Our client in the insurance space is seeking a fulltime/permanent IT Controls and Audit Manager to lead and maintain a robust IT control environment. The role is responsible for ensuring the design, implementation, and ongoing effectiveness of IT internal controls.

Location: hybrid Toronto

Responsibilities:

• Define, implement, and manage a risk-based IT audit control framework aligned with internal and external compliance needs.
• Lead internal IT audits (e.g., system implementations, change management) to assess control design, effectiveness, and policy adherence.
• Serve as the primary liaison for external auditors, ensuring accurate documentation, timely communication, and audit readiness.
• Maintain strong oversight of IT systems, development/change methodologies, operations, and outsourced services from a risk perspective.
• Produce clear, actionable audit reports with findings, risk assessments, and remediation recommendations.
• Build awareness of IT risk and control responsibilities across departments, partnering with Compliance and ERM functions.
• Identify control deficiencies, recommend timely and practical mitigation plans, and track remediation progress.
• Standardize IT audit practices through documented SOPs, templates, and QA protocols.
• Ensure alignment with regulatory and security frameworks such as NIST, COBIT, GDPR, PIPEDA, SOC2 Type2, and ISO 27001.
• Monitor changes in regulations and industry standards to enhance audit methodologies and internal control maturity.

Requirements:

• 5+ years experience in IT Audit experience
• Demonstrated understanding of IT governance, DevOps, enterprise architecture, cloud, and emerging technologies (e.g., AI).
• Certifications (preferred): CISA, CRISC, CISM, CISSP, or equivalent.
• Familiarity with technology infrastructure (e.g., operating systems, databases, networks, cloud platforms).
• Experience in the insurance and/or financial services industry.
• Familiarity with Canadian regulatory requirements (FSRA, OSFI).