Director, Internal Audit - Technology, Information Security, and AI

About the role

Fairstone Bank and its family of brands are united in delivering innovative, accessible and reliable financial solutions that enable Canadians to reach their goals. Over the years, our brand family has grown. In 2024, Home Trust Company, Home Bank and Oaken Financial became part of the Fairstone Bank family of brands, alongside Fairstone, Eden Park and Fig. Together, we are the leading alternative lending bank in Canada. We have the collective experience and expertise to better serve our customers and foster our partners' growth. With a diverse suite of products-residential and commercial mortgages, consumer deposits and GICs, credit cards, retail and automobile financing, personal loans and digital lending-we offer financial solutions tailored to all Canadians, including newcomers, small-business owners, smart investors and savvy consumers. Backed by nearly a century of lending experience through its legacy companies, Fairstone Bank and its brand family are proud to be Canada's leading alternative lending bank. The Director, Internal Audit - Technology, Information Security, and AI leads the planning and delivery of risk-based audits and advisory work across the Bank's technology and digital risk domains. This role provides independence assurance over technology risks across ITGCs, cybersecurity governance, cloud governance, data management, AI, and technology operations. The Director is expected to exercise independent authority and credible challenge with senior technology leaders including the Chief Technology Officer (CTO) and their leadership team ensuring that technology risks, control gaps, and remediation commitments are appropriately identified, debated, and addressed. The role requires sufficient technical knowledge and professional competence to engage in difficult, sometimes adversarial conversations with technology leadership, while maintaining a constructive, respected, and independent relationship. Co‑sourced SMEs may support deep technical assessments; however, the Director must independently interpret results, synthesize risk implications, and challenge management where standards or practices are insufficient.

Responsibilities

• Risk Assessment & Strategy Planning (20%)
• Own and maintain the technology audit universe for core domains: Technology Strategy, Data, and AI, Technology Integration, Software Engineering, Digital Services, Technical Services & Performance, Technology Operations, and Information & Cyber Security.
• Lead the annual technology risk assessment, identify appropriate audits to be included in the annual audit plan and help develop the Plan for the Audit Committee approval.
• Identify emerging risks within the Technology audit portfolio (e.g., cyber threats, cloud adoption, data privacy), monitor these risks to determine their impact, and assess changes needed for the annual audit plan or planned audits. Incorporate changes as appropriate.
• Audit Plan Execution and Delivery (50%)
• Lead opening and closing meetings, ensuring audit project planning is appropriately completed, reviewing audit working papers, and preparing/reviewing draft internal audit report for each project. Review control design and effectiveness using industry frameworks (NIST CSF, ISO 27001, COBIT).
• Deliver balanced and insightful reporting to the Chief Internal Auditor and Audit Committee on technology risk posture, themes, and systemic gaps.
• Oversee remediation/closure of IT audit findings, OSFI findings including tracking closure to due dates, the validation of findings with management, ensuring appropriate responses are received, and appropriate quality assurance practices are followed.
• Provide independent advice during major technology initiatives (policy& standards enhancements, modernization, cloud migration, data platform enhancements) from governance and risk lens and collaborate with stakeholders to embed controls early.
• Leadership & Stakeholder Management (20%)
• Develop and maintain independent and influential relationships with senior technology stakeholders, including the CTO, CISO, Data & Privacy leadership, and enterprise risk partners (i.e., ERM, ORM, Compliance).
• Develop and maintain working relationships with the Bank's external auditors to support their direct assistance and or audit reliance model.
• Demonstrate the authority, credibility, and technical un

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at fairstone? Share your experience