Under the direction of the GITRM Audit and Compliance Director, the Audit and Compliance Officer provides support to the Audit & Compliance function within GITRM.  The role supports the GITRM Audit practice and ensures compliance with Information Security and IT Risk Management related requirements. The Audit & Compliance Officer is accountable to ensure that GITRM has a sound Audit framework which supports favorable audit outcomes. The Audit & Compliance Officer works directly with the Audit & Compliance team as well as other areas within GITRM (including Information & Technology Risk, Supplier Assessments, Information Security Operations, Information Risk and Technology Risk Corporate Support Areas), as well as other areas as needed in the effective support and delivery of GITRM Audits and Exams.


  • Supports Internal and External Audit activities across assigned GITRM portfolios
  • Oversees and reviews pre-audit activities such as the completion of a Statement of Disclosure, and Pull List activities by engaging with key stakeholders.
  • Participates as GITRM in all Audit meetings for in-flight audits
  • Provides Director C&A on-going update of in-flight audit status including any issues
  • Recommends actions to respond to additional in-flight audit requests
  • Reviews and co-ordinates GITRMs position on proposed audit observations or findings and facilitates audit response
  • Tracks and reports on any audit remediation activities
  • Facilitates meetings with Audit during remediation as a means to provide status update
  • Makes recommendation to implement new audit program activities  or suggests adjusting existing programs to drive a stronger audit program
  • Review results of audits tracking any noted themes and trends that can be applied across GITRM
  • Reviews reports from risk assessments to remain informed on the type of issues that are being identified that might impact GITRM audits
  • Identify systemic issues and make recommendations to the Director, Compliance and Audit
  • Monitors completion of corrective action plans for issues identified in audits
  • Works with Remediation Leads for issue status updates on milestones and development of proof of completion packages
  • Provides first level of internal validation and effective challenge
  • Ability to influence and create sense of urgency as required
  • Prepare and provide updates as required to applicable steering committees, regulators, CSAs and risk management committees/forums
  • Participate in BMOFG committees, working groups and forums where GITRM’s audit and compliance programs require representation
  • Performs special projects as assigned


To deliver on these accountabilities, the incumbent must have the following authorities:

  • Coordinate and drive GITRM audit activities (SOD, Pull List, Remediation Tracking & Reporting)
  • Direct audit interactions and responses for assigned Audits
  • Escalation to GITRM leadership of audit concerns / identified gaps


This job requires the incumbent to interact with the following processes and/or groups:

  • GITRM 1A and 1B
  • TBCG
  • Internal Audit and Compliance
  • T&O Risk Governance



  • Possesses a university degree/college diploma in related discipline(s) or equivalent work experience, and/or 8 to 10 years experience in an information security environment preferably with knowledge of Audit and Risk Management
  • Strong knowledge and understanding of emerging technologies as they pertain to external regulatory requirements (e.g., PIPEDA, SOX, ISO, CoBIT, COSO, GLBA)
  • Advanced knowledge of industry directions and trends in Information Security Audit, Risk Management and Regulations
  • Completion of security certifications is considered an asset
  • Demonstrates solid knowledge of the standard operating platforms, system administration, network administration, development process and security process
  • Exhibits advanced knowledge of one or more security processes and technologies
  • Solid understanding of project management processes, documentation, audit and signoff authorities
  • Solid knowledge of the Bank’s Policies and Procedures in relation to Risk.


  • Possesses advanced written and verbal communication skills
  • Demonstrates advanced decision and risk analysis skills
  • Displays solid relationship management and leadership skills, working collaboratively with cross functional groups.
  • Possesses highly developed facilitation, presentation and negotiation skills
  • Is a team player who is self-motivated and goal oriented
  • Strong meeting management and facilitation skills

You can apply to this job and others using your online resume. Click the link below to submit your online resume and email your application to this employer.