IT Manager Compliance and Risk Management

IT Manager Compliance and Risk Management

FirstService Corporation is a leading provider of property services across North America, operating through two premier platforms:

• FirstService Residential – The largest manager of residential communities in North America
• FirstService Brands – A top provider of essential property services via franchise systems and company-owned operations

With over US$5.4 billion in annual revenue and a workforce of approximately 30,000 employees, FirstService is publicly traded on NASDAQ and the Toronto Stock Exchange under the symbol FSV. The company is known for its strong insider ownership, experienced leadership, and consistent delivery of shareholder value.

Role Overview

The IT Manager Compliance and Risk Management will collaborate with internal and external stakeholders across the organization in the US and Canada to ensure timely delivery of compliance and advisory initiatives. This role is central to the design, implementation, and testing of IT General Controls (ITGCs) and Application Controls (ITACs) in alignment with Sarbanes-Oxley (SOX) requirements. It demands a blend of IT, accounting, business acumen, and advanced data analytics skills.

The IT Manager Compliance and Risk Management is responsible for planning, executing, and overseeing compliance and advisory projects across the organization to assess the information technology control environment. This would include, but is not limited to, identifying technology-related risks, evaluate mitigation efforts, and escalate emerging technologies and their impact to the overall technological control environment.

Key Responsibilities

SOX Compliance & IT Controls

• Maintain comprehensive documentation of ITGCs across infrastructure, applications, and data layers.
• Conduct IT risk assessments and align systems with financial reporting processes.
• Lead SOX ITGC testing, including design and operational effectiveness evaluations.
• Coordinate audit walkthroughs and evidence collection for internal and external audits.
• Review and follow up on SOC reports provided by third-party service organizations. Where a SOC report is unavailable, conduct agreed upon SOC-type testing.
• Act as the primary liaison support with external auditors on ITGC and ITAC matters.
• Advise management on control design and remediation strategies for operating control deficiencies.

Audit & Advisory Projects

• Plan and execute IT compliance and advisory projects, including risk assessments and audit scoping.
• Perform testing of ITGCs and ITACs in accordance with internal audit standards.
• Prepare formal audit reports with findings and recommendations for management.
• Maintain logs of control deficiencies and audit recommendations, ensuring timely follow-up and remediation.
• Partner with business and IT leadership to understand emerging risks, major system implementations, and technology changes.
• Evaluate the organization’s cybersecurity maturity, assess management, and disaster recover readiness
• Identify controls weaknesses, business continuity risks, system vulnerabilities and recommend practical value-add improvements.
• Oversee and lead IT audit work performed by external partners as determined by the annual audit plan.
• Prepare comprehensive reports detailing the results of IT review projects to present to business leadership.

Governance & Continuous Improvement

• Provide training and guidance to IT teams on SOX compliance and control responsibilities.
• Recommend improvements to governance, risk, and compliance practices.
• Liaise with external service providers and auditors.
• Support the SVP in process improvement initiatives and manage special projects as needed.

Expectations

• Uphold professionalism, integrity, and confidentiality.
• Demonstrate expertise in ITGC and ITAC evaluation.
• Exhibit a proactive, results-driven mindset.
• Deliver high-quality work that meets departmental standards and deadlines.
• Apply best practices to help standardize business processes.
• Build strong relationships across all levels of management.
• Take an advisory approach that balances value and cost-effectiveness.

Qualifications

• Minimum 6 years of experience in SOX compliance, IT audits, ITGC/ITAC, and SOC reports review.
• Strong knowledge of SOX Section 404, COSO, COBIT, and cybersecurity frameworks (e.g., NIST).
• Background in internal/external audit with a risk-based approach.
• Advanced proficiency in MS Excel (formulas, macros, pivot tables), Word, and PowerPoint.
• Experience with AI and data analytics tools (e.g., IDEA).
• Bachelor’s degree in IT, Computer Science, or related field.
• Professional certification such as CISA.
• Excellent communication, writing, and presentation skills.
• Strong problem-solving and innovative thinking abilities.
• Must be eligible to work in Canada and travel to the U.S. and internationally (up to 30% travel).
• Exceptional project management skills and commitment to meeting deadlines.

Compensation

Compensation for this role is between $120,000 – 138,000 + benefits.

Key skills/competency

• IT Compliance
• Risk Management
• SOX Compliance
• IT General Controls (ITGC)
• IT Application Controls (ITAC)
• IT Audits
• SOC Reports
• Data Analytics
• Cybersecurity Frameworks
• Project Management