Role: IT Controls Testing SME/TOE/1LOB
Location: Hybrid/ Toronto, ON or NYC
Duration: Long Term Contract
Visa: Only USC, GC, TN
Job Description:
We are seeking a seasoned Director-level IT Controls Testing Subject Matter Expert (SME) to support and enhance a maturing IT Controls Testing function embedded within the 1st Line of Defense (1B). This function, part of the Enterprise IT Risk organization based in Toronto, plays a critical role in assessing the design (TOD) and operating effectiveness (TOE) of IT controls to ensure alignment with internal standards and regulatory expectations. While the team’s governance roots are in Toronto, the role works day-to-day with the US CIO office and maintains active engagement with global IT risk stakeholders.
Key Responsibilities:
Lead the enhancement and redesign of the IT controls testing methodology and framework, aligning with industry standards and regulatory expectations.
Provide subject matter expertise (SME) in the execution of manual controls testing, including both control design (TOD) and effectiveness (TOE) assessments.
Partner with the IT Controls Testing Lead to interface with key regulators including FRB, OCC, and OSFI, providing documentation, evidence, and audit trail explanations as needed.
Support the execution and continuous improvement of IT risk and controls assurance activities within the 1st Line of Defense (1LOD).
Advise on best practices for IT controls testing across complex banking and enterprise technology environments.
Build relationships and collaborate closely with key stakeholders, including CIO office teams, Enterprise IT Risk, Compliance, Audit, and second line (2LOD) functions.
Contribute to the development of enterprise-wide IT risk reporting and metrics to support executive-level decision-making.
Mentor junior testers and control owners, fostering a culture of control awareness and risk accountability.
Required Qualifications:
10+ years of experience in IT risk management, technology audit, or controls testing, with at least 3+ years in a leadership role.
Deep knowledge of IT general controls (ITGCs), control design and testing principles, and financial services regulatory frameworks (e.g., FFIEC, NIST, COBIT, SOX, GLBA).
Demonstrated experience standing up or significantly enhancing an IT Controls Testing function (1LOD or 2LOD).
Hands-on experience working with or responding to banking regulators (FRB, OCC, OSFI) in a testing or assurance capacity.
Strong understanding of control frameworks (e.g., COSO, NIST 800-53) and relevant technologies (e.g., infrastructure, applications, cybersecurity, cloud).
Excellent written and verbal communication skills, including the ability to create and deliver executive-level documentation and presentations.
Preferred Qualifications:
Experience working in or with large US-based financial institutions.
Professional certifications such as CISA, CRISC, CISSP, or CIA.
Familiarity with tools for IT control testing, GRC platforms, and issue tracking.