Control Tester & Advisor – Data & AI Governance

This is a fully remote position, open to applicants in Canada.

📋 Description

• Conduct testing for design effectiveness (DE) and operating effectiveness (OE) of controls pertaining to Data Governance and AI Governance, which includes aspects like data quality, data management, AI lifecycle governance, and ethical AI controls.

• Create and document testing procedures and scripts in accordance with approved testing methodologies and risk frameworks.

• Execute reperformance testing, sampling, and evidence validation to evaluate control execution.

• Utilize professional judgment to assess control effectiveness, pinpoint control gaps, and evaluate residual risk.

• Provide advisory support regarding risks, controls, and processes to business and technology partners concerning Data and AI governance.

• Offer guidance on control design, enhancements, and process improvements to mitigate identified risks or adapt to emerging governance expectations.

• Assist in risk assessments by identifying inherent risks, evaluating mitigating controls, and assessing control coverage.

• Help stakeholders comprehend risk and control expectations, governance standards, and testing outcomes.

• Provide advice on best practices for data and AI governance, ensuring alignment with internal policies, standards, and risk frameworks.

• Facilitate proactive risk management by identifying potential control weaknesses or governance gaps outside of formal testing cycles.

• Lead walkthroughs with control owners and stakeholders to understand end-to-end processes related to in-scope control activities.

• Document process flows, control descriptions, and key risks based on walkthroughs and artifact reviews.

• Develop and sustain a working knowledge of how data and AI controls function within business and technology processes, supporting testing and advisory activities.

• Analyze and evaluate business and governance artifacts, including: Data governance policies, standards, and procedures; Data lineage, metadata, and data quality documentation; AI governance artifacts (e.g., model lifecycle documentation, approvals, monitoring evidence).

• Assess whether artifacts adequately demonstrate control design, operating effectiveness, and risk mitigation.

• Provide advisory feedback to stakeholders when artifacts or documentation do not fully align with risk and control expectations.

• Identify, document, and clearly express control deficiencies, design gaps, and operational issues, including root cause analysis.

• Create clear, risk-based issue descriptions and engage in discussions regarding risk severity and impact.

• Offer actionable and practical recommendations that balance risk mitigation with business and operational considerations.

• Communicate testing outcomes, risk insights, and advisory recommendations to stakeholders in a clear and professional manner.

• Serve as the primary contact for testing and advisory matters for business partners, technology teams, and risk partners in assigned areas.

• Collaborate with stakeholders to clarify control intent, evidence expectations, risk ownership, and remediation strategies.

• Support ongoing governance forums, working groups, or risk discussions related to Data and AI governance.

• Contribute to the continuous enhancement of Data & AI governance testing and advisory practices.

• Create and maintain high-quality documentation for testing and advisory activities, including workpapers, test scripts, walkthrough notes, risk assessments, and conclusions.

• Ensure that work meets quality standards, methodology requirements, and service level expectations while maintaining appropriate independence.

⛳️ Requirements

• 3–5 years of relevant experience in control testing, risk management, audit, governance, or advisory functions.

• Proven experience in conducting control design and operating effectiveness testing.

• Experience participating in or contributing to risk assessments and control evaluations.

• Strong analytical capabilities with the ability to interpret complex governance, risk, and technical artifacts.

• Excellent written and verbal communication skills, including issue documentation and advisory discussions.

• Required: CISA, CRISC, or CGRC.

• Preferred: CDMP or AIGP.

• Preferred experience in Data Governance, AI Governance, Model Risk Management, or Technology Risk.

• Familiarity with data management concepts, AI/ML model lifecycles, and governance frameworks.

• Experience balancing independent testing responsibilities with advisory and consultative support.

🏝️ Benefits

• Health insurance

• Tuition reimbursement

• Accident and life insurance

• Retirement savings plans