Manager leading SOX and ICFR compliance at Canada's largest fintech, ensuring regulatory obligations and building a scalable compliance function.
Responsibilities
Own and manage the IT general controls (ITGCs) component of the ICFR compliance program while supporting the build out of the ITGCs & IT Application controls (ITAC) for the SOX program from the ground up, leveraging existing frameworks and controls where applicable
Partner with Finance, IT, and business stakeholders to identify and document key controls over financial reporting, ensuring controls are designed and in place ahead of audit cycles
Ensure ITGCs and ITACs supporting financial systems are properly documented and operating as intended
Serve as the primary point of contact for external auditors, coordinating evidence requests, walkthroughs, and finding remediation
Build and maintain a controls inventory with clear ownership, documentation standards, and readiness status
Work cross-functionally with control owners to ensure gaps are identified early and remediation plans are in place before audit periods
Develop and report on compliance readiness and control health to senior leadership
Drive continuous improvement in the efficiency and effectiveness of the SOX Compliance system (AuditBoard) and related technologies
Maintain current knowledge of emerging risks, industry trends, and regulatory changes relevant to the business and the audit profession
Expand ownership to include SOC 1&2, PCI DSS, and NIST compliance programs, building a unified compliance function
Lead a small team of compliance specialists, providing mentorship, prioritization, and ensuring alignment across the aforementioned compliance initiatives
Requirements
6-8 years of experience in IT audit, compliance, or security assurance, with deep expertise in SOX/ICFR compliance (preferably in financial services or fintech)
Strong understanding of COSO framework, ITGCs, ITACs, and control design principles
Experience working with external auditors on SOX engagements, particularly in a coordination or liaison capacity
Proven ability to lead and manage a team, ensuring that audit deliverables are met efficiently and on time.
Working knowledge of SOC, PCI DSS, and/or NIST frameworks is a strong asset
Proven ability to manage multiple compliance workstreams and competing priorities
Strong stakeholder management and communication skills with ability to influence across technical and non-technical teams
Experience with GRC tools and control management platforms
Self-directed professional who can build programs from the ground up and drive initiatives to completion
Relevant certifications preferred (CISA, CISSP, CPA, CIA, or equivalent)
Benefits
Top-tier health benefits and life insurance
Long-term group savings with employer match, through Wealthsimple for Business
20 vacation days, 4 wellness days, and unlimited sick and mental health days per year
90 days away: work outside Canada for up to 90 days per year
Employee resource groups, including Rainbow (2SLGBTQ), Women of WS, and Black at WS
Security Developer coordinating vulnerabilities and malware issues for the Python Software Foundation. Collaborating with teams to enhance security practices and document threat models.
Presales Security Expert supporting sales leads and educating customers on security at Fortinet. Responsible for technical resource during sales calls and post - sales training.
IAM Director managing customer - facing identity and access management security programs at RBC. Assessing risks, developing controls, and ensuring compliance with standards and regulations.
Lead AI Red Team focusing on adversarial testing and security for enterprise - scale AI systems. Collaborate with engineering and compliance to map vulnerabilities and document findings.
Intern in operational security at Investissement Québec, supporting security alert management and vulnerability tracking in a supervised learning environment.
IT Information Security Lead at Mirego, responsible for technology and information security management. Overseeing compliance and IT strategies while maintaining operational efficiency.
Cybersecurity Specialist focusing on offensive security for Exposant 3. Performing penetration testing, security audits, and team knowledge transfer in a hybrid work setup.
Financial security advisor in life and health insurance, developing and maintaining client relationships. Selling insurance products and assessing customer needs to provide personalized solutions.
Senior Security Engineer designing and maintaining Microsoft 365 security solutions at ResMed. Focusing on compliance, incident response, and collaboration with global teams.