Test patch management controls, including timely identification, prioritization, testing, deployment of patches, and validation of patch compliance reporting, exception handling, and remediation activities.
Evaluate incident management controls covering detection, response, escalation, documentation, severity classification, root‑cause analysis, and communication practices.
Assess asset management processes/ controls for identifying, classifying, tracking, and reconciling technology assets; validate CMDB and inventory accuracy and completeness.
Test platform and database security controls including authentication, access, backup, logging, configuration management, privileged access, segregation of duties, encryption, and baseline adherence.
Assess container governance and security including orchestration, image scanning, RBAC, network isolation, configuration hardening, and lifecycle processes/ controls (build, deploy, patch, retire).
Perform controls testing across cloud environments (IaaS/PaaS/SaaS) focusing on identity, data security, configuration management, monitoring, baseline compliance, provisioning, access, etc.
Evaluate technology currency controls ensuring systems remain vendor-supported; review upgrade planning, end‑of‑life tracking, remediation progress, and reporting accuracy.
Test change management processes including planning, approval, testing, scheduling, implementation, documentation, segregation of duties, and emergency change compliance.
Evaluate data governance controls related to classification, handling, retention, protection, integrity, lifecycle management, stewardship responsibilities, and data quality practices.
Test software asset management controls include license tracking, entitlement validation, deployment oversight, compliance, procurement, usage monitoring, and vendor management.
Assess enterprise architecture governance for alignment with standards, security patterns, reference architectures, and control checkpoints, review solution design and risk assessment outputs.
Test API governance and security controls covering API lifecycle, authentication, authorization, rate limiting, scanning, inventory accuracy, gateway configuration, logging, and monitoring.
Requirements
Bachelor’s degree in IT, Computer Science, Engineering, or equivalent experience.
Certifications such as CISA, CISM, CDPSE, CISSP, or CPA are considered an asset.
3–5 years of IT controls testing experience (ITGC, SOX, Cloud Platforms, Container Management, etc).
Strong understanding of IT risk and control frameworks (e.g., COBIT, ITIL, ISO 27001, COSO, NIST, PCI DSS).
Experience in banking or financial services is preferred