Senior Manager, IT Audit
Apply NowCompany: MCAP
Location: Toronto, ON M4E 3Y1
Description:
Senior Manager, IT Audit
MCAP at a Glance
JoiningMCAP means you will be a part of our diverse workforce of highly talentedindividuals who are recognized for their expertise and success! At MCAP, yourprofessional expertise, commitment to teamwork and passion for serviceexcellence are recognized and rewarded with competitive total rewards offering,a career with continuous learning and development (formal & informaltraining), and exciting opportunities in a dynamic, entrepreneurialenvironment.
The Role
Reporting to the Senior Director, the Senior Manager, Internal Audit - IT plays a critical role in executing the IT audit strategy established by the senior management of Internal Audit. This position is responsible for providing independent assurance on technology/security governance, IT risk management, and internal control effectiveness to safeguard the company's assets.
The Senior Manager, Internal Audit - IT delivers strategic insights and recommendations to senior leadership and the Board Audit Committee, driving continuous improvements in IT governance and risk management practices.
This role serves as a trusted advisor to the Senior Director, Internal Audit and senior IT leadership, shaping IT risk governance, influencing decision-making, and proactively addressing emerging threats. The Senior Manager, Internal Audit - IT also leads cross-functional collaboration across the organization to enhance data governance and IT compliance efforts.
Plan and Execute Complex IT Audits
Evaluate & Test Risks Managed by IT
Prepare Audit Reports and Report on Findings and Recommendations
Present and Report on Findings and Recommendations to IT Leadership
Advisory Services
Annual Planning and Strategic Initiatives for the Internal Audit Function
Continuous Professional Development & Expansion of Business Knowledge
Prepare Reports to the Audit Committee
What You Bring To The Team
If this sounds like you and you are looking to be a part of one of Canada's largest independent mortgage finance companies, then we want to hear from you!
Be A Part Of Something Great
MCAPis Canada's largest independent MortgageFinance company withover $150 billion in assets under management providing mortgage solutions forresidential and commercial properties. For over 35 years,MCAP originates, trades, securitizes and services mortgages in offices acrossCanada. MCAP originates residential mortgages exclusively through the mortgagebroker channel as we believe that a professional mortgage broker is aconsumer's best option and MCAP actively promotes the services of mortgagebrokers across the country. MCAP is also a leader in the Canadian residentialconstruction lending market with over 25 years in the business. Our teams ofdedicated professionals serve a variety of developer, construction and lenderclients across Canada.
Position #: req1981
Employment Status: Permanent Full Time
Location: Toronto; Ontario
Number Of Openings: 1
Department: Internal Audit
Internal Job Title: Senior Manager, IT Audit
The above information in this description has been designed to indicate the general nature and level of work performed by employees in the position. It is not designated to contain a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.
MCAP provides equal opportunities for all applicants and is committed to fostering an inclusive, accessible environment, where all employees feel valued, respected and supported throughout the recruitment and employment process. If you require accommodation, we will work with you to meet your needs.
MCAP at a Glance
JoiningMCAP means you will be a part of our diverse workforce of highly talentedindividuals who are recognized for their expertise and success! At MCAP, yourprofessional expertise, commitment to teamwork and passion for serviceexcellence are recognized and rewarded with competitive total rewards offering,a career with continuous learning and development (formal & informaltraining), and exciting opportunities in a dynamic, entrepreneurialenvironment.
The Role
Reporting to the Senior Director, the Senior Manager, Internal Audit - IT plays a critical role in executing the IT audit strategy established by the senior management of Internal Audit. This position is responsible for providing independent assurance on technology/security governance, IT risk management, and internal control effectiveness to safeguard the company's assets.
The Senior Manager, Internal Audit - IT delivers strategic insights and recommendations to senior leadership and the Board Audit Committee, driving continuous improvements in IT governance and risk management practices.
This role serves as a trusted advisor to the Senior Director, Internal Audit and senior IT leadership, shaping IT risk governance, influencing decision-making, and proactively addressing emerging threats. The Senior Manager, Internal Audit - IT also leads cross-functional collaboration across the organization to enhance data governance and IT compliance efforts.
Plan and Execute Complex IT Audits
- Establish and oversee the scope and execution of IT audits, ensuring alignment with enterprise risk management and strategic objectives
- Conduct comprehensive risk assessment of IT network, applications, tools, and associated business processes to identify and mitigate potential security gap.
- Develop and manage detailed audit plans that prioritize high-risk areas to maximize efficiency and impact.
- Lead audit engagements from planning to completion, ensuring that all work in completed on time and within budget, and prepare written communication to effectively document findings and recommendations.
- Provide excellent customer focus and commitment to quality.
- Engage with senior IT leadership and business units to drive collaboration and security support for audit initiatives.
Evaluate & Test Risks Managed by IT
- Collaborate with IT/Business Technology Group (BTG) management and other required groups to ensure continuous monitoring and improvement of IT risk controls.
- Identify and assess IT risks and related control design for the processes within audit scope.
- Document processes through narratives and/or flow charts, highlighting key controls.
- Develop and implement tailored testing procedures to validate key controls, detect vulnerabilities, and assess compliance with regulatory requirements.
- Leverage IT audit tools and data analytics to enhance the efficiency of control assessments.
Prepare Audit Reports and Report on Findings and Recommendations
- Compile audit findings into clear, concise, and actionable reports for senior management and the Board Audit Committee.
- Conduct closing meetings with senior IT leadership to discuss findings, clarify key issues, and recommend corrective actions.
- Deliver insightful risk assessments and present alternative solutions to enhance IT security, governance, and operational efficiency.
- Ensure that all audit reports effectively communicate both technical risks and business impact to senior management.
Present and Report on Findings and Recommendations to IT Leadership
- Lead audit exit meetings to present findings, discuss key risks, and align on mitigation strategies with IT leadership.
- Collaborate with IT stakeholders to resolve contentious issues and reach consensus on risk management solutions.
- Develop and deliver final written report that translate technical findings into business impact insights.
- Work in partnership with the IT management team to identify cost-effective controls to address deficiencies.
Advisory Services
- Act as a strategic partner to IT leadership by providing advisory services to improve risk management, IT security, and governance, and compliance framework.
- Work in partnership with the IT management and application owners to identify technical and security risks and to facilitate the establishment of risk mitigation procedures.
- Assist with independent assessments of organizational business and technology initiatives.
- Partner with Data Management group to drive adoption of data analytics and automation to enhance operational resilience.
Annual Planning and Strategic Initiatives for the Internal Audit Function
- Assist in the development and implementation of the strategic objectives of the Internal Audit team.
- Maintain a comprehensive IT audit universe, continuously updating risk assessments to reflect evolving threats and technology changes.
- Work closely with senior IT and business leaders to integrate IT audit planning with the company's broader risk management strategy.
Continuous Professional Development & Expansion of Business Knowledge
- Maintain ongoing communication with management in the business areas around key IT, business and regulatory changes or significant issues faced by management.
- Build and maintain relationships with IT management through positive discussion and consultation.
- Stay informed on industry-leading practices, regulatory changes, and other IT related developments to enhance audit methodologies.
- Participate in industry events regarding relevant regulatory changes, industry best practices and/or internal audit developments.
- Educate management on practical solutions to implement best practices to improve risk management, security and governance processes.
Prepare Reports to the Audit Committee
- Prepare quarterly status reporting on outstanding audit findings for the Board Audit Committee.
- Communicate with the IT management and application owners to determine the progress on outstanding audit findings.
- Conduct timely audit testing on outstanding IT risks and findings, ensuring that remediation efforts are effective and sustainable.
What You Bring To The Team
- 7+ years of IT Audit experience, have been delivering IT audits, integrated audits (including testing of ITGCs and IT application controls) and advisory engagements.
- Experience utilizing Agile methodologies to perform IT assurance activities.
- Experience conducting infrastructure and network security audits.
- Experience identifying and assessing third-party IT risks.
- Experience identifying and assessing IT security risks
- Experience in financial services, capital markets. Mortgage lending industry experience would be an asset.
- Ability to quickly understand IT & business processes and their risk implications, analyze complex situations, reach appropriate conclusions, and make value-added and practical recommendations.
- Knowledge and experience in applying internal auditing standards and internal control concepts to plan, perform, manage and report on the evaluation of IT risks surrounding key processes/ areas/functions.
- Knowledge and experience in applying audit standards when reviewing third-party program assessments including Data Classification Reports (DSR). Security Risk assessment (SRA and Vendor risk assessments (VRA).
- Knowledge and experience in interpreting Security Dashboard Reports including incidents, endpoint security compliance, email event & security, web and URL filtering.
- Strong knowledge and understanding of the CIS and NIST security frameworks.
- Strong knowledge of COSO and IT control frameworks (such as COBIT-5, ISO 27001).
- Strong knowledge of operating systems including Windows, UNIX and AS-400.
- Experience auditing cloud controls (such as Azure, AWS, M365, Outlook) and development tools (Azure DevOps) preferred.
- Proficient with MS-Word, Excel, PowerPoint, Visio and data analytic tools (such as Power BI or IDEA).
- Strong customer service mindset with demonstrated success in partnering with IT management to achieve organizational goals.
- Strong people management skills, proven relationship management skills and a demonstrated ability to deal effectively with all levels of staff.
- Excellent organizational and time-management skills with the ability to balance multiple priorities and engagements in a fast-paced environment.
- Exceptional oral and written communication skills.
- Strong analytical and problem-solving skills.
- Self-driven, results oriented and motivated with the ability to work independently and in a team environment.
- Carries out duties with integrity and takes responsibility for actions.
- College or university education
- CISA / CISM / CISSP designation preferable
If this sounds like you and you are looking to be a part of one of Canada's largest independent mortgage finance companies, then we want to hear from you!
Be A Part Of Something Great
MCAPis Canada's largest independent MortgageFinance company withover $150 billion in assets under management providing mortgage solutions forresidential and commercial properties. For over 35 years,MCAP originates, trades, securitizes and services mortgages in offices acrossCanada. MCAP originates residential mortgages exclusively through the mortgagebroker channel as we believe that a professional mortgage broker is aconsumer's best option and MCAP actively promotes the services of mortgagebrokers across the country. MCAP is also a leader in the Canadian residentialconstruction lending market with over 25 years in the business. Our teams ofdedicated professionals serve a variety of developer, construction and lenderclients across Canada.
Position #: req1981
Employment Status: Permanent Full Time
Location: Toronto; Ontario
Number Of Openings: 1
Department: Internal Audit
Internal Job Title: Senior Manager, IT Audit
The above information in this description has been designed to indicate the general nature and level of work performed by employees in the position. It is not designated to contain a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.
MCAP provides equal opportunities for all applicants and is committed to fostering an inclusive, accessible environment, where all employees feel valued, respected and supported throughout the recruitment and employment process. If you require accommodation, we will work with you to meet your needs.