Manager, IT Audit

The Audit and Financial Investigations Branch (Branch) works collaboratively with internal branches and external stakeholders to support effective regulatory risk management and strengthen regulatory outcomes. The Branch conducts risk-based audits and reviews across all regulated sectors, provides strategic advice and insights to internal partners, and delivers objective, reliable findings that support informed regulatory responses.   The Branch is seeking a driven and strategic Manager, IT Audit (Manager) to lead and oversee the IT Audit Unit. The unit delivers complex, risk-based IT audits across regulated sectors, supporting the Branch’s broader mandate of strengthening regulatory risk management and assurance outcomes. Reporting to the Senior Manager, Audit Services, the Manager provides oversight of both planned and ad hoc audit activities, engaging a range of internal and external stakeholders to ensure effective delivery. It is also accountable for managing externally procured audit, cybersecurity, and forensic investigation service providers to support high-quality and independent assurance work.   What You Will Do: Lead and manage the IT Audit Unit within the Audit and Financial Investigations Branch, ensuring delivery of high-quality, risk-based IT audit services across regulated sectors. Lead, in partnership with the Senior Manager, the development and execution of the annual risk-based IT audit strategy and audit plan covering all sectors. Oversee the planning, prioritization, and delivery of both planned and ad hoc IT audit assignments, ensuring alignment with evolving risk profiles and regulatory priorities. Supervise audit execution and project management activities, including assignment of work, review of audit activities, and oversight of complex and high-profile engagements. Review, refine, and approve audit reports to ensure accuracy, clarity, completeness, and appropriate tailoring for senior internal and external audiences, including executives. Present audit findings, issues, and recommendations to senior management and executive stakeholders, including support for board-level reporting in partnership with senior leadership. Develop and maintain strong stakeholder relationships across internal business units and external regulated entities to ensure effective audit execution, alignment on regulatory expectations, and acceptance of findings. Manage externally procured audit, cybersecurity, and forensic investigation service providers, ensuring quality, consistency, and effective delivery of specialized assurance work. Oversee follow-up processes, including review of management responses and tracking of remediation actions to ensure timely mitigation of identified regulatory and control risks. Provide leadership, coaching, and performance management to IT audit staff, including hiring, development planning, training, and ongoing performance oversight aligned with Branch objectives. Contribute to continuous improvement of audit methodologies, practices, and risk frameworks, while promoting a strong risk culture and supporting enterprise risk management initiatives across the organization. You Have:  Post-secondary education in Computer Science, Engineering, Business, or a related field, or an equivalent combination of education and relevant experience. Professional designation such as CPA, CISA, or an equivalent recognized designation, or a combination of equivalent education and experience. A minimum of 6–8 years of internal or external audit experience, preferably within regulatory or complex operational environments, including at least 3 years in a supervisory or leadership capacity. Strong expertise in IT audit practices, including cybersecurity frameworks (e.g., ISO 27001, NIST CSF), IT governance frameworks (e.g., COBIT, ITIL), systems development life cycle (SDLC), cloud security, and recognized internal audit standards (IIA, ISACA, COSO). Demonstrated experience leading or conducting risk assessments of complex IT environments, internal controls, and operational processes. In-depth knowledge of regulated gaming systems, including iGaming platforms and Ontario’s regulated gaming environment (land-based gaming, internet gaming, lottery, horse racing, charitable gaming, electronic raffle (50/50), and cannabis). Strong understanding of applicable Ontario gaming legislation, regulatory standards, and policy frameworks, including the Gaming Control Act and Registrar’s Standards. Experience with audit and project management methodologies, including managing multiple concurrent audits and contributing to annual audit or assurance planning. Strong understanding of Ontario’s gaming regulatory ecosystem, including key industry stakeholders such as iGaming Ontario (iGO) and the Ontario Lottery and Gaming Corporation (OLG), and their relationship with the regulator. Eligibility to work in Canada and the ability to successfully complete a criminal background check. Nice to Have: Knowledge of corporate governance frameworks and applicable legislation, including the Ontario Corporations Act and related regulatory instruments. Understanding of the AGCO’s mandate, strategic priorities, and organizational structure. Broader knowledge of gaming and related sectors, including land-based gaming, iGaming, horse racing, and cannabis retail operations in Ontario. Ability to interpret and assess financial statements within a regulated gaming or audit context.