In this hybrid role, you will collaborate with internal auditors, IT teams and business resources to coordinate the internal IT audit activities and be responsible for developing and maintaining the IT General Controls. In the second hand you will collaborate with business and IT management with guidance on IT risk management matters, particularly on application, access management and infrastructure security.
Your knowledge and understanding of SOX 404 and IT risk and controls will be essential to provide an accurate understanding of the business IT security risks to meet the business objectives and priorities.
- Plan and coordinate IT activities related to audit processes initiated by internal and external auditors;
- Plan and coordinate the scope and performance of security system reviews with internal and external auditors;
- Assist in the identification, documentation and evaluation of the company's IT, financial and
- operational ITGC.
- Analyze the effectiveness and relevance of ITGC processes and systems to optimize the Company’s resources and assets;
- Prepare and report results to executives and Audit Committees;
- Communicate audit findings and recommendations to all IT and business managers;
- Ensure that previous audit recommendations are addressed and implemented in a timely matter;
- Maintain clear and complete IT audit documentations;
- Take part actively on developing an ITGC auditing program to offer comprehensive audit coverage within the organization;
- Develop, build & implement tools to analyze data to improve audit efficiency and effectiveness, (including for risk assessments).
IT Risk Management activities and responsibilities:
- Take part actively in developing and maintaining the IT Risk management process and activities;
- Take part actively in IT development and implementation to resolve security and compliance issues and put the required procedures in place;
- Take part in efforts to make the various business lines aware of compliance and risk issues;
- Assist in the identification, documentation, evaluation of the company's IT risk IT;
- Assist in the recommendations for mitigating the new and existing potential security risks.
Reporting to the Manager, IT Security, you will be part of a highly dynamic team whose leaders and members are encouraged to exceed expectations.
- Bachelor’s degree in computer science or a related discipline;
- 5 to 7 years of experience in a similar position;
- Information security certification would be a must have such as CISA or CISSP;
- Knowledge of SOX 404 / COBIT 5 mandatory
- Knowledge of CIS risk framework / NIST, an asset.
- Excellent communication skills (written and spoken) in both official languages;
- Ability to work independently and as part of a team, while managing priorities that occasionally conflict;
- Strong interpersonal and project management skills;
- Ability to provide quality results on time or even ahead of schedule;
- Motivation, judgment and decision-making ability;
- Ability to define and explain problems and solutions objectively;
- Ability to explain complex ideas clearly;
- Critical and analytical thinking skills and the ability to solve problems;
- Ability to manage tasks and priorities in a context of fast-paced teamwork;
- Practical knowledge of information technology, especially system implementation, data architecture, telecommunication networks and computer security.