Senior Internal Auditor - IT Risk & Advisory

Senior Internal Auditor - IT Risk & Advisory

Take a central role

The Bank of Canada has a vision to be a leading central bank—dynamic, engaged and trusted—committed to a better Canada. No other employer in the country offers you the unique opportunity to work at the very center of Canada’s economy, in an organization with significant impact on the economic and financial well-being of all Canadians. You will be challenged, energized and motivated to excel in our environment. 

Building on the principles that have always guided us – excellence, integrity and respect – we strive to be forward-looking and innovative, to welcome people with diverse perspectives and talents, and to earn trust by living up to our commitments and by clearly explaining the intent of our policies and actions.  

With our defined-benefit pension plan, benefits, and high flexibility for work life balance - find out more about why we are annually ranked as one of Canada's top employers:  Working Here - Bank of Canada

 

Find out more about the next steps in our Recruitment process. 

 

What you will do 
As a Senior Internal Auditor in the Audit Department, you support management and the Board of Directors by performing independent and objective assessments of the appropriateness and effectiveness of the Bank’s risk management, internal controls, and governance processes.

 

In doing so, you contribute directly to the resilience and trust in Canada’s central bank, working on audits that matter to the Bank’s most critical operations and technology platforms. This role offers exposure to enterprise-scale IT environments and collaboration with stakeholders across the organisation.

 

This role is primarily focused on auditing information technology and technology-enabled processes that support the Bank’s critical operations. This includes assessing the design and operating effectiveness of IT general controls, application controls, and key technology platforms, with particular attention to security, confidentiality, integrity, and availability of information.

 

In addition, you will:

• develop and maintain proactive and collaborative relationships with internal and external stakeholders, understanding their objectives and risk exposures and supporting constructive, value adding audit outcomes
• develop engagement objectives, scope and audit programs, based on an understanding of business conditions and how key systems support critical processes.
• perform a sound preliminary risk and control assessment, in line with direction provided by Audit management.
• apply a variety of audit practices, including IT control testing and technology risk assessments, to obtain sufficient and appropriate audit evidence, and use strong judgment and business knowledge to identify causes and formulate recommendations to improve risk‑management, control, and governance processes
• use data analytics and/or visualization techniques, where appropriate, to enhance audit insights and communication
• plan and prepare audit communications with input from senior colleagues, including briefing decks and/or dashboards (where appropriate), audit reports and recommendations to strengthen internal controls as well as deliver audit results to various audiences
• proactively monitor and acquire knowledge of external trends such as emerging technologies and risks, as well as audit practices, communicating how they affect the Bank and identifying opportunities for continuous improvement of audit products and services
• contribute to ongoing quality assurance and continuous improvement practices within the Audit team, including refining audit methodologies, templates, and ways of working to enhance consistency, efficiency, and value to stakeholders

 

What you need to succeed
The strengths that make someone successful in this role can show up in different ways. We value strong foundations, professional judgement, curiosity, and a willingness to learn. 

You have experience in internal control and/or risk analysis, including identifying control objectives and corresponding control procedures that reduce the likelihood and consequences of risk to strategic and operational objectives. You have experience leading or executing audits (planning, fieldwork, reporting) and/or experience conducting analysis, identifying root causes and developing practical recommendations to strengthen IT risk management, controls, and governance.

You have good knowledge of internal control frameworks (COSO, COBIT, NIST, ISO, CIS, etc.). You also have experience in internal control practices for IT/cybersecurity audits, IT general control testing and/or application controls testing.

You are driven to achieve results and ensure timely delivery of high-quality projects and services. You demonstrate excellence, critical thinking and you look for ways to improve and increase efficiency. You have in depth analytical skills, being able to conceptualize and solve problems as they arise. You have good project management, communication and relationship management skills. You are comfortable with managing simultaneous deliverables and working on multiple assignments concurrently.

 

Assets / Nice-to-have 

• An internal auditing designation (CIA) or another recognized professional designation in accounting (e.g., CPA), information technology (CISA, CGEIT), security (CISSP) or risk management (CRM), would be considered an asset;
• An understanding of the Bank’s functions, its governance and administrative framework, as well as its risk-management and control practices
• Experience in:
  • in-depth IT and cyber controls for enterprise applications and platforms, including identity and access management, change management, configuration management, logging and monitoring, data protection, and interfaces supporting critical business processes;
    using AI Large Language Models (LLMs) to conduct audit work and support day-to-day tasks in a responsible and practical manner;
  • using computer-assisted audit techniques, data analytics, data visualisation (e.g Power BI, IDEA);
  • assessing or managing risks and controls in a complex IT environment, including enterprise systems that are either managed on-prem or in the cloud (i.e., IaaS, PaaS, SaaS); 

 

Your education and experience
The position requires a relevant university degree and a minimum of three years of recent and relevant work experience, with demonstrated progression in responsibility, judgement and complexity of work in compliance, audit, and/or Information Technology & Cyber Security. An equivalent combination of education and experience will be considered.

 

Innovative Mindset
We value candidates who demonstrate adaptability, curiosity, and a willingness to learn new technologies, including AI and digital tools. We seek individuals who can think critically about data, question existing processes, and find ways to simplify our work while embracing change and new ways of doing things. 

 

Language requirement
The Bank’s work environment is conducive to the use of both of Canada’s official languages - English and French.  The position language requirement is Level 5 (Fully Functional).  If a qualified candidate who meets the language requirement of the position is not found, a qualified candidate who does not meet the language requirement may be considered. Training may be provided to help reach the required level.  Both bilingual and unilingual candidates are encouraged to apply. 

 

What you need to know

• Priority will be given to Canadian citizens and permanent residents
• Security level required: Be eligible to obtain Secret 
• Relocation assistance may be provided, if required
• Please save a copy of the job poster. Once the closing date has passed, it will no longer be available.
• The official title for this position is “Senior Internal Auditor ” 

 

Hybrid Work Model

The Bank offers work arrangements that provide employees with flexibility, enable high-performing teams, and support an excellent workplace culture. Most employees can telework from home for a portion of each month as part of the Bank’s hybrid work model, and they are expected on site at the Bank location a minimum of 12 days per month to help build connections between colleagues. You must live in Canada, and within reasonable commuting distance of the office. 

 

What you can expect from us
This is a great opportunity to join a leading organization and be part of a high-performing team. We offer a competitive compensation and benefits package designed to meet your needs at every stage of your life and career. For more information on key benefits please visit A great deal to consider. 

 

• Salaries are based on qualifications and experience and typically range from $94,193 to $110,816 (job grade 16)
• The Bank offers an incentive for successfully meeting expectations at  5 to 7% of your base salary. The Bank offers additional performance pay (3%) for those who exceed expectations. Exceptional performers who far exceed expectations may be eligible for higher performance pay.
• Flexible and comprehensive benefits so you can choose the level of health, dental disability and life and/or accident insurance coverage that meets your needs
• Extra vacation days (up to five each year) that you can purchase to add to your vacation entitlement
• Indexed, defined-benefit pension

 

We wish to thank all applicants for their interest and effort in applying for this position. Only candidates selected for interviews will be contacted.