Internal Audit Assistant Manager (Project Security)

JOB DESCRIPTION

Our employees are at the heart of what we do best : helping people, businesses and society prosper in good times and be resilient in bad times.

When you join our team, you’re bringing this purpose to life alongside a passionate community of experts.

Feel empowered to learn and grow while being valued for who you are here, diversity is a strength. You have our commitment to support you in reaching your goals with tools, opportunities, and flexibility.

It’s our employee promise.

Our hybrid work model provides the balance between working from home and enjoying meaningful in-person interactions.

Read on to see how you can shape the future, win as a team, and grow with us.

About the role

We’re looking for an IT Internal Audit Assistant Manager (Project Security) , to join our growing team!

Position overview :

As the IT Internal Audit Assistant Manager, you will lead independent reviews of IT projects and programs and will be responsible for supporting planning and execution of risk-based, process focused IT audit and advisory assignments with goal to improve the overall IT security and governance risk / control environment for key IT projects / programs developed.

This is a newly created role that offers a unique opportunity to work with a broad scope on a global team, where each member’s participation and value-add are key to the success of the Corporate Audit Services function.

This new position will primarily support the United Kingdom and European operations as part of our Real-Time Review (RTR) of projects audit team and will also support North American operations as required.

Who you are :

Your enthusiasm is infectious. You challenge the status quo. You find solutions to problems. You go the extra mile to exceed customers’ expectations.

You get things done the right way. You represent our brand with passion and pride. You are a team player. You have fun and you make work fun for those working around you.

What you’ll do here :

Lead IT portion of Real-Time Review of audit assignments, focusing on Cybersecurity, Secure Development Practices, Third-Party Risk Management, Project and Data Governance, Change Management, Cloud infrastructure, among others.

Assist in planning and developing scope, and appropriate procedures for each review in accordance with departmental guidelines, IIA Standards, and relevant laws and regulations.

Identify gaps in the Software Development Lifecycle of key projects and collaborate with stakeholders to provide recommendation that align with company’s internal standards or industry best practices.

Support the audit team in kick-off and closing meetings, effectively communicate audit objectives, scope, findings and recommendations to management.

Demonstrate expertise in security controls such as application security, logical access management, and data protection, providing valuable feedback to the first and second lines of business.

Work with business stakeholders on issues follow-ups to ensure implementation of recommendations.

Prepare concise audit memorandums for review by Portfolio Managers, Directors and Chief Auditor.

Foster risk and control awareness across the organization by working with management and other line of defense functions.

Advocate for application security within the organization and keep abreast of the latest security issues and technologies.

What you bring to the table :

Post Secondary education in Information Systems, Computer Science, Software Engineering, or a related field - is required.

Minimum of 3 years in IT auditing - is required.

Recognized professional audit or security related designation (CIA, CISA, CCSK, CCSP, CISSP, CISM, etc.).

Working experience in reviewing software engineering controls related to project governance, data governance, IT and Data Security, testing and change / release management areas.

Proficient in reviewing security vulnerabilities identified from different platforms such as middleware / container / automated pipelines with experience to independent assess the end-risk and root cause for each of the vulnerabilities.

Knowledge of cyber security risks, assessments, reports and frameworks such as those published by leading organizations (e.

g. NIST, ISO , SOC 2 Type II, etc.) is an asset.

Knowledge of best practices and strong security controls over cloud environments (AWS, Azure, GCP, etc.) or Artificial Intelligence (AI) / Machine Learning (ML) technologies and their security implication is an asset.

Strong analytical skills leading to accurate conclusions.

Strong project management skills and solutions driven.

Excellent written and communication skills.

Experience using data analytics tools is an asset

Prior Big 4 firm and insurance industry experience is an asset.

For candidates located in Quebec, bilingualism is required considering the necessity to interact on a regular basis with English-speaking colleagues across the country.

LI-Hybrid

What we offer

Working here means you'll be empowered to be and do your best every day. Here is some of what you can expect as a permanent member of our team :

A financial rewards program that recognizes your success

An industry leading Employee Share Purchase Plan; we match 50% of net shares purchased

An extensive flex pension and benefits package, with access to virtual healthcare

Flexible work arrangements

Possibility to purchase up to 5 extra days off per year

An annual wellness account that promotes an active and healthy lifestyle

Access to tools and resources to support physical and mental health, embracing change and connecting with colleagues

A dynamic workplace learning ecosystem complete with learning journeys, interactive online content, and inspiring programs

Inclusive employee-led networks to educate, inspire, amplify voices, build relationships and provide development opportunities

Inspiring leaders and colleagues who will lift you up and help you grow

A Community Impact program, because what you care about is a part of what makes you different. And how you contribute to your community should be just as unique.