Senior Analyst, IT Controls Testing
Canada
Full Time
1 week ago
$61,600 - $113,900 CAD
Key skills
CloudSaaSChange ManagementCommunication
About this role
Role Overview
- Test patch management controls, including timely identification, prioritization, testing, deployment of patches, and validation of patch compliance reporting, exception handling, and remediation activities.
- Evaluate incident management controls covering detection, response, escalation, documentation, severity classification, root‑cause analysis, and communication practices.
- Assess asset management processes/ controls for identifying, classifying, tracking, and reconciling technology assets; validate CMDB and inventory accuracy and completeness.
- Test platform and database security controls including authentication, access, backup, logging, configuration management, privileged access, segregation of duties, encryption, and baseline adherence.
- Assess container governance and security including orchestration, image scanning, RBAC, network isolation, configuration hardening, and lifecycle processes/ controls (build, deploy, patch, retire).
- Perform controls testing across cloud environments (IaaS/PaaS/SaaS) focusing on identity, data security, configuration management, monitoring, baseline compliance, provisioning, access, etc.
- Evaluate technology currency controls ensuring systems remain vendor-supported; review upgrade planning, end‑of‑life tracking, remediation progress, and reporting accuracy.
- Test change management processes including planning, approval, testing, scheduling, implementation, documentation, segregation of duties, and emergency change compliance.
- Evaluate data governance controls related to classification, handling, retention, protection, integrity, lifecycle management, stewardship responsibilities, and data quality practices.
- Test software asset management controls include license tracking, entitlement validation, deployment oversight, compliance, procurement, usage monitoring, and vendor management.
- Assess enterprise architecture governance for alignment with standards, security patterns, reference architectures, and control checkpoints, review solution design and risk assessment outputs.
- Test API governance and security controls covering API lifecycle, authentication, authorization, rate limiting, scanning, inventory accuracy, gateway configuration, logging, and monitoring.
Requirements
- Bachelor’s degree in IT, Computer Science, Engineering, or equivalent experience.
- Certifications such as CISA, CISM, CDPSE, CISSP, or CPA are considered an asset.
- 3–5 years of IT controls testing experience (ITGC, SOX, Cloud Platforms, Container Management, etc).
- Strong understanding of IT risk and control frameworks (e.g., COBIT, ITIL, ISO 27001, COSO, NIST, PCI DSS).
- Experience in banking or financial services is preferred
Tech Stack
- Cloud
Benefits
- Health insurance
- Tuition reimbursement
- Accident and life insurance
- Retirement savings plans