Overview

Senior Analyst, IT Controls Testing Jobs in Penetanguishene, Canada at BMO

Title: Senior Analyst, IT Controls Testing

Company: BMO

Location: Penetanguishene, Canada

Category:

  • Test patch management controls, including timely identification, prioritization, testing, deployment of patches, and validation of patch compliance reporting, exception handling, and remediation activities.
  • Evaluate incident management controls covering detection, response, escalation, documentation, severity classification, root‑cause analysis, and communication practices.
  • Assess asset management processes/ controls for identifying, classifying, tracking, and reconciling technology assets; validate CMDB and inventory accuracy and completeness.
  • Test platform and database security controls including authentication, access, backup, logging, configuration management, privileged access, segregation of duties, encryption, and baseline adherence.
  • Assess container governance and security including orchestration, image scanning, RBAC, network isolation, configuration hardening, and lifecycle processes/ controls (build, deploy, patch, retire).
  • Perform controls testing across cloud environments (IaaS/PaaS/SaaS) focusing on identity, data security, configuration management, monitoring, baseline compliance, provisioning, access, etc.
  • Test change management processes including planning, approval, testing, scheduling, implementation, documentation, segregation of duties, and emergency change compliance.
  • Evaluate data governance controls related to classification, handling, retention, protection, integrity, lifecycle management, stewardship responsibilities, and data quality practices.
  • Test software asset management controls include license tracking, entitlement validation, deployment oversight, compliance, procurement, usage monitoring, and vendor management.
  • Assess enterprise architecture governance for alignment with standards, security patterns, reference architectures, and control checkpoints, review solution design and risk assessment outputs.
  • Test API governance and security controls covering API lifecycle, authentication, authorization, rate limiting, scanning, inventory accuracy, gateway configuration, logging, and monitoring.

Additional

Job Responsibilities

  • Execute IT controls testing using standardized methodologies, ensuring accurate, high‑quality, and well‑documented results.
  • Prepare clear and complete testing documentation including test plans, work papers, evidence, and issue writeups.
  • Analyze root causes of identified issues and communicate findings effectively to stakeholders.
  • Produce high‑quality deliverables such as reports and status updates.
  • Build strong relationships with technology, audit, compliance, and business partners to support testing activities.
  • Provide clear and constructive feedback on control gaps, risks, and improvement opportunities.
  • Apply strong analytical, problem‑solving, and critical‑thinking skills throughout testing engagements.
  • Manage time and priorities effectively to meet deadlines and engagement expectations.
  • Take ownership of deliverables and work independently with minimal supervision.
  • Contribute to CTU projects, process improvements, and ad‑hoc initiatives.

Qualifications

  • Bachelor’s degree in IT, Computer Science, Engineering, or equivalent experience.
  • Certifications such as CISA, CISM, CDPSE, CISSP, or CPA are considered an asset.
  • 3‑4 years of IT controls testing experience (ITGC, SOX, Cloud Platforms, Container Management, etc).
  • Strong understanding of IT risk and control frameworks (e.g., COBIT, ITIL, ISO 27001, COSO, NIST, PCI DSS).
  • Experience in banking or financial services is preferred

Additional information

Investigates and identifies strategies to optimize business operations and services, and inform business decisions. Defines business requirements to inform technology build and operations by sourcing and analyzing relevant data, reviewing and documenting business processes and collaborating with business stakeholders. Sources business and market data to evaluate the effect of projects on business results. Also assesses the efficiency and the performance of technology (software, hardware and the wider IT system) to deliver expected business results.

Identifies and analyzes malfunctions, system workflow, and troubleshoots issues…

 

Apply

Upload your CV/resume or any other relevant file. Max. file size: 800 MB.