IT Audit Specialist

  • As a member of Institutional Technology’s IT Controls, Audit, and Compliance team, support and drive Audits, Supplier Assessment Responses, Security and Compliance activities within the business unit. 
  • This role will report directly to the GBRS Client Response & Audit Management Director within Canadian Division. 

 

  • Job duties include:
    • Manage and drive the audit processes collaborating with Internal and External Audit teams and facilitating the collation of audit and compliance artifacts.
    • Monitor and ensure timely completion of the audit processes and follow-ups on audit issues.
    • Facilitate audit management reporting, management responses and monitor and report on audit response plans.
    • Provide Controls, Audit, and Compliance consulting support for Program(s) and Program teams and initiatives.
    • Support security assessments of 3rd parties; including self-assessment questionnaires, site visits and external audit reports analysis.
    • Consult, providing expert and best practice advice to the business unit on information security, compliance and controls requirements.
    • Assess compliance and drive remediation/alignment with Security Policies, Standards and Procedures. 
    • Manage and drive assurance assessments, audits and reports; such as SOC 1 Type II, and SOC 2 Type II , Financial Statement Audit, Sarbanes Oxley, and Regulators.
    • Work with the business unit to help define and improve Operational Information Security practices and controls.  
    • Report on security metrics and compliance with company policies/standards.
    • Reviews and provides assessments into the control monitoring process, ensuring that appropriate internal controls are followed for all underpinning processes.
    • Continually monitor control compliance to the control framework, providing oversight and ownership of escalated exceptions.
    • Ensure that internal audit points are cleared within the time commitments provided to Internal Audit.
    • Facilitate and support the 3rd Party Vendor Client Questionnaire Program.
    • Client facing support for external client IT Audit, Security and Compliance requirements.
    • Support Off-Shore Resource team in the execution of their duties.
    • Champion the IT Audit, Security and Compliance profession.
    • Coach and Mentor team members and partners in IT Audit, Compliance and operational best practices.

Experience and Qualifications

  • 3-5 years of relevant information security controls and information technology audit and compliance experience.
  • Experience with SOC2 Type 2 readiness initiatives and audit coordination.
  • Experience with IT Audit is considered an asset.
  • Familiarity with Group Benefits or Retirement Solution.
  • Familiar with IT General Controls as defined in GAAPs.
  • Familiarity with Industry frameworks such as NIST, ISO, COBIT5, and CSA.
  • Post-secondary diploma or degree in computer science fields of study is preferred.
  • Professional certification(s) related to information controls, audit or compliance such as CISSP, CRISC, CISM, CISA, GIAC are preferred. A willingness to obtain is required
  • Exceptional written and oral communication skills; working knowledge of French is considered an asset.

Attributes

  • Ability to analyze and synthesize information and complex issues to develop meaningful analyses to help make informed decisions.
  • Ability to analyze and form an opinion on risks and controls relating to systems and link to associated business impacts.
  • Readily voices opinions (supported by facts), escalate issues and ideas, and able to positively manage conflict.
  • High level of professionalism, integrity, and ethics.
  • Can perform tasks independently, yet capable of working within a team environment.
  • Ability to design and implement new processes and create efficiencies.
  • Focused on helping business units achieve their objectives; understands that Information Security must enable the business.
  • Ability to work in a fast-paced, evolving and growing environment.
  • Proven time management and organizational skills required to meet tight deadlines.
  • Strong presentation and interpersonal skills.
  • Strong computer skills (Excel, Word and Power Point).
  • Strong work ethic and able to work under pressure and perform under tight deadlines.
  • Strong time management and organizational skills with attention to detail.
  • Get-it-done attitude.