Information Technology Auditor (Mercier)

Start: Early June 2026 (target) Commitment: 20 hours/week Duration: 12 months One of Millenilink’s clients in the management consulting industry is seeking a part-time IT Auditor (Technology Risk / IT Audit) to support a client engagement focused on technology risk, IT controls, and audit support work. This is a long-term, part time contract designed for a seasoned practitioner who can deliver high-quality work with minimal ramp-up. What You’ll Do - Execute technology risk and IT audit workstreams in support of internal audit and technology risk programs. - Assess and document IT General Controls (ITGCs), including SOX-aligned control design and operating effectiveness. - Perform information security assessments and controls work aligned to frameworks such as NIST CSF and ISO 27001. - Evaluate SDLC and system implementation risks, including key process, controls, and governance considerations. - Support data conversion controls review and testing (planning, execution, documentation). - Provide risk-based recommendations and clear documentation suitable for audit and stakeholder review. - Collaborate with client stakeholders across audit teams and business/operations partners in a supportive, non-adversarial culture. Required Experience & Qualifications - 4–5+ years of relevant experience in technology risk, IT audit, internal audit, or information security. - Demonstrated ITGC / SOX controls foundation (risk/control thinking, walkthroughs, testing, documentation). - Practical experience with information security controls and common security frameworks (NIST CSF, ISO 27001). - Experience assessing SDLC / systems implementation risks and controls. - Experience with data conversion controls (or adjacent implementation controls work). - Broad understanding of cloud security (high-level control domains, shared responsibility, common risk areas). - Combination of internal audit and information security background. - Consulting / Big Four experience - Ability to produce clear, audit-ready documentation and communicate findings to mixed technical/non-technical audiences. - Reliable availability and ability to commit to the full 12-month term. Nice to Have Experience Experience with legacy system risk management and end-of-life planning. Apply on Kit Job: kitjob.ca/job/2ov1a3