IT Audit Specialist

WHO WE ARE
When it comes to health, we’re always looking for waysto push for better. It’s why we were founded in the first place. In 1957, ourfounder, pharmacist William Wilkinson, witnessed a mother sacrifice her healthby forgoing her own medicine to pay for her sick daughter’s prescription. Heknew there had to be a better way. So, he introduced North America’s firstprepaid drug plan, and GreenShield was born as a not-for-profit with a missionto support better health for all Canadians.

We aren’t just a health and benefits company. We’rethe only not-for-profit social enterprise that brings worlds of coverage andcare together, all in one place.
We’re noble challengers, purposefully building a betterway and we need the best people to help us create a more holistic approach thattakes care of the mind and body.

Our mission is to create better health for allCanadians, and we know that starts with our employees.

THEROLE IN A NUTSHELL

The Internal Audit Services function is an independent team of professionals with a common purpose of collaborating with the organization to evaluate and improve the organization’s risk mitigation strategies through the provision of independent oversight and assurance, leveraging advanced technologies and insights.

Reporting to the Director, Internal Audit Services (CIA), we are looking to fill the vacant position of IT Audit Specialist. We are seeking an experienced individual who can bring new knowledge and skills to the Internal Audit Services Team and take the lead role in assessing, planning and executing audits in the areas of Information Technology and Cybersecurity, with the objective of ensuring key risks to achieving objectives have been identified; internal controls have been designed appropriately and evaluating their effectiveness; and providing value added advisory services to GreenShield.

Primary accountabilities include:

• Collaborate with key stakeholders, including IT leadership, Risk Management, Compliance, and business units to assist the Chief Internal Auditor in developing and maintaining an enterprise-wide IT Audit Universe, supporting the creation of a dynamic, risk-based IT audit plan that aligns with the organization's strategic objectives and emerging technology risks.
• Conduct assurance and advisory reviews to evaluate the design and operating effectiveness of technology assets and systems across the enterprise, ensuring that technology-related risks are properly identified, mitigated with adequate controls, and aligned with regulatory requirements and internationally recognized frameworks and standards.
• Lead and facilitate CSAE 3416 and SOC 2 audit engagements across the enterprise by coordinating with internal stakeholders and external auditors, ensuring readiness, timely execution, and resolution of identified control gaps to meet compliance objectives and service organization reporting requirements.
• Collaborate with stakeholders on enterprise initiatives and technology projects to provide proactive insights into risk, ensuring that IT risk considerations are embedded early in project planning and execution, and that appropriate controls are designed to support secure and compliant implementation.
• Work closely with the Chief Internal Auditor to build and strengthen the Internal Audit program, ensuring alignment with the IIA’s Global Standards and promoting audit practices that are risk-based, forward-looking, and value-driven in addressing strategic, operational, and technology risks across the enterprise.
• Provide leadership and mentoring to assist in the development of other IT audit team members by sharing technical expertise, offering guidance on audit methodologies and best practices, and fostering a culture of continuous learning, collaboration, and professional growth within the audit function.
• Monitoring the external environment to identify emerging IT security risks and incorporating them into the audit plan.

WHO WE'RE LOOKING FOR
We’re not looking for just anyone to fill this role. We are looking for an individual who can make an immediate impact. We’re seeking an individual who is confident and who knows what they’re talking about. We don’t want to be seen as “the police”; we want someone who is collaborative and can work with their audit clients to arrive at appropriate conclusions and recommendations to support the achievement of the organization’s objectives and to help create better health for all Canadians.

Education & Experience

• Minimum post-secondary degree or diploma in computer science, information systems, business, or a related field
• Professional certification(s) such as CIA, CISA, CISSP, CRISC, or CPA (with IT audit focus) preferred.
• 5+ years of experience in IT auditing, IT risk management, or IT compliance.

Skills & Knowledge

• Strong understanding of risk-based IT audit methodologies, including planning, execution, and reporting.
• Strong understanding of IT frameworks such as COBIT, NIST, ISO 27001, ITIL, and CIS Controls.
• Familiarity with cybersecurity, cloud technologies (GCP, AWS, Azure), ERP systems, and data analytics tools.
• Familiarity with CSAE 3416, SOC 1/SOC 2, and other assurance reporting frameworks, as well as applicable regulatory requirements (e.g., privacy laws, cybersecurity regulations).
• Ability to identify, assess, and articulate technology-related risks in the context of business and regulatory expectations.

Core Competencies

• Excellent interpersonal skills with the ability to collaborate and build relationships across IT, risk, compliance, and business functions.
• Excellent verbal and written communication, including the ability to convey complex IT risks and audit findings clearly to both technical and non-technical audiences.
• Ability to manage multiple assignments, meet deadlines, and work independently or as part of a team.
• Strong business acumen and experience in discerning priorities and critical accountabilities.
• Strong personal integrity and work ethic; takes responsibility; likes to be held accountable for results.
• Excellent planning, organizing, and time management skills with strong attention to detail.
• Sound knowledge of the Institute of Internal Auditors Global Internal Audit Standards.

Preference will be given to candidates with the following abilities:

• Bilingualism (English & French).
• Experience working in a regulated environment.
• Experience working in a multi-entity environment with multiple IT infrastructures.
• Previous experience in conducting SOC reviews.

THE CULTURE
We believe a career should be meaningful. Not just ameans to earn a living. Our culture is one where everyone's voice is heard andvalued. Because that’s what it takesto create better health for all. We dare to challenge the status quo. And we’redriven by people who have challenged theirs. We believe that yourworkplace should empower you to be the best version of yourself. That’s why we provide aplace where you can be inspired, challenged, and rewarded.

Where your growth means our growth.
Where your voice is heard and valued.
Where your work has purpose. And purpose matters.

We believe our people arecritical to our overall success. Inclusivity makes us a stronger, smarter andmore informed organization. Being intentionally inclusive of diversebackgrounds, perspectives and experiences will enhance our company culture topositively impact how we support our communities. A career at GreenShield isn’t just about personalachievements, it's about making adifference together.

Here’s to Better Health for All!

AFEW MORE DETAILS
Proficiency in English is requiredfor this position. As part of this role, you will be required to communicatewith colleagues or customers who use English as their primary language. By requiring English proficiency for thisposition, we aim to ensure that our employees can excel in their roles,collaborate, and communicate effectively, and contribute to the success of ourorganization.

GS supports diversity, equity andinclusion in our teams and communities, and we value the unique contributionsmade by all. Even if your experience doesn’t align perfectly to everyrequirement, we invite you to apply. We encourage applications fromall candidates and will accommodate needs under human rights legislationthroughout all stages of the recruitment and selection process. Please let usknow of any accommodation through requestforaccommodation@greenshield.ca. Information received relating toaccommodation will be addressed confidentially.

Providing this information givesGS consent to use your personal information to assess your suitability forspecific positions, future opportunities or for your personnel file. Yourrésumé will be held in strict confidence and will be viewed only by theOrganization. Information may be stored outside of Canada and could be used foraggregate statistical purposes (which uses no personal identification).