Talent.com
Auditor / Analyst, IT Governance Risk and Compliance

Auditor / Analyst, IT Governance Risk and Compliance

VancityVancouver, BC, CA
7 days ago
Salary
CA$71,500.00–CA$107,300.00 yearly
Job type
  • Full-time
Job description

A typical day would involve :

  • Develop internal controls and test procedures to audit the related processes to ensure the operating effectiveness of these controls.
  • Conducting third-party risk assessments to evaluate vendor security and compliance controls by reviewing vendor documentation, engaging with internal stakeholders to understand business requirements, and identifying security and compliance gaps.
  • Reviewing vendor security documentation, including SOC reports, web application penetration test results, and security risk assessments.
  • Maintaining and improving third-party risk management processes, tools, and workflows to streamline risk assessments, audit procedures, and reporting.
  • Working with procurement, vendor management, legal, and other business teams to perform due diligence on new vendors, and ensure security and compliance requirements are met before onboarding.
  • Evaluating third-party security incidents or breaches, or vulnerabilities, and coordinating investigation efforts with internal teams and vendors

You have :

  • Bachelor’s in Information Technology, Risk Management, Business, or a related field
  • 2 -5 years of related experience in IT Governance, Risk, and Compliance (GRC), Third-Party Risk Management, or Information Security
  • A solid understanding of relevant cyber security standards and frameworks such as NIST, ISO 27001, AICPA SOC reports, OSFI, PIPEDA.
  • Prior working knowledge in reviewing SOC1, SOC2 and ISO 27001 reports and attestations.
  • Experience reviewing vendor security controls, evaluating compliance artifacts, and analyzing security risks.
  • Strong attention to detail and analytical thinking to identify vendor security risks and assist in remediation tracking.
  • Excellent communication and stakeholder management skills to engage with vendors and internal teams.
  • A proactive mindset with the ability to work independently and manage multiple priorities in a fast-paced environment.

    • Bonus point(s) :

  • Experience in IT, Audit, Risk Management, Information Security, or a combination of these
  • Information Security related certifications and training such as CISA, CRISC, and CISM
  • An undergraduate degree (preferably in Cyber Security, Computer Science, Engineering, or highly related field)

    • You are :

  • Detail-Oriented : You have a sharp eye for identifying security gaps and areas of
  • improvement in vendor security practices.
  • Analytical : You can balance business needs with risk considerations and provide pragmatic recommendations.
  • Proactive & Adaptable : You anticipate challenges and take action to address them before they escalate.
  • Collaborative : You work effectively with cross-functional teams, including Procurement, Legal, and IT Security.
  • A Clear Communicator : You can translate technical risk concepts into business-friendly
  • language for stakeholders.
  • Driven by Continuous Improvement : You are always looking for ways to refine processes and enhance risk management effectiveness.

    • We value lived experience, so if you are interested in this role, we encourage you to apply even if you feel your skills don't perfectly align with those listed.

    The salary range for this role is $71,500 to $107,300 annually. Base pay offered may vary depending on factors such as relevant qualifications, skills, previous experience, and internal equity. As part of our total rewards package, employees may also be eligible for our annual incentive program, subject to program eligibility requirements.