P2 - IT Risk and Controls Testing Analyst for Randstad Technologies Group in Randstad Canada Toronto, ON - Hybrid remote work 2-3 days in the office per week (salary not disclosed) UCF

June 23, 2023 | Job Postings


  • Executing control testing that evaluates the design and operating effectiveness of company first line key controls.
  • Analyzing, aggregating, and articulating the results/issues/recommendations related to control testing activities.
  • Maintaining a thorough understanding of client Internal Controls Management Policy, control testing methodologies, and related regulatory and compliance standards.
  • Perform complex internal control monitoring and testing for Architecture, Infrastructure & IT Operations (AI&O) department across service domains (hosting, middle tier, end user, cloud, service management) adhering to an established schedule.
  • Participate in all phases of the internal control monitoring process including planning, testing, evaluating risk, identifying mitigating controls, developing conclusions, writing reports and maintaining work papers.
  • Assess residual risk within the subject specialty area to evaluate the design and effectiveness of security controls.Responsible for executing Control Assessments (i.e. Testing) that evaluate the design and operating effectiveness of AI&O’s first line.
  • Monitor all open internal control findings and issues until satisfactorily resolved. Escalate status as warranted.
  • Conduct formal follow-up to determine the adequacy and effectiveness of actions taken. Prepare reports of results for senior management.
  • Act as a liaison with 2 LOD, prepare documents, analyze, aggregate, and articulate results/issues/recommendations related to monitoring activities and regulatory exams.
  • Recommend changes and/or enhancements to policies and procedures, as well as, develop the necessary training.
  • Assist with data collection and responses for regulatory exams, internal and external audit. Partnering with internal senior management on remediation plans from exams/audits.
  • Handles special projects as assigned and liaises across interdepartmental teams on projects and deliverables related to exam/audit, monitoring, and testing findings.
  • Develop robust and scalable testing modules, scripts, and other guides including testing approach for evaluating the effectiveness of AI&O’s first line Key Controls to mitigate key risk exposures related to regulatory requirements and client risk policies and standards.
  • Support development, implementation, and continuous improvement of tools, templates, and best practices that support control testing and reporting activities.
  • Create narratives and flowcharts from walkthroughs with first line staff and management in all divisions, confirming key controls.
  • Exhibit high attention to detail in documentation of control evaluation work papers and remediation of reviewer’s commentary
  • Contribute to the articulation of results/conclusions/memos of control testing activities and communicate to key stakeholders across company


  • Minimum of 12 years’ experience in the Information/Cyber Security field.
  • Minimum of 6 years' experience in IT risk management, IT Operations and Technology domain.
  • Minimum 6 years of experience in controls testing, internal audit, quality control roles, or other complimentary capacities, preferably within the financial services industry, a public accounting firm, or with a financial institutions regulator

Nice to Have

  • Masters' degree in business, computer science or related field.
  • Preferred Certifications: CRISC - Certified in Risk and Information Systems Control, and / or CISSP - Certified Information Systems Security Professional.
  • Experience with Common Controls Hub / Unified Compliance Framework
  • Knowledge of FINRA, SEC, MSRB, FRBNY and OCC rules and regulations
  • Experience with operating in a highly matrixed environment. Demonstrated ability to adapt to changes in business needs, strategy, and priorities.
  • Strong critical thinking, problem-solving and creative skills. Excellent communication and interpersonal skills. Including a strong ability to create positive and professional business relationships with internal clients.
  • Strong knowledge of rules, regulations and compliance requirements for the financial services industry concerning hybrid cloud and multiple technology domains specific to the areas of oversight.

To Apply: