Senior Auditor, IT Risk and Compliance

Canadian Bank Note Company
Ottawa, ON
Permanent
Full-time

Description

Internal Job Title : Senior Auditor, IT Risk and Compliance

Job Type : Permanent, Full-Time

Job Location : 18 Auriga Drive, Ottawa ON

Work Model : Hybrid

Position Summary

As a Senior Auditor, IT Risk and Compliance in our Corporate Information Systems group, you will play a central role in developing, delivering and managing the risk and compliance programs and activities while also investigating and participating in relevant IT security projects that support the business needs of the organization.

CBN designs and develops industry leading solutions for the following domains : Border Security, Civil Identity, Driver Identification and Vehicle Information, Currency and Excise Control, and Lottery and Charitable Gaming.

To learn more, visit www.cbnco.com.

What We Can Offer You

  • Compensation : We seek long term relationships with our employees and recognize and reward them with a competitive total compensation package that includes :
  • An industry leading defined contribution pension plan with company matching contributions (up to 5%) and payment of service fees,
  • Best-in-class health, medical and life insurance benefits;
  • Access to virtual and telehealth services and apps; and
  • Very progressive fertility, adoption and surrogacy benefits to support all definitions of family.
  • Career : As a knowledge-based organization we will provide you with a wealth of learning opportunities and challenging work that will grow your knowledge, skills and abilities.

At CBN, we encourage and empower our employees to chart their own career path, putting you in control of your future.

Culture : Personal character is the foundation of our culture. CBN's 7 Core Principles shape and guide our behaviours and underpin the sense of community you will experience at CBN.

Equity, diversity and inclusivity are important to us as an organization, and we are committed to fostering and developing a work environment where every employee is treated with dignity and respect.

What You Will Do

  • Risk Assessment and Management :
  • Risk Program : Develop and maintain our ongoing risk management program following CBN standard procedures. Set program objectives, develop schedules and establish expectations.
  • Identify and Evaluate Risks : Collaborate with stakeholders and SME's across the business to continuously assess IT risks.
  • Risk Documentation : Document identified risks and communicate them to relevant stakeholders, updating risk registers, following up with risk owners and reporting to executive committees as necessary.
  • Compliance Monitoring and Management :
  • Compliance : Ensure IT systems and procedures comply with industry standards and regulations such as ISO-27001, PCI, and SOC2.

Schedule and lead compliance assessments.

  • Framework Evaluation : Maintain currency for emerging compliance frameworks or as standards evolve. Update internal control frameworks, assess gaps and work with stakeholders to maintain our compliance.
  • Internal Policies : Create internal policies and procedures to meet emerging or evolving standards and as new technologies or threats are defined.
  • Audit Planning Execution and Reporting :
  • Design Audit Programs and Schedules : Create detailed audit plans and schedules aligning with the organization's compliance requirements.
  • Conduct Audits : Perform comprehensive audits of IT systems, applications, and processes to ensure they meet appropriate security and compliance standards.
  • Document Findings : Prepare detailed reports on audit findings, update registers, highlight areas of concern, and assess corrective actions to ensure they will meet compliance requirements.
  • Present to Management : Present findings to senior management and compliance committees, ensuring transparency and accountability.
  • Technical Guidance :
  • Support Other Compliance Resources : Provide guidance and support across our organization(s) and to other CBN compliance and risk resources, helping them develop their skills.
  • Training and Development : Coach junior compliance and other staff on IT audit and compliance practices and risk management.
  • Investigations : As required assist in investigating security events and participate in relevant root cause analysis development.
  • Continuous Improvement :
  • Process Enhancement : Continuously seek ways to improve processes and methodologies to enhance efficiency and effectiveness.

Aid in the maturation and evolution of our company-wide Governance, Risk and Compliance (GRC) tool.

  • Supervise Corrective Actions : Oversee the implementation of corrective actions to ensure compliance issues are resolved effectively and promptly.
  • Various Other Duties and Responsibilities

Qualifications

Knowledge and Experience

  • Bachelor's degree in Information Systems (or similar) or equivalent combination of education and / or relevant work experience
  • Certification in a relevant audit discipline - BSI Lead Auditor, ISACA CISA, PECB Sr. Lead Auditor
  • Certification in one (or more) of the following compliance frameworks - ISO27001-2013, ISO 14298, NASPO, PCI-DSS v3.0+, SOC 1, SOC 2 (Type I and II), FedRamp, relevant ITSGs, CSA and CSA Star-II, SANS, ISAC or GIAC
  • Comprehensive knowledge of industry recognized threat and risk management methodologies (HTRA, TRA, TVRP, ITSG-33) and frameworks
  • Comprehensive knowledge of Unified Compliance Frameworks and GRC tools
  • Thorough knowledge of current security trends, threat vectors and cyber security TTPs
  • 8+ years of experience in a Relevant compliance, risk or auditing role
  • 5+ years of experience in cyber and / or corporate security organization
  • 5+ years of experience in developing and delivering compliance and risk assessments, creating, and presenting reports to executives and handling external auditors.

Soft Skills and Abilities

  • Critical thinking skills
  • Organization and time management skills
  • Interpersonal skills
  • Coaching skills
  • Teamwork and collaboration
  • Growth mindset

Mandatory Requirements

  • Fluency in English (fluency in Spanish is an asset)
  • Ability to travel domestically approx. 6-8 weeks / year

Security Clearance Requirements

Ability to obtain and maintain Government of Canada Secret (Level II) personal security clearance.

About Us

As an Equal Opportunity Employer, Canadian Bank Note Company, Limited is committed to achieving a skilled workforce that reflects the diversity of the Canadian population.

We encourage applications from women, visible minorities, people with disabilities and Aboriginal people. Canadian Bank Note Company Limited is committed to developing inclusive, barrier-free selection processes and work environments.

If contacted regarding this competition, please advise the interview coordinator of any accommodation measures you may require.

18 hours ago
Related jobs
Innovaderm
Canada

Auditor, Clinical Quality and Compliance is to act as lead person in the establishing audit plans, assessing/securing compliance in study conduct and to provide strong support to operations via GxP consultation. You approach challenges with an understanding of norms and regulations, combined with a ...

S.i. Systems
Ottawa, Ontario

Collaborate with security and technical teams to ensure security requirements and risks, including potential mitigations, are understood. Conduct cyber risk assessments on new and existing technical solutions to identify security risks and control gaps. Experience with risk management and security c...

PwC
Ottawa, Ontario

Our Transformation Risk and Advisory team is growing and comprises a truly international team, with a wealth of experience in transformation advisory services, program and project delivery and risk management. A career in our Transformation Risk and Advisory (TR&A) team, within our Risk Assurance pr...

Dropbox
Canada
Remote

Facilitate ongoing risk and compliance initiatives and monitor control effectiveness. Familiarity with a broad range of technical concepts relevant to cloud computing environments: logical access, agile development process, security architecture, information security, network security, and privacy. ...

SGS
Remote, REMOTE, CA
Remote

In addition to managing the BARS SGS accreditation, Aviation Compliance provides aviation safety advice, conducts operational and technical audits, and completes aviation projects for SGS Aviation Compliance clients. This position is a direct link with Client representatives on aviation matters and ...

S.i. Systems
Ottawa, Ontario

Senior ServiceNow Developers to develop and configure IT Service Management (ITSM), and IT Asset Management (ITAM, HAM, SAM) modules for a large complex implementation. IT Service Management (ITSM), IT Asset Management (ITAM), Software Asset Management (SAM), and Hardware Asset Management (HAM). Fam...

PwC
Ottawa, Ontario

Our Transformation Risk & Advisory team is growing and comprises a truly international team, with a wealth of experience in transformation advisory services, program and project delivery and risk management. Understanding of core project management process areas (including IT governance, quality ass...

Deloitte
Ottawa, Ontario

We want you to fit in—with an inclusive culture, focus on work-life fit and well-being, and a supportive, connected environment; but we also want you to stand out—with opportunities to have a strategic impact, innovate, and take the risks necessary to make your mark. Do you thrive on developing crea...

PwC
Ottawa, Ontario

Our Transformation Risk and Advisory team is growing and comprises a truly international team, with a wealth of experience in transformation advisory services, program and project delivery and risk management. SummaryA career in our Transformation Risk and Advisory (TR&A) team, within our Risk Assur...

S.i. Systems
Ottawa, Ontario

Senior Business Systems Analyst experienced in data migration projects to be the liaison between the Business and IT on various data related projects. Advanced skills in MS Office applications like Excel, PowerPoint, PBI, Word, with expert level skills in. ...