Job Description

Pay rate range - $30/hr. to $33/hr. on W2
Hybrid o 3 days in office

:

Purpose

The Intermediate Control Tester helps maintain and strengthen an effective internal control framework within the Procurement Line of Business--Global Third Party Risk Management, Sourcing, Supplier Relationship Management, Procurement Operations, and Accounts Payable--by performing quarterly PRC (Process, Risk, Controls) monitoring and testing.


The role combines a risk-based IT audit approach aligned to the CISA job practice domains with project management discipline to ensure controls are well designed, operating effectively, and reported on reliably.

Main responsibilities/Day to day:

Perform design and operating effectiveness testing of Procurement controls in accordance with the Monitoring & Testing Handbook; identify testing populations and select statistically sound samples; document procedures, evidence, and conclusions.

Conduct control walkthroughs with stakeholders across Procurement functions to validate process understanding and control design; review internal operating procedures for alignment with control objectives. Apply risk-based audit planning and execution, including sampling methodology, audit evidence collection techniques, audit data analytics, and clear reporting and communication of results to stakeholders. Test IT Automated controls and project management related controls Assess IT-related control dependencies (e.g., IT governance, vendor/third-party management, data governance and classification) that impact Procurement controls and third-party risk oversight. Execute risk-based IT testing, including general IT controls, application controls, and cybersecurity assessments, across on-premise and cloud environments. Evaluate data management practices, including data classification, protection, privacy controls, and overall data lifecycle management to safeguard sensitive information Plan and manage testing activities, schedules, and deliverables using PMP domain practices--People, Process, Business Environment--including stakeholder engagement, communications, risk management, and benefits/value alignment. Assist the Senior Manager with periodic reporting, governance meeting materials, and status updates, ensuring clarity of results, remediation actions, and timelines. Support consistency, transparency, and accuracy of the internal control governance framework across Procurement; identify emerging issues and recommend enhancements to controls and testing approaches. Contribute input to operational programs supporting risk/control frameworks (e.g., COSO/COBIT/SOX methods and testing standards).

Competencies

Risk-based audit planning and execution, including audit standards, sampling methodology, and evidence collection; quality assurance of audit process. IT governance and vendor/third-party management understanding to evaluate control effectiveness across IT automated controls People domain: stakeholder engagement, team leadership, conflict management, and communication. Process domain: planning and managing scope, schedule, quality, risks, procurement, and change to deliver testing outcomes with urgency and value. Business Environment domain: alignment to compliance, benefits/value realization, and responsiveness to external changes impacting Procurement controls.

Must Have

Post-secondary degree in Business, Finance, Accounting, Information Systems, or related field; 3+ years of relevant experience (internal controls testing, risk management, preferably audit, or compliance). Strong analytical, sampling, and audit data analytics skills; excellent written and verbal communication; influence and collaboration skills across cross-functional teams; ability to manage ambiguity in a dynamic environment. Data-driven decision-making capabilities.

Nice to Have

Working knowledge of risk policy and control frameworks (e.g., SOX 404, COSO, COBIT) and banking/regulatory environments.


Financial Industry experience