IT Audit Portfolio Manager

Reporting to the Vice President of IT Audit, you will be responsible for effective management of the assigned IT audit portfolio which includes executing and reporting on multiple concurrent audit engagements resulting in improvements to the overall risk / control environment.

Responsibilities

• Contribute to Internal Audit Services annual planning process ensuring suitable coverage of information technology and cyber risk within the audit universe
• Lead information technology and cybersecurity process audits by developing and executing comprehensive audit plans that contain objectives, scope, deliverables, approach, resourcing, and schedule
• Conclude whether risks associated with information technology and cybersecurity processes are appropriately managed through existence of effective controls. Ensure that audit conclusions and recommendations are properly supported by audit evidence and that the audit report content is clear, concise and supported by the audit work completed
• Prepare and discuss audit findings with client and audit senior management; identifying significant issues in a business context, working with audit clients to identify and recommend feasible solutions
• Collaborate with various audit teams on audits of significant projects by addressing various system development and implementation and cybersecurity risks including in-depth assessment of project solution and security architecture, security risk assessments ensuring adherence to enterprise standards and best practices
• Act as a risk / control subject matter expert (SME) for various IT infrastructure such as operating systems, databases, network devices, and cloud technologies
• Promote compliance to policies and procedures, standards, and guidelines

Qualifications

• 7+ years of IT audit or information technology experience with focus on cybersecurity or risk management
• University degree as well as CISA or CISSP and equivalent certifications are required. Other technology specific certifications are a plus
• Excellent working knowledge of audit, project management, and system development methodologies
• Experience in the assessment of threats and risks over IT and cybersecurity processes and systems
• Solid working knowledge and application of IT, cybersecurity, and service organization reporting control frameworks, specifically COBIT, NIST, and SOC (1 and 2)
• Knowledge of various industry regulations such as 52-109, PCI, PIPEDA, and GDPR
• Strong technical knowledge of various IT infrastructure and network components such as operating system (Windows, Linux), databases (Oracle), and network platforms
• Knowledgeable and experience in areas such as network security architecture, identity and access, threat and vulnerability, systems development security, data loss prevention, and endpoint protection
• Knowledge and experience of various security tools (IDAM, Vulnerability Assessment, EDR, SIEM etc.)
• Strong understanding of public cloud networking and network security controls on platforms such as Azure, GCP, AWS
• Excellent relationship management, time management, organization, planning, and process mapping skills
• Well-developed influential skills to resolve situations when there can be distinct differences of opinion between the client and the auditor
• Superior verbal and written communication skills sufficient to prepare and communicate audit reports dealing with facts and concepts for presentations to client executives and external auditors
• Committed to providing a customer focus and valued added service

Job 70508