IT Audit Portfolio Manager

Reporting to the Vice President of IT Audit, the IT Audit Portfolio Manager will be responsible for overseeing the technology audit portfolio. This includes conducting audit assurance activities, project reviews, and providing risk advisory services to ensure that IT operations align with CTC’s risk appetite and strategic objectives. You will manage multiple concurrent audit engagements aimed at enhancing the overall risk / control environment of CTC.

• Annual Planning: Contribute to the annual planning process of IAS, ensuring adequate coverage of information technology and cyber risks
• Audit Execution and Delivery: Lead audits focusing on information technology and cybersecurity processes by developing and executing comprehensive audit plans. These plans should include objectives, scope, deliverables, approach, resourcing, and scheduling
• Risk Management: Assess whether risks related to IT and cybersecurity processes are appropriately managed through effective controls
• Reporting: Ensure audit conclusions and recommendations are well-supported by evidence. Prepare clear and concise audit reports
• Client Engagement: Discuss audit findings with clients and senior management. Identify significant issues within a business context and work with clients to develop feasible solutions
• Collaboration: Work with various audit teams on significant CTC projects. Address system development, implementation, and cybersecurity risks by assessing project solutions and security architecture
• Technical Expertise: Bring deep expertise in at least 1-2 areas of technology such as operating systems, databases, network devices, or cloud technologies. Leverage this specialized knowledge to provide critical insights and drive improvements in risk / control assessments
• Compliance Promotion: Advocate for compliance with CTC policies, procedures, standards, and guidelines
• Innovation and Insight: Utilize creativity and sound judgment to drive actionable insights from audit engagements. Identify innovative solutions that improve the overall risk / control environment
• AI Integration: Leverage artificial intelligence technologies such as large language models (LLMs) to enhance the efficiency and effectiveness of audit execution

• 7+ years of IT audit or information technology experience with focus on cybersecurity or risk management
• University degree as well as CISA or CISSP or equivalent certifications are required. Other technology specific certifications are a plus
• Excellent working knowledge of audit, project management, and system development methodologies
• Experience in the assessment of threats and risks over IT and cybersecurity processes and systems
• Solid working knowledge and application of IT, cybersecurity, and service organization reporting control frameworks, specifically COBIT, NIST, and SOC (1 and 2)
• Knowledge of various industry regulations such as 52-109, PCI, PIPEDA, and GDPR
• Strong technical knowledge of various IT infrastructure and network components such as operating system (Windows, Linux), databases (Oracle), and network platforms
• Knowledgeable and experience in areas such as network security architecture, identity and access, threat and vulnerability, systems development security, data loss prevention, and endpoint protection
• Knowledge and experience of various security tools (IDAM, Vulnerability Assessment, EDR, SIEM etc.)
• Strong understanding of public cloud networking and network security controls on platforms such as Azure, GCP, AWS
• Excellent relationship management, time management, organization, planning, and process mapping skills
• Well-developed influential skills to resolve situations when there can be distinct differences of opinion between the client and the auditor
• Superior verbal and written communication skills sufficient to prepare and communicate audit reports dealing with facts and concepts for presentations to client executives and external auditors
• Committed to providing a customer focus and added value service

#LI-AG2