[Remote] Senior Analyst, IT Controls Testing

Note: The job is a remote job and is open to candidates in USA. BMO is a leading financial institution that is seeking a Senior Analyst for IT Controls Testing. The role involves testing various IT controls, including patch management, incident management, and security controls across cloud environments, ensuring compliance and effectiveness in maintaining technology security and governance.


Responsibilities

  • Test patch management controls, including timely identification, prioritization, testing, deployment of patches, and validation of patch compliance reporting, exception handling, and remediation activities
  • Evaluate incident management controls covering detection, response, escalation, documentation, severity classification, root‑cause analysis, and communication practices
  • Assess asset management processes/ controls for identifying, classifying, tracking, and reconciling technology assets; validate CMDB and inventory accuracy and completeness
  • Test platform and database security controls including authentication, access, backup, logging, configuration management, privileged access, segregation of duties, encryption, and baseline adherence
  • Assess container governance and security including orchestration, image scanning, RBAC, network isolation, configuration hardening, and lifecycle processes/ controls (build, deploy, patch, retire)
  • Perform controls testing across cloud environments (IaaS/PaaS/SaaS) focusing on identity, data security, configuration management, monitoring, baseline compliance, provisioning, access, etc
  • Evaluate technology currency controls ensuring systems remain vendor-supported; review upgrade planning, end‑of‑life tracking, remediation progress, and reporting accuracy
  • Test change management processes including planning, approval, testing, scheduling, implementation, documentation, segregation of duties, and emergency change compliance
  • Evaluate data governance controls related to classification, handling, retention, protection, integrity, lifecycle management, stewardship responsibilities, and data quality practices
  • Test software asset management controls include license tracking, entitlement validation, deployment oversight, compliance, procurement, usage monitoring, and vendor management
  • Assess enterprise architecture governance for alignment with standards, security patterns, reference architectures, and control checkpoints, review solution design and risk assessment outputs
  • Test API governance and security controls covering API lifecycle, authentication, authorization, rate limiting, scanning, inventory accuracy, gateway configuration, logging, and monitoring
  • Execute IT controls testing using standardized methodologies, ensuring accurate, high‑quality, and well‑documented results
  • Prepare clear and complete testing documentation including test plans, work papers, evidence, and issue writeups
  • Analyze root causes of identified issues and communicate findings effectively to stakeholders
  • Produce high‑quality deliverables such as reports and status updates
  • Build strong relationships with technology, audit, compliance, and business partners to support testing activities
  • Provide clear and constructive feedback on control gaps, risks, and improvement opportunities
  • Apply strong analytical, problem‑solving, and critical‑thinking skills throughout testing engagements
  • Manage time and priorities effectively to meet deadlines and engagement expectations
  • Take ownership of deliverables and work independently with minimal supervision
  • Contribute to CTU projects, process improvements, and ad‑hoc initiatives

Skills

  • Bachelor's degree in IT, Computer Science, Engineering, or equivalent experience
  • 3–5 years of IT controls testing experience (ITGC, SOX, Cloud Platforms, Container Management, etc)
  • Strong understanding of IT risk and control frameworks (e.g., COBIT, ITIL, ISO 27001, COSO, NIST, PCI DSS)
  • Execute IT controls testing using standardized methodologies, ensuring accurate, high‑quality, and well‑documented results
  • Prepare clear and complete testing documentation including test plans, work papers, evidence, and issue writeups
  • Analyze root causes of identified issues and communicate findings effectively to stakeholders
  • Produce high‑quality deliverables such as reports and status updates
  • Build strong relationships with technology, audit, compliance, and business partners to support testing activities
  • Provide clear and constructive feedback on control gaps, risks, and improvement opportunities
  • Apply strong analytical, problem‑solving, and critical‑thinking skills throughout testing engagements
  • Manage time and priorities effectively to meet deadlines and engagement expectations
  • Take ownership of deliverables and work independently with minimal supervision
  • Contribute to CTU projects, process improvements, and ad‑hoc initiatives
  • Certifications such as CISA, CISM, CDPSE, CISSP, or CPA are considered an asset
  • Experience in banking or financial services is preferred

Benefits

  • Health insurance
  • Tuition reimbursement
  • Accident and life insurance
  • Retirement savings plans

Company Overview

  • We’re a bank, but there’s more to it than that. ​ When you join BMO, it opens a world of opportunities. It was founded in 1817, and is headquartered in Toronto, Ontario, CAN, with a workforce of 10001+ employees. Its website is http://www.bmo.com.

    • Company H1B Sponsorship

  • BMO has a track record of offering H1B sponsorships, with 7 in 2025, 2 in 2024, 6 in 2023, 4 in 2022, 2 in 2021, 2 in 2020. Please note that this does not guarantee sponsorship for this specific role.

    • Back to blog