Typical Day in Role:
• Execute assigned audit activities independently as a team member under the direction of the Officer-In-Charge (OIC) on assignments. This includes completion of audit testing, discussions with management and documentation of work performed.
• Executes, plans, and reports on the assigned audit projects. Obtains a thorough understanding of the business/unit/process and associated risks, develops a risk-based audit plan/procedures, and schedules timing and resources.
• Delivers end-to-end process of the execution of the audit, and ensures nature and extent of testing is appropriate to support the objective, scope and overall opinion. Completes timely review of workpapers, ensures internal control weaknesses are clearly documented with recommendations addressing the root cause and are timely communicated to management.
• Ensures audit results are gathered, determine the root cause of the problem and the associated impact and report accordingly. Review/edit reports and summarize issues. Present an overview of the audit results and findings to line management.
• Ensures audit reports are written to a consistent high standard and are finalized within established department metrics.
• Execute agreed upon procedures for specific projects or investigations of a low to moderate complexity and/or confidential nature. May assist other audit staff in more complex projects that Audit may be requested to perform. Plan, document and seek agreement in advance to the project approach and confirm conclusions upon completion in writing.
• Act primarily as Team Participant or in some cases act as OIC on assignments of low to medium complexity for assigned projects, processes and units.
• Ensure Scotiabank standards and the Institute of Internal Auditors (IIA) Code of Ethics are maintained in completion of all assignments.
• Manage self-development by confirming/communicating job expectations, identifying mentors/coaches and enquiring about training needs, ensuring timely completion of performance appraisals and manages assigned staff.
Candidate Requirements/Must Have Skills:
1) 10+ years of hands-on IT applications and IT general controls auditing experience
2) CISA certification
3) 10+ years’ combined experience in auditing IT general controls (ITGC), SOX testing, application controls, data, third-party, technology controls, Project audits
4) 10+ years of Practical and hands-on experience with processes, risks, and controls in the following domains: Software Development Life Cycle, IT Change Management, Release Management, CI/CD, Agile Releases.
5) 6-8 years’ hands-on experience in executing audits in heavily regulated and highly matrixed environments (e.g banking, financial services, telecom, insurance)
Nice-To-Have Skills:
1) FI experience
2) Big 4 accounting firms experience (PwC, EY, KPMG, Deloitte)
Education:
• Bachelor’s degree in IT, business, accounting, related discipline, or equivalent education/experience.
• CISA required
• CRISC/CISM an asset