Director, IT Infrastructure Audit

Why you’ll love working here:

• high-performance, people-focused culture

• our commitment that equity, diversity, and inclusion are fundamental to our work environment and business success, which helps employees feel valued and empowered to be their authentic selves

• learning and development initiatives, including workshops, Speaker Series events and access to LinkedIn Learning, that support employees’ career growth

• membership in HOOPP’s world class defined benefit pension plan, which can serve as an important part of your retirement security

• competitive, 100% company-paid extended health and dental benefits for permanent employees, including coverage supporting our team's diversity and mental health (e.g., gender affirmation, fertility and drug treatment, psychological support benefits of $2,500 per year, and newly extended maternity/parental leave top of 26 weeks)

• optional post-retirement health and dental benefits subsidized at 50%

• yoga classes, meditation workshops, nutritional consultations, and wellness seminars

• access to an annual wellness reimbursement program for health and wellness-related expenses for permanent and temporary employees

• the opportunity to make a difference and help take care of those who care for us, by providing a financially secure retirement for Ontario healthcare workers

Job Summary

The Director is accountable for providing leadership and independent assessments of the effectiveness and integrity of HOOPP’s Information Technology controls focused on IT Infrastructure. This role builds and maintains effective relationships with senior IT stakeholders including the Senior Managing Directors and the Executive team, that promote trust and increase efficiency while providing independent assurance and advisory services designed to evaluate and improve the effectiveness of risk management, control, and governance processes. You are accountable for the audit plan execution across assigned business areas and will be a subject matter expert on Information Technology Infrastructure that includes information security, technology systems including Cloud services. The Director reviews ongoing internal audit processes and identifies and implements changes and oversees complex projects while mobilizing a team. These projects include building board and executive dashboards, supporting the rollout of data analytics within the internal audit plan and upskilling the team. The Director develops and maintains a risk-based IT Audit Universe and IT Audit Plan and is responsible for audit prioritization and resource allocation throughout the year. The position has significant direct interaction with senior executives in the Information Technology, Investment Management, Plan Operations, and Corporate divisions.

What you will do:

• Develops, maintains, and implements a risk-focused IT Audit Universe and IT Audit Plan and is responsible for audit prioritization and resource allocation throughout the year. Ensures that audit priority, scope, and issue ranking decisions are risk-based. Concludes on the design and effectiveness of controls.

• Advises senior leadership on impacts of changes in regulations and the industry and recommends impacts to the IT audit plan and IT audit universe.

• Develops Board Committee and Management reporting materials for assigned responsibilities. Responds quickly and appropriately to Board / Senior Management audit related questions.

• Manages a team of seasoned IT audit professionals. Reviews and approves audit work products to ensure thorough and effective coverage, as well as timely and effective escalation of issues and conclusions.

• Oversees the ongoing progress and remediation by management for all outstanding technology audit observations.

• Experience with building dashboard and reports to communicate and advises Senior Management. 

• Develops and deepens relationships with key internal and external stakeholders that include but are not limited to: Executive and senior management; internal control and risk partners; external auditors; external subject matter experts; industry peers and enable a culture of continuous improvement

• Presenting and persuading senior executives and will present relevant audit findings at Senior Leadership Committee meetings.

• Works closely with Risk, Compliance, IT and Finance to support the resolution of audit issues and determines the closure of ongoing audit findings.

• Has excellent project management skills ensuring that IT audits meet department and industry quality expectations and milestone dates.

• Provide specialized in-depth subject matter expertise in Cybersecurity and IT infrastructure risk management. Leads technical assessments to identify vulnerabilities associated with network, infrastructure, software, and hardware. Advise on ongoing and emerging cybersecurity, regulatory and technology risks

• Lead the design and execution of IT audit strategic initiatives.

• Builds and implements an effective Continuous Monitoring Program built upon regular relationship management meetings and committees that focus on technology and emerging IT risks, regulatory matters, and best practice trends in the industry.

• Builds and implements a risk-based analytic program and capabilities. Applies innovative automation and advanced analytical techniques to test hypotheses and add insights into audit findings.

• Conducts research on industry trends, risks and make strategic and tactical recommendations. Keeps abreast of changes in audit practices, regulatory requirements, and Risk frameworks to understand their impact to internal auditing e.g. NIST, COBIT, ISO2700x. Updates senior leadership and the board on the propose audit updates based on these changes.

• Perform other duties as requested.

What you bring:

• 15 years or more of relevant experience in information technology and leading IT infrastructure, applications and cyber security assessments along with a CISA certification.

• Additional security certifications and designations such as CISSP, CISM, CompTIA Security, CEH is an asset.

• Broad and deep knowledge of the general security threat landscape and regulatory requirements

• Advanced understanding of IT and cybersecurity-specific risks and controls, as well as related frameworks, standards or guides, relevant provincial and federal regulatory requirements, and industry leading practices and risk trends

• Experienced in Technology infrastructure, applications, cloud services and cyber security.

• Proficient in leading, designing and the development of project specific approaches or testing methodologies, auditing principles and techniques.

• Experience in leading system development reviews of new IT system implementations.

• Hands-on knowledge of networking, coding, penetration testing and/or code review

• Management experience in coaching and developing a team of seasoned professional staff

• Advisory experience on cybersecurity, regulatory and technology risks and mitigating strategies

• Experience building and implementing a Continuous Monitoring Program, innovative IT Audit Program or Data Analytics Program within the internal audit space.

• Experience in Board & Senior Management Reporting

• Bachelor’s degree in Computer Science, Management Information Systems, or a comparative field.