IT Security Compliance Auditor

LocationScarborough
Job CategoryInformation Technology
SP-ID22594
Position TypeFull Time
Application Deadline April 24, 2020
Experience Required5+ years
Job DurationPermanent
Education RequiredN/A

Job Summary: Our Client has an exciting opportunity for an individual who is a self-starter and has strong problem-solving skills. This is an opportunity that will report to the Manager, Enterprise Architecture and Security. The successful candidate will be responsible to manage security compliance and perform security assessments based on industry standards and regulatory compliance requirements. The individual will maintain/create procedures, policies and standards to ensure that information is protected and available to the business in a timely fashion. The individual will partner with IT technical leads to perform audit pre-assessments analyse findings and develop remediation plans; and coordinate efforts for security compliance audits. The individual will assess security compliance internally; as well as externally via questionnaires and in person audits by evaluating security controls based on frameworks such as NIST, ISO 27001 and against internally Developed client Security Frameworks (GISG, ATSG). The individual will maintain knowledge of applicable compliance requirements and how they affect information technology architecture and new system implementations. What You’ll be Doing: • Internal and external audits against multiple standards / requirements to ensure compliance (NIST, ISO 27001, GISG, ATSG) • Develop and maintain enterprise security policies and procedures • Lead the coordination and completion of information security operations documentation • Work with information security management to develop strategies and plans to enforce security requirements and address identified risks • Report to management concerning residual risk, vulnerabilities and other security exposures; including misuse of information assets and noncompliance • Work with IT department and members of the information security team to identify, select and implement technical controls • Provide direct support to the business and IT staff for security related issues and gaps. • Maintain an awareness of security and control issues in emerging technologies • Develop and Manage multiyear security remediation programs What You Bring: • Bachelor’s degree in Computer Science, Information Systems, equivalent degree or experience • 5+ years of experience in Security Compliance audit, working with NIST, ISO 27001 • 5+ years of experience in Information Technology • CISA or CRISC certifications preferred • Understanding of security standards and compliance frameworks (NIST, ISO 27001) • Familiarity of compliance reporting and certifications (SOC 1 [SSAE16,18], SOC 2) • Experience developing security and compliance deliverables • Experience managing projects across departmental teams • Ability to work well under minimal supervision • Self-starter, takes the lead to accomplish identified priorities • Strong management skills, ability to manage multiple tasks simultaneously and independently prioritize responsibilities • Strong analytical and problem-solving skills to enable effective problem resolution • Strong team-oriented interpersonal skills, with the ability to interface effectively with a broad range of people and roles, including vendors, customers and IT-business personnel • Strong written and verbal communication skills • Microsoft Excel, Word, Power Point (basic skillset: i.e. graphs, formatting, basic formulas) Resume to s.sharda@maxsys.ca*MST