We are hiring for this position out of our Toronto office. Successful candidates who apply outside of these areas will be expected to relocate and reside in a location that is within a commutable distance. 

About the role: 

The Senior IT Auditor is responsible for planning, executing, and reporting on risk-based technology audits across Peoples. The role provides independent assurance over the design and operating effectiveness of information technology controls, cybersecurity practices, technology governance, data management, change management, third-party technology arrangements, and resilience capabilities. The Senior IT Auditor works closely with business, technology, risk management, compliance, and internal audit stakeholders to identify control gaps, assess technology and cyber risks, and support timely remediation in alignment with internal audit standards, enterprise risk management practices, and applicable Canadian regulatory expectations.

The role requires awareness of the expectations applicable to Peoples, including guidance and supervisory expectations issued by the Office of the Superintendent of Financial Institutions (OSFI). Relevant areas include technology and cyber risk management, third-party risk management, operational resilience, incident reporting, data protection, governance, and internal control effectiveness. The Senior IT Auditor should also understand how technology risks can affect prudential safety and soundness, customer outcomes, regulatory compliance, operational continuity, and reputational risk.

The Senior IT Auditor will report to the Assistant Vice President, Corporate Services and IT  Internal Audits. The role regularly interacts with technology leaders, cybersecurity teams, business process owners, enterprise risk management, compliance, privacy, third-party risk management, external auditors, and senior management.

About the day-to-day:  

• Lead and execute technology-focused audits in accordance with the approved internal audit plan, internal audit methodology, and professional standards.
• Assess IT general controls (ITGC), including access management, change management, computer operations, backup and recovery, incident management, job scheduling, logging and monitoring, and segregation of duties.
• Evaluate cybersecurity controls across areas such as identity and access management, vulnerability management, endpoint protection, network security, security monitoring, data loss prevention, incident response, and cyber resilience.
• Review technology governance practices, including IT strategy alignment, technology risk management, policy frameworks, risk appetite measures, control ownership, issue management, and management reporting.
• Assess controls over critical applications, infrastructure, databases, cloud environments, system development life cycle activities, DevSecOps practices, and technology projects.
• Evaluate controls over third-party and outsourcing arrangements involving technology services, including due diligence, contracting, ongoing monitoring, service level management, resilience, and exit planning.
• Perform audit planning activities, including inherent risk assessments, process walkthroughs, audit scope development, control identification, testing strategies, and audit program preparation.
• Conduct audit fieldwork, document workpapers, evaluate evidence, identify root causes, and develop clear, practical, and risk-focused audit observations.
• Prepare and present audit findings, ratings, recommendations, and reports for technology management, business stakeholders, senior leadership, and audit committees as required.
• Monitor and validate management action plans to confirm timely and effective remediation of audit issues.
• Support continuous auditing, data analytics, and automation initiatives to enhance audit coverage and identify emerging technology and cyber risks.
• Contribute to annual audit planning by providing insight into technology risk trends, regulatory developments, business changes, incidents, and control environment themes.
• Provide coaching, guidance, and quality review support to junior auditors and cross-functional audit team members.

About the qualifications: 

• University degree or college diploma in information systems, computer science, cybersecurity, accounting, business, risk management, or a related discipline.
• Three or more years of experience in IT audit, technology risk management, cybersecurity, internal audit, external audit, or technology controls within financial services or another highly regulated environment.
• Experience auditing ITGC, cybersecurity controls, application controls, infrastructure, cloud services, technology projects, and third-party technology providers.
• Knowledge of internal audit standards and technology control frameworks such as IIA Standards, COBIT, NIST Cybersecurity Framework, ISO/IEC 27001, ITIL, and relevant privacy and security practices.
• Professional certification such as CISA is strongly preferred. CIA, CISSP, CISM, CRISC, CPA, or similar designations are considered assets.
• Strong understanding of technology risk, cyber risk, operational risk, regulatory compliance, governance, and internal control principles.
• Experience with audit management tools, data analytics, control testing techniques, and workpaper documentation standards.

Key Competencies:

• Strong risk assessment, critical thinking, problem-solving, and analytical skills.
• Ability to translate complex technology and cybersecurity concepts into clear, business-relevant audit findings.
• Excellent written and verbal communication skills, including the ability to prepare concise audit reports and present findings to stakeholders.
• Sound professional judgment, independence, objectivity, and attention to detail.
• Ability to manage multiple audits, deadlines, stakeholder expectations, and competing priorities.
• Strong relationship-building skills and the ability to challenge constructively while maintaining effective working relationships.
• Curiosity and commitment to continuous learning in emerging areas such as cloud security, artificial intelligence, automation, data governance, digital transformation, and cyber resilience.

About us:  

Peoples Group is a trusted financial services company for the innovators at the forefront of Canada’s economic future. With offices in Vancouver, Calgary and Toronto, we are driving change by working alongside challenger banks, fintechs, brokers, and merchants to foster a dynamic and competitive financial ecosystem. 

Our culture is built on four core behaviors: Grit to Grow, Connect to Collaborate, Putting Clients First, and Owning the Outcome. We believe people do not simply choose a company to work for—they choose a company that makes a positive impact in the lives of Canadians. Above all, we value people, build meaningful relationships, focus on individual strengths, and approach our work with passion. 

About the work environment: 

Peoples Group offers a flexible and hybrid work environment. In this role you will work a combination of in-office and remotely from home. Typically, you'll be working regular business hours, Monday to Friday between 8:00am and 4:30pm with flexibility around start/end times. 

We offer: 

• A hybrid work environment, enabling you to balance your personal and professional life seamlessly. 

• Competitive salaries, profit sharing, RRSP matching and benefits from day one. 

• Generous paid time off to help achieve a healthy work-life balance. 

• A strengths-based approach, ensuring we work together more effectively. 

• A commitment to your well-being in five key areas: Financial, Physical, Social, Career, and Community. 

Hiring process:  

If your application is selected, you will be invited for a first interview with one of our Talent Acquisition Business Partners. Depending on the role, interviews may be conducted virtually or in-person. The hiring team will communicate any in-person requirements throughout the process. 

Compensation:  

The expected salary for this role is approximately $60,000.00 - $75,000.00 annually. Actual compensation may vary based on experience, skills, and qualifications. 

NOTE: This job posting is for an existing vacancy. Peoples Group is an Equal Employment Opportunity employer. Please accept our utmost appreciation for your interest; however, only those applicants under consideration will be contacted.  

We value and celebrate individuality while fostering an inclusive workplace for everyone. If there's any way we can support or accommodate you during the selection process, please don't hesitate to let us know.