Sr. Manager, IT Audit Programs [P4]

Why you’ll love working here:

• high-performance, people-focused culture

• our commitment that equity, diversity, and inclusion are fundamental to our work environment and business success, which helps employees feel valued and empowered to be their authentic selves

• learning and development initiatives, including workshops, Speaker Series events and access to LinkedIn Learning, that support employees’ career growth

• membership in HOOPP’s world class defined benefit pension plan, which can serve as an important part of your retirement security

• competitive, 100% company-paid extended health and dental benefits for permanent employees, including coverage supporting our team's diversity and mental health (e.g., gender affirmation, fertility and drug treatment, psychological support benefits of $2,500 per year, parental leave top-up, and a health spending account).

• optional post-retirement health and dental benefits subsidized at 50%

• yoga classes, meditation workshops, nutritional consultations, and wellness seminars

• the opportunity to make a difference and help take care of those who care for us, by providing a financially secure retirement for Ontario healthcare workers

Job Summary:

The Senior Manager, IT Audit Programs plays an integral role within the Technology Risk and Resilience team of HOOPP’s IT Project Management Office and Governance (“PMO&G”) Group. PMO&G is one of six groups within the Information Technology (“IT”) Division of HOOPP.

The Senior Manager IT Audit Programs reports to the Sr. Director, Technology Risk & Governance and is a leader in technology audit and risk for the organization by delivering, optimizing, and maintaining HOOPP’s IT Audit and ICFR Programs (“IT Audit Programs”).  The Senior Manager is responsible for leading a team of IT risk professionals in building, remediating, and sustaining a strong internal controls environment.  This role will define and lead IT’s approach and strategy to technology audit and ICFR programs.

This role provides strategic direction, fosters collaboration, and drives innovation in audit and control practices. Key responsibilities include leading IT audits, managing internal control programs, and overseeing remediation efforts.

This role will work collaboratively with HOOPP’s IT Leadership team, Finance/ICFR, internal and external audit, and IT and infrastructure teams.

What you will do:

• Play a strategic role, provide thought leadership and subject matter expertise related to IT controls, and audit processes

• Drive the design, implementation, and advancement of HOOPP's IT Audit and ICFR programs - methodology, framework and testing approach mapped to industry best practices that define the key IT controls that are performed across IT

• Collaborate across IT teams to ensure timely and effective testing and remediation

• Act as an expert on IT Audit and ICFR programs, govern to ensure that HOOPP adheres to all applicable IT standards

• Lead the development of strategy, and associated execution roadmaps, for the IT Audit and ICFR programs that align and supports the HOOPP’s IT Technology Strategy and IT Balanced Scorecard

• Anticipate technology-related risks and recommend solutions to address emerging challenges

• Provide expert advice and direction on IT general controls, ensuring the coverage and effectiveness

• Ensure IT Audit and ICFR programs are effectively executed by collaborating with and gaining buy-in with stakeholders and leaders within IT and business teams across HOOPP

• Act as main point of contact on all external and internal audits, ensure the coordination, facilitation, tracking and reporting on audits is efficient and effective, represent the IT division in audits

• Ensure that the team of IT risk professionals is high performing, provide coaching and mentoring, help in team member growth and development

• Work closely and effectively with other leaders within various groups at HOOPP including Cybersecurity, Technology Teams, Enterprise Risk Management, Operational Risk Management, Internal and External Auditors, ICFR/Finance and Senior Executive Leaders

• Define and deliver IT audit and compliance reporting, metrics, insights, and dashboards to enable Leadership to make decisions

• Lead the audit lifecycle for IT and work with Internal and External Auditors to facilitate the audit process including the resolution of identified deficiencies (including ICFR)

• Understand and review IT and business processes (including key systems) and the related control environment to assess risk and support ongoing risk monitoring

• Facilitate the development and maintenance of process documentation on behalf of process owners

• Engage with business and technical groups to provide advisory technology risk and control subject matter knowledge in support of various lines of business

• Collaborate with technical staff including software developers, infrastructure engineers, security engineers and department leaders

• Facilitate and monitor projects to remediate vulnerabilities and other issues identified during audits and risk assessments

What you bring: ​

• 8+ years of progressive experience in IT audit, risk, compliance, or governance, with strong knowledge of change management, IT operations, and business continuity. Experience in public accounting is considered an asset

• Proven experience and success with managing IT, Internal Audit or Information Security compliance programs

• Strong understanding of risk frameworks and methodologies (e.g., ISO, COBIT, COSO, NIST)

• Experience supporting internal control programs (e.g., ICFR or SOX) in a technology environment

• Strong business acumen and understanding of current technology landscape

• Strong analytical skills with the ability to identify risks, solve problems, and communicate insights clearly

• Excellent communication skills with the ability to explain complex information to diverse audiences and build strong relationships

• Experience building collaborative relationships across teams and levels to effectively meet strategic and tactical goals

• Proven experience in systems and process controls auditing

• Ability to demonstrate expertise and contribute to thought leadership in IT risk and controls

• Demonstrated attention to detail and strong analytical thinking, with a proven track record in information systems and business process controls auditing through hands-on experience

• Experience working in a lean, fast-paced Agile organization.

• Experience collaborating with cybersecurity teams

• Familiarity with public cloud platforms (e.g., Azure, AWS) and experience with ServiceNow GRC or similar platforms

• A professional designation in a related discipline (i.e., CRISC, CGEIT, CISA, CISM, CGEIT, CISSP, CPA, CA) or equivalent experience is preferred.