Risk Management Engineer jobs

Description

IT Manager Compliance and Risk Management
FirstService Corporation is a leading provider of property services across North America, operating through two premier platforms:

• FirstService Residential – The largest manager of residential communities in North America
• FirstService Brands – A top provider of essential property services via franchise systems and company-owned operations

With over US$5.4 billion in annual revenue and a workforce of approximately 30,000 employees, FirstService is publicly traded on NASDAQ and the Toronto Stock Exchange under the symbol FSV. The company is known for its strong insider ownership, experienced leadership, and consistent delivery of shareholder value.
The IT Manager Compliance and Risk Management will collaborate with internal and external stakeholders across the organization in the US and Canada to ensure timely delivery of compliance and advisory initiatives. This role is central to the design, implementation, and testing of IT General Controls (ITGCs) and Application Controls (ITACs) in alignment with Sarbanes-Oxley (SOX) requirements. It demands a blend of IT, accounting, business acumen, and advanced data analytics skills.

The IT Manager Compliance and Risk Management is responsible for planning, executing, and overseeing compliance and advisory projects across the organization to assess the information technology control environment. This would include, but is not limited to, identifying technology-related risks, evaluate mitigation efforts, and escalate emerging technologies and their impact to the overall technological control environment.

Key Responsibilities:

SOX Compliance & IT Controls

• Maintain comprehensive documentation of ITGCs across infrastructure, applications, and data layers.
• Conduct IT risk assessments and align systems with financial reporting processes.
• Lead SOX ITGC testing, including design and operational effectiveness evaluations.
• Coordinate audit walkthroughs and evidence collection for internal and external audits.
• Review and follow up on SOC reports provided by third-party service organizations. Where a SOC report is unavailable, conduct agreed upon SOC-type testing.
• Act as the primary liaison support with external auditors on ITGC and ITAC matters.
• Advise management on control design and remediation strategies for operating control deficiencies.

Audit & Advisory Projects

• Plan and execute IT compliance and advisory projects, including risk assessments and audit scoping.
• Perform testing of ITGCs and ITACs in accordance with internal audit standards.
• Prepare formal audit reports with findings and recommendations for management.
• Maintain logs of control deficiencies and audit recommendations, ensuring timely follow-up and remediation.
• Partner with business and IT leadership to understand emerging risks, major system implementations, and technology changes.
• Evaluate the organization’s cybersecurity maturity, assess management, and disaster recover readiness
• Identify controls weaknesses, business continuity risks, system vulnerabilities and recommend practical value-add improvements.
• Oversee and lead IT audit work performed by external partners as determined by the annual audit plan.
• Prepare comprehensive reports detailing the results of IT review projects to present to business leadership.

Governance & Continuous Improvement

• Provide training and guidance to IT teams on SOX compliance and control responsibilities.
• Recommend improvements to governance, risk, and compliance practices.
• Liaise with external service providers and auditors.
• Support the SVP in process improvement initiatives and manage special projects as needed.

Expectations:

• Uphold professionalism, integrity, and confidentiality.
• Demonstrate expertise in ITGC and ITAC evaluation.
• Exhibit a proactive, results-driven mindset.
• Deliver high-quality work that meets departmental standards and deadlines.
• Apply best practices to help standardize business processes.
• Build strong relationships across all levels of management.
• Take an advisory approach that balances value and cost-effectiveness.

Qualifications:

• Minimum 6 years of experience in SOX compliance, IT audits, ITGC/ITAC, and SOC reports review.
• Strong knowledge of SOX Section 404, COSO, COBIT, and cybersecurity frameworks (e.g., NIST).
• Background in internal/external audit with a risk-based approach.
• Advanced proficiency in MS Excel (formulas, macros, pivot tables), Word, and PowerPoint.
• Experience with AI and data analytics tools (e.g., IDEA).
• Bachelor’s degree in IT, Computer Science, or related field. Professional certification such as CISA.
• Excellent communication, writing, and presentation skills.
• Strong problem-solving and innovative thinking abilities.
• Must be eligible to work in Canada and travel to the U.S. and internationally (up to 30% travel).
• Exceptional project management skills and commitment to meeting deadlines.

Compensation
Compensation for this role is between $120,000 – 138,000 + benefits.

Disclaimer
The above information on this description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job. This is not an all-inclusive job description; therefore, management has the right to assign or reassign schedules, duties and responsibilities to this job at any time.
FirstService Residential is an equal opportunity employer committed to a diverse and inclusive workforce. Applicants will receive consideration for employment without regard to race, colour, religion, sex (including pregnancy), age, sexual orientation, national origin, marital status, parental status, ancestry, disability, gender identity, veteran status, genetic information, other distinguishing characteristics of diversity and inclusion, or any other protected status.
FirstService Residential welcomes and encourages applications from people with disabilities. Accommodations are available upon request for candidates taking part in all aspects of the hiring and selection process.

In accordance with Ontario’s Employment Standards Act (ESA) requirements, we confirm that this job posting is for an existing position within our organization.

INDHON

Automated Employment Decision Tool (AEDT) Usage: We may utilize an Automated Employment Decision Tool (AEDT) in connection with the assessment or evaluation of candidates. The AEDT is designed to assist in objectively evaluating candidate qualifications based on specific job-related characteristics.

Job Qualifications and Characteristics Assessed: The AEDT evaluates candidates based on job qualifications and characteristics pertinent to the role, including skills, experience, and competencies relevant to the position requirements. These qualifications are determined by the unique needs of each role within our company.

Alternative Selection Process or Reasonable Accommodations: Candidates who require an alternative selection process or a “reasonable accommodation,” as defined under applicable disability laws, may make a request through our designated contact channel national_recruiting@fsresidential.com.

Requesting Information About the AEDT - NYC Local Law 144: Candidates who reside in New York City and are subject to NYC Local Law 144 may request information about the AEDT, including details on the type of data collected, the sources of such data, and our data retention policies. To submit a request, please contact us at national_recruiting@fsresidential.com; we will respond in accordance with Local Law 144, within 30 days.