Risk and Control IT Senior Manager

About Citco:

Citco is a global leader in fund services, corporate governance and related asset services with staff across 80 offices worldwide. With more than $1.8 trillion in assets under administration (AuA), we deliver end-to-end solutions and exceptional service to meet our clients’ needs.

For more information about Citco, please visit www.citco.com

About the Team & Business Line:

We’re a family-owned business, not a faceless corporation. This personal approach informs every aspect of our customer service, where we develop long-lasting relationships with our clients. But we don’t stop there: we also build these same bonds among our own teams, too. Here, we’ve created a community where colleagues support one another and different departments help others succeed. And here, we’ve cultivated a culture where employees care about our company values and live them in their work. At Citco, this people-centric philosophy is the core of who we are—and it shines through in everything we do, every day.

About You

Education

• The candidate should be educated to at least Master’s degree level from an accredited college / university.
• A relevant and recognized professional qualification such as Certified Information Systems Auditor (CISA), CISM, or CIA, or equivalent is desirable.

Professional Experience

• Minimum ten years of experience of working in a progressive risk management / internal controls / internal IT audit function of a financial institution / Big 4 audit firm. Ideally, the candidate will have experience in the financial services and / or alternative investments industry.
• Minimum of five years of experience in working on SOC 1 / SOC 2 certification projects, either being part of an internal Risk & Control team or being part of an external auditor team delivering the SOC 1 / SOC 2 reports.
• Strong relationship management and communication skills, when communicating with the external SOC auditor, or when communicating with Senior Management within the organization.
• Strong reporting skills, proven track record of writing and completing multiple SOC 1 and/or SOC 2 reports in the English language.
• The candidate should have experience allocating workloads to, guiding, coaching, and overseeing senior and junior staff.
• Proficiency with Word, Excel, and PowerPoint is expected.
• Preferable to have experience with automated internal audit applications / tools, Service Desk Manager, Jira, ACL (Galvanize), VBA, database IDEs, AWS Cloud technologies, etc.

Our Benefits

Your well being is of paramount importance to us, and central to our success. We provide a range of benefits, training and education support, and flexible working arrangements to help you achieve success in your career while balancing personal needs. Ask us about specific benefits in your location.

We embrace diversity, prioritizing the hiring of people from diverse backgrounds. Our inclusive culture is a source of pride and strength, fostering innovation and mutual respect.

Citco welcomes and encourages applications from people with disabilities. Accommodations are available upon request for candidates taking part in all aspects of the selection.

Your Role

The Risk and Control Team is a group wide resource, which covers all of the divisions within the Citco Group of companies as defined on www.citco.com. The R&C strategy is to work to support the organization by implementing a formal risk and control framework. Furthermore, the R&C function is responsible for coordinating all controls testing as part of the annual SOC 1 and SOC 2 certifications for all divisions within the Citco Group.

We are looking for a Risk and Control IT Senior Manager (SVP), based in Toronto, Canada. The IT Senior Manager (SVP) will report directly to the Head of R&C function, based in Amsterdam, and will be responsible for:

• Manage the overall relationship with the external SOC 1 / SOC 2 auditor (EY) on an ongoing basis.
• Manage and lead the team in Manila in charge of testing the controls for the annual SOC 2 engagement. This may include, but is not limited to:
• Analyzing the current control environment against the SOC 2 Trust Services (specifically, the Common Criteria) to identify gaps;
• Liaising with Audit, Risk Management, Security, and Technology teams to enhance or implement control activities as needed;
• Drafting control activity test procedures that determine operational effectiveness;
• Creating and adhering to a project plan so that all required activities are completed within Management’s expected timelines.
• Overseeing execution of testing, as prescribed by the project plan.
• Engaging with other R&C staff, internal subject matter experts, and external audit professionals to organize preparation of test evidence, process walkthroughs, Management reporting, and other key SOC 2 deliverables as prescribed by the project plan.
• Working closely with the R&C IT team members to develop SOC 2 report language intended for a broad audience (internal stakeholders, client organizations, external auditors, and others).
• Work collaboratively with other team members within R&C to cover the scope and objectives of other Risk Management / SOC projects in an effective and efficient manner, as assigned by the Head of R&C.
• Ensure that the annual SOC 1 / SOC 2 reports are of good quality and are delivered on a timely basis to Management and external stakeholders.
• Support the organization in implementing an effective and efficient risk management and control framework (both Business processes and Information Technology processes).
• Evaluate existing IT processes and make recommendations for improvement (e.g. adding efficiency, reducing risk) to IT Senior Management, as needed.
• Coach, mentor, and / or train junior R&C IT staff members to meet R&C Management’s objectives.