Director, Internal Audit - Technology, Information Security and AI; Vaco H

Position: Director, Internal Audit - Technology, Information Security and AI (6 month contract) Vaco by H[...]
# Director, Internal Audit - Technology, Information Security and AI (6 month

Vaco by Highspring

Contract mid

CAPosted Yesterday##

Role Overview Vaco by Highspring is hiring a Director, Internal Audit - Technology, Information Security and AI (6 month. This is a contract role in CA. Part of Vaco by Highspring's Risk hiring, posted yesterday. Full responsibilities, required qualifications, and the apply link are listed in the description below.## Salary Context Salary is not disclosed in this posting. Market median for Mid-level Risk roles is $95k-$130k (based on 180 comparable listings).

Many employers share specifics during the interview process or after an initial screen.## Resume Keywords to Include Make sure these keywords appear in your resume to improve ATS scoring

AWSGCPAzure

Agile

CI/CD Auditing

OR Stakeholder Management Sign up free to auto-tailor your resume with all these keywords and get a higher ATS score##

Job Description This is a 6 month contract with permanent potential

The Director, Internal Audit – Technology, Information Security, and AI leads the planning and delivery of risk-based audits and advisory work across the Bank’s technology and digital risk domains. This role provides independence assurance over technology risks across ITGCs, cybersecurity governance, cloud governance, data management, AI, and technology operations. The Director is expected to exercise independent authority and credible challenge with senior technology leaders including the Chief Technology Officer (CTO) and their leadership team ensuring that technology risks, control gaps, and remediation commitments are appropriately identified, debated, and addressed.

The role requires sufficient technical knowledge and professional competence to engage in difficult, sometimes adversarial conversations with technology leadership, while maintaining a constructive, respected, and independent relationship. Co-sourced SMEs may support deep technical assessments; however, the Director must independently interpret results, synthesize risk implications, and challenge management where standards or practices are insufficient.### RESPONSIBILITIES Risk Assessment & Strategy Planning (20%)
* Own and maintain the technology audit universe for core domains:
Technology Strategy, Data, and AI, Technology Integration, Software Engineering, Digital Services, Technical Services & Performance, Technology Operations, and Information & Cyber Security.
* Maintain awareness of technological changes in both external and internal environments including trends in risk management practices and regulatory expectations, and changes in business activities to perform quarterly risk assessments for the technology audit entities within the Internal Audit Universe.
* Lead the annual technology risk assessment, identify appropriate audits to be included in the annual audit plan and help develop the Plan for the Audit Committee approval.
* Identify emerging risks within the Technology audit portfolio (e.g., cyber threats, cloud adoption, data privacy), monitor these risks to determine their impact, and assess changes needed for the annual audit plan or planned audits. Incorporate changes as appropriate.

Audit Plan Execution and Delivery (50%)
* Oversee execution and end to end delivery of all audit projects within the Technology audit universe, ensuring all documentation and audit reports are complete, and projects are appropriately and effectively staffed. Coordinate use of co-sourced technical experts for deep cyber/cloud/AI testing where needed.
* Lead opening and closing meetings, ensuring audit project planning is appropriately completed, reviewing audit working papers, and preparing/reviewing draft internal audit report for each project. Review control design and effectiveness using industry frameworks (NIST CSF, ISO 27001, COBIT).
* Deliver balanced and insightful reporting to the Chief Internal Auditor and Audit Committee on technology risk posture, themes, and systemic gaps.
* Oversee remediation/closure of IT audit findings, OSFI findings including tracking closure to due dates, the validation of findings with management, ensuring appropriate…