Senior IT Audit & SOC 2 Specialist, Contract 

Toronto (Hybrid) 

Role Overview 

The Senior IT Audit & SOC 2 Specialist will play a key role in supporting the government’s transition of core financial systems to the cloud. This role focuses on SOC 2 assurance, Oracle Cloud oversight, and IT and business control effectiveness.

Working within the Central Services Audit Branch, the incumbent will support four program areas—the Office of the Provincial Controller Division, Infrastructure & Enterprise Financial Services Division, Technology & Operations Division, and the Government Services Integration Cluster—by assessing SOC 2 audit coverage, strengthening processes to review SOC 2 reports, and preparing stakeholders for the 2026–27 System Reliability Audit.

This is a senior advisory role requiring strong technical expertise, sound business judgment, and the ability to educate and guide program areas in fulfilling their oversight responsibilities.

Key Responsibilities

• Assess the adequacy of SOC 2 reports and bridge letters provided by Oracle Cloud in relation to audit objectives
• Evaluate SOC 2 audit coverage and identify gaps relevant to government financial systems and operations
• Design, recommend, and enhance IT and business controls aligned with SOC 2 requirements
• Support program areas in developing and formalizing processes to review, interpret, and rely on SOC 2 reports
• Translate third‑party SOC findings into clear, actionable control requirements and oversight activities
• Educate and guide IT, finance, and business stakeholders on SOC 2 concepts, cloud risks, and control ownership
• Advise management on risks related to cloud governance, access controls, security, change management, and vendor oversight
• Support readiness for the 2026–27 System Reliability Audit, ensuring program areas can effectively discharge accountability responsibilities
• Prepare concise, evidence‑based advice and recommendations for senior and executive leadership

Qualifications & Experience

• Demonstrated experience reviewing and assessing SOC 2 reports and related assurance documentation
• Strong IT and business process knowledge, particularly in financial systems
• Experience with cloud‑based environments; Oracle Cloud experience is a strong asset
• Proven ability to design, evaluate, and implement IT and business controls
• Experience supporting audit readiness and governance oversight activities
• Ability to explain complex technical and assurance concepts to non‑technical audiences
• Strong written, verbal, facilitation, and stakeholder engagement skills
• Background in IT audit, technology risk, internal audit, or assurance