Tangerine is Canada’s leading direct bank. We offer flexible and accessible banking options, innovative products, and award-winning Client service. The reason why Tangerine employees come to work each day is to help Canadians live better lives. We focus on making a difference in our communities, and that includes our own internal community. It’s important to us that our employees feel empowered and enthusiastic about belonging to our orange culture. As Canada’s leading digital bank, Tangerine technology is at the heart of everything we do. We have redefined what digital banking is, and we continue to evolve to tackle any opportunity and face every challenge through progressive technology and the power of collaboration. Do you like new challenges? Are you ready to reach new heights in your career and become part of an established disruptor? If so, come join us and help redefine the Canadian banking landscape! What you will be doing: Reporting to the Sr. manager, this role focuses on IT Governance, Audit and Compliance, within Tangerine IT Risk Management Team, led by the director. Tangerine IT Risk Management team plays an important role in the Bank’s Three Lines of Defense Framework, providing First Line of Defense for Tangerine and the Bank for all technology risk domains, including Cyber Security, Data Privacy, Software Currency, Disaster and Backup Recovery, Third Party Management, and Audit and Regulatory issue remediation. There are many exciting opportunities to grow in the areas of risk management, business technology development and work with many cross-functional teams within the Bank. The IT Risk Management team has dual reporting line structure to report to both VP, Scotiabank Internal Control &Regulatory Management and VP, Tangerine IT. As the role to support on IT governance, audit, and compliance, we follow Scotiabank and Tangerine enterprise risk and IT risk management governance and framework to work on IT risk management and work with IT audit. We are on "IB risk owners' support" in the IT risk management family. Our primary objective is to ensure to meet the audit effectiveness rate and clearance rate. We primarily work with IA risk owners and 3rd line auditors both internal and external, and same time, we work with business line ORM (Operational Risk Management), 2nd line GRM (Global Risk Management), and other IB risk supports as well. We support assurance activities on information technology risk, and Information & cybersecurity risk. We also provide risk advisory services on control assessment and operations. The role of IT Audit Advisory is focused on four key functions: IT Audit Support, audit testing and control assessment - Support (directly) all and a variety of Audit activities in the bank throughout the year, from both internal and external parties, including but not limited to technology domains, processes, cybersecurity, SOX (ITPC, ITAC, GITC), Interac etc.
- Support Tangerine business audits having technology involved in the business processes and operations.
- Support global audit having Tangerine as part of the global operations.
- Support Scotiabank technology audits when Tangerine technology is part of the integration.
- Support Attestation activities – ICOFR, CPF IT, Interac ACP, technology recovery plan update etc.
- Ensure to meet audit effectiveness rate and clearance rate.
- Analyze and control testing/assess the accuracy, completeness, relevance, and timeliness of voluminous and varied audit evidence - documents, design, implementation, and operation, using technology knowledge and risk assessment methodology.
- Be able to understand accurately and exactly the audit requirements, reporting and other documents, and communicate/clarify to the control owners to their complete and exact understanding.
- Ability to discuss design, implementation, operation, and their processes of a variety of technology domains with SME and control owners.
- Ability to discuss and negotiate with auditors on audit scopes, timelines, or decisions.
- Ability to host and facilitate audit meetings for different purposes, good at driving the discussion direction and content live.
- Being an effective bridge to connect auditors with control owners on all matters efficiently - needs, feedback, challenge, and even complaints.
- Communicate effectively with all levels of stakeholders on relevant information - auditors, business, Sr. management and technology Savvy.
- Prepare bi-weekly or month reporting.
- Update timely the team’s confluence space.
- Consistently acting as a project manager to manage audit activities life cycle - commencement, plan, Field work, dispute, reporting, issues follow-up.
- Stay vigilant and current for audit plans and transform to our own plans in details.
- Support control owners to self-identify issues.
- Timely and accurately identify control owners, deliver RFIs, track RFIs completion status, submit the RFIs
- Timely track and record all activities in confluence and shared drive.
Audit Issues Closure - Provide advice and evidence to management for final issue negotiation to be on the closure report.
- Stay vigilant on MRD (mandatory remediation date) /ERD (extended remediation date), to contact, support, organize and trace the issue owners in a timely basis to ensure issues are remediated on time and needed evidence are collected.
- Bridge up auditors and issue owners for meetings, needs, feedback, further information collection, challenge etc.
- Analyze and control assess the closure evidence; write and submit closure package with proper approval acquired.
- Continue track the submitted package till it’s closed by the auditors.
- Record timely issue remediation status on team’s confluence space and generate reports when required.
- On-going monitor and track issues raised by Internal Audit, assist risk owners to ensure remediation is completed within pre-defined timelines and risk is addressed appropriately.
IT Compliance analysis and reporting - Maintain Tangerine’s IT KPIs and KRIs within risk appetite for audit.
- Report to Internal control team, BNS GRM team, BNS ICRM team for the different reports required.
- Lead engagement with Tangerine’s 2nd and 3rd Line of Defense function to influence the focus, scope, and criteria for the testing of the Bank’s IT risk capabilities.
IT Risk Advisory - Provide direction to Tangerine’s functional teams to build their capability to identify, assess, mitigate, and monitor risks associated with their use of information and IT systems.
- Oversee IT security risks and controls associated with IT Operations and Cloud domain. Where require, offer direction for the assessment, treatment and monitoring of risks, and inclusion of appropriate contractual security terms and conditions.
- Analyze and respond to risk assessment requests assigned to IT Risk Team.
- Lead advocacy and build positive culture for the management of IT and security risks. Deliver ongoing counsel to risk owners to create IT risk awareness and acumen, communicating the business value of security and IT risk management practices.
Do you have the skills that will enable you to succeed in this role? We'd love to work with you if you have: - Must have university bachelor’s degree on Science, Technology, or Engineering, preferable computer science, information technology and engineering related.
- Must have 8+ years’ comprehensive hands-on experience in information technology operations (eg. windows/linux, IAM, network, applications, database, cloud and/or etc,), cyber security, risk management, audit, or IT governance role and demonstrated solid achievements.
- Must have strong comprehensive knowledge and experience on technology control assessment, technology audit or assurance, threat risk assessment, and/or risk management.
- Solid knowledge on both business and technology in banking industry, exposing to the relevant policies, frameworks, standards, and controls in day-to-day work.
- Must have experience on data/evidence collecting, transformation, review, analysis, reporting, and archive – Good at Excel, Confluence, Sharepoint, Word and PowerPoint
- Must be result driven, and consistently shows accountability and initiative.
- Must be super detail oriented with strong understanding ability, able to read to understand the exact requirement and meanings of words, lines, and paragraphs.
- Must have strong logic thinking and analysis ability to assess qualification and quality on data, evidence, and documents.
- Must be great on time management – manage to target on deadlines of multi-audit tasks simultaneously, very responsive, and agile on requirements, response, feedback with emails, meetings, etc., with sense of urgency and priority.
- Must be very organized by nature to be able to organize data, evidence, trackers, emails etc. for easy location and search.
- Strong communication and collaboration skills with all levels in the bank and with external parties
- Self-driven and fast learner, work independently at a fast-paced environment; has curiosity to learn, adaptable to changing situation.
- Audit, Audit supporting, control assessment & assurance experience is preferable.
Certifications Preferred: CISA, CRISC, CISSP, CCSP, ITIL, PMP What's in it for you? - You will be part of a diverse and inclusive team of Client-focused go-getters looking to learn from each other in an environment that celebrates and recognizes success!
- You will have access to thousands of online and in person courses so you can shape your career growth with the support from diverse industry leaders.
- You will get our help to save for your future and to invest in your total wellbeing through our Tangerine benefits*.
- You belong here, we are equal and un-complicated. Bring your true self to work, dress codes don’t apply here.
- You will enjoy workspace flexibility and all the excitement that comes from working at the official Bank of the Toronto Raptors.
*Tangerine employees participate in Scotiabank’s pension & benefits programs (available to permanent employees) Location(s): Canada : Ontario : Toronto At Tangerine we value the unique skills and experiences each individual brings to the team, and are committed to creating and maintaining an inclusive and accessible environment. If you require accommodation during the recruitment and selection process, please let our Recruitment team know. |