IT, Infosec and Cyber Auditor – IT Auditor

Permanent contract|Montreal|Audit / Control / Quality

IT, Infosec and Cyber Auditor – IT Auditor

Montreal, Canada Permanent contract Audit / Control / Quality


The Control Testing team within the AMER Region of Société Générale (“SG) operates as part of the 2nd Line of Defense within a “Three Lines of Defense” model and is a key component of the SG’s risk management program. 

The Control Testing team performs risk-based independent testing of controls related to the management of compliance and operational risks across business lines, support units (i.e., compliance, information technology, operations, human resources, data office, etc.) and legal entities.   The primary objective of the testing is to evaluate internal controls, policies and procedures to assess whether they are reasonably designed and in the case of transaction testing, that controls are working as intended to ensure SG activities comply with applicable Laws, Rules and Regulations and that the firm's operational risks are appropriately mitigated.

Day-to-Day Responsibilities:

The candidate will report to an experienced testing manger and will be responsible for leading reviews as part of the Annual Control Plan focused speficically on Information Technology, Infosec and Cyber risks. The candidate will be responsible to:

  • Conduct business process and control walkthroughs and gather information to understand the context, risks and intended control operation to be tested.
  • Scope, plan and execute technology and compliance control audits with the following focus areas:
    • Design and execute tests to validate application system controls, which may require data analysis, code inspection and re-performance of system processes.
    • Analyse the design of controls around the underlying system architecture in the context of information technology controls such as security, availability and performance and their impact on business-aligned technology groups.
    • Analyse the business and technology processes to evaluate the effectiveness of the relevant technology controls.
    • Validate that system features meet business, technology and regulatory requirements.
  • Identify issues through testing, ensuring that appropriate action plans are being developed by the business to correct the deficiencies noted.
  • Discuss results and findings with relevant stakeholders including the business or function being tested.
  • Document review work and develop final testing reports to document and formally communicate testing results to stakeholders.
  • Validate that the business has completed the agreed upon action plans by the due date.
  • Maintain regular engagement and provide feedback to key stakeholders within Compliance, Risk and Business units.
  • Assist the audit manager with development of the annual risk based Testing Plan.

Profile required


  • Understand and apply Audit methodology and various techniques to perform controls based audits.
  • Apply knowledge and experience in auditing general and application controls across a variety of technologies and platform using IS industry standards and best practices
  • Apply a broad and comprehensive understanding of high-risk IS/cyber areas including identity and access management, data protection, encryption, firewall security, instruction detection and prevention systems and insider threat.
  • Audit non-technical areas including IT governance, project management and systems development.
  • Audit experience covering cloud-based infrastructure is a plus, but not required
  • Synthesize data and observations into findings and effectively present and communicate conclusions in writing and orally.
  • Analyze complex sets of data using Excel, Access, VBA and other advanced scripting and analytical tools that help operate and visualize data.
  • Undsertand Investment Banking and Broker Dealer related risks and regulations
  • Apply strong analytical, problem-solving and organizational skills, handle multiple, simultaneous, and various ad-hoc requests.
  • Exercise strong attention to detail; ability to work independently; prioritize and work in a dynamic, deadline-focused environment.
  • Work collaboratively within a complex organization, across multiple cultures, geographies and disciplines; strong interpersonal and written/verbal communication skills.

Technical Skills & Knowledge:

  • Experience and application of industry standard technology frameworks and regulations such as NIST, FFIEC, ISO, GDPR, NYSDFS, FISMA etc.
  • Experience with various data analytics and data management tools
    • Scripting tools:  Python, VBA
    • Relational data tools:  T-SQL, PL/SQL
    • Data Visualization tools:  PowerBI, Microstrategy, Spotfire
  • Expertise with Microsoft Word, Excel, and PowerPoint
  • Excellent writing skills
  • Securities licenses a plus

Prior work experience:

  • 7-11 years of working experience within the Financial Services industry or equivalent environment
  • 3-5 years performing audits of systems, physical, logical, or cyber security in a technical environment using generally accepted auditing standards consistent with internal control frameworks.
  • General knowledge of applicable regulatory requirements and expectations related to investment banking and broker–dealer activities. 
  • AML experience a plus.

Qualifications (Experience, Education, Languages):

  • B.A./B.S in Computer Science, Information Security, Engineering or equivalent discipline
  • Relevant IT audit certifications are a plus, such as:
    • Systems Auditor (CISA) a plus
    • Certified Information System Security Professional (CISSP)
    • Certified Public Accountant (CPA)
    • Certified Internal Auditor (CIA)
  • English languare proficiencies, French speaking a plus

Business insight

At Societe Generale, we live by our 4 core values of commitment, responsibility, team spirit, innovation. These four values are centered around our clients. We are engaged and demonstrate consideration for others. We act ethically and with courage. We focus our talent and energy on collective success. And we work to increase our impact on clients.

We are an equal opportunities employer and we are proud to make diversity a strength for our company. Societe Generale is committed to recognizing and promoting all talents, regardless of their beliefs, age, disability, parental status, ethnic origin, nationality, gender identity, sexual orientation, membership of a political, religious, trade union or minority organisation, or any other characteristic that could be subject to discrimination.

Reference: 2200012I
Starting date: 2022/03/21
Publication date: 2022/01/11