, and automating manual testing procedures by leveraging application controls and data analytics.

Required Skills, Experience & Qualifications:

  • Bachelor's Degree in one of the following area's of study: Computer Science, Management Information Systems, Business Administration or equivalent
  • Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), or another related IT designation
  • Minimum 5 years of IT and cybersecurity auditing and/or risk management experience in a wide range of areas, such as cybersecurity (e.g., vulnerability assessment, incident management, etc.), IT and data governance, cloud computing (e.g., PaaS, SaaS, etc.), applications (e.g., web services, application controls and system development lifecycle), infrastructure services and components (e.g., servers, databases and networks), disaster recovery planning, and IT general controls, among others.
  • Advanced understanding of IT and cybersecurity-specific risks and controls, as well as related frameworks, standards or guides (e.g., COBIT, NIST, ITIL, IIA GTAG, ISO 27001, 27002, SOC (SSAE16/CSAE3416), etc.), relevant regulatory requirements (e.g., OSFI cybersecurity guidance, PIPEDA/PIPA, Interac, PCI DSS, etc.), and industry leading practices and risk trends
  • Demonstrated ability to understand and/or analyze the relationship between information technology and cybersecurity risk, and the underlying business risk or objective
  • Proficient in applying auditing and analytical techniques, including the use of relevant IT and cybersecurity-related frameworks, standards or guides
  • Knowledge of auditing principles and practices
  • Proficiency with data analytics and CAATs tools
  • Excellent interpersonal skills, with the ability to interact effectively and build relationships with all levels of the organization
  • Strong written and verbal communication skills, with the ability to present information in a clear and concise manner
  • Strong analytical and problem-solving skills, with the ability to effectively process a large volume of information and/or uncertainty, draw meaningful and persuasive conclusions, and develop practical recommendations to improve the overall effectiveness and efficiency of the organization
  • Ability to exercise sound professional judgement
Why work for us?

We offer a total rewards package that recognizes the meaningful work you do to support our members and our communities, which includes:

  • A competitive base salary plus performance-based incentive compensation
  • Annual merit pay increases
  • Flexible benefits as well as support for retirement benefits
  • Vacation time, a flexible “Day4U” and the option to purchase up to five additional vacation days
  • Other financial perks such as our Employee Banking Advantages which includes waived or reduced financial service fees, reduced rates on personal loans, mortgages and no-interest loans on lifestyle-related items that promote health, wellness, learning and business aptitude

In addition you can enjoy socially conscious perks, like three paid days off every year, to volunteer for causes you care about.

What’s your place in the First West story? Apply now and let’s find out together!

First West regrets that only candidates selected for an interview will be contacted.

Diversity & Inclusion:

First West Credit Union is committed to diversity and inclusion. Our goal is to create an inclusive, accessible environment for our candidates and employees that reflects the communities in which operate. If you require an accommodation for the recruitment or interview process (including alternate formats of materials, accessible meeting rooms or other types of accommodation), please let us know and we will work with you to meet your needs.

Apply now!

Jobs.ca network

#