IT & Cybersecurity Control Testing Auditor (Senior)

Missions: The candidate will report to an experienced testing manager and will be responsible for leading reviews as part of the Annual Control Plan focused specifically on Information Technology, Infosec and Cyber risks.

• Conduct business process and control walkthroughs and gather information to understand the context, risks and intended control operation to be tested.
• Scope, plan and execute technology and compliance control audits with the following focus areas: Design and execute tests to validate application system controls, which may require data analysis, code inspection and re-performance of system processes.
• Analyse the design of controls around the underlying system architecture in the context of information technology controls such as security, availability and performance and their impact on business‑aligned technology groups.
• Analyse the business and technology processes to evaluate the effectiveness of the relevant technology controls.
• Validate that system features meet business, technology and regulatory requirements.
• Identify issues through testing, ensuring that appropriate action plans are being developed by the business to correct deficiencies.
• Discuss results and findings with relevant stakeholders including the business or function being tested.
• Document review work and develop final testing reports to formally communicate testing results to stakeholders.
• Validate that the business has completed the agreed‑upon action plans by the due date.
• Maintain regular engagement and provide feedback to key stakeholders within Compliance, Risk and Business units.
• Assist the audit manager with development of the annual risk‑based Testing Plan.

• Understand and apply audit methodology and various techniques to perform controls‑based audits.
• Apply knowledge and experience in auditing general and application controls across a variety of technologies and platforms using IS industry standards and best practices.
• Apply a broad and comprehensive understanding of high‑risk IS/cyber areas including identity and access management, data protection, encryption, firewall security, intrusion detection and prevention systems, and insider threat.
• Audit non‑technical areas including IT governance, project management and systems development.
• Audit experience covering cloud‑based infrastructure is a plus, but not required.
• Synthesize data and observations into findings and effectively present and communicate conclusions in writing and orally.
• Analyze complex sets of data using Excel, Access, VBA and other advanced scripting and analytical tools that help operate and visualize data.
• Understand Investment Banking and Broker‑Dealer related risks and regulations.
• Apply strong analytical, problem‑solving and organizational skills; handle multiple, simultaneous, and ad‑hoc requests.
• Exercise strong attention to detail; ability to work independently; prioritize and work in a dynamic, deadline‑focused environment.
• Work collaboratively within a complex organization, across multiple cultures, geographies and disciplines; strong interpersonal and written/verbal communication skills.

• Experience and application of industry‑standard technology frameworks and regulations such as NIST, FFIEC, ISO, GDPR, NYSDFS, FISMA, etc.
• Experience with various data analytics and data management tools: scripting tools (Python, VBA), relational data tools (T‑SQL, PL/SQL), data visualization tools (PowerBI, Microstrategy, Spotfire).
• Expertise with Microsoft Word, Excel and PowerPoint.
• Excellent writing skills.
• Securities licenses a plus.
• Languages: English, French (speaking a plus).

• 7–11 years of working experience within the Financial Services industry or equivalent environment.
• 3–5 years performing audits of systems, physical, logical, or cybersecurity in a technical environment using generally accepted auditing standards consistent with internal control frameworks.
• General knowledge of applicable regulatory requirements and expectations related to investment banking and broker‑dealer activities.
• AML experience a plus.

• B.A./B.S. in Computer Science, Information Security, Engineering or equivalent discipline.
• Relevant IT audit certifications are a plus, such as: Certified Information Systems Auditor (CISA), Certified Information System Security Professional (CISSP), Certified Public Accountant (CPA), Certified Internal Auditor (CIA).

• Ability to communicate in English, both orally and in writing, is a requirement.
• English language proficiency; French speaking a plus.

Equal‑Opportunity Employer: As an equal‑opportunity employer, being able to perform your best during the recruitment process is important to us. If you require an accommodation, please inform your recruiter.

To learn more about accessibility at CGI, contact us via email. Please note that this email is strictly for accessibility requests and cannot be used for application status inquiries.