IT Security Auditor

We are seeking an experienced IT Security Auditor to join our growing Security team. In this newly created role, you will primarily be accountable for assisting E-Comm in strengthening its security controls, mitigating risks, and maintaining compliance with relevant standards and regulations.

Reporting to the Manager, Security, you will be responsible for providing independent and objective assessments of E-Comm’s security posture by continually examining various aspects of our IT infrastructure, policies, procedures, and controls to identify vulnerabilities and assess risks, and recommending areas for improvements. In addition, this role is responsible for identifying the root cause and impact on E-comm’s security and is critical to protecting the organization's assets from cyber threats.

Our preferred candidate will be experienced in IT security audits and bring a blend of technical expertise with strategic thinking, in order to fortify our technology landscape. In this role, you'll not only assess and mitigate risks but also drive the development of innovative security practices.

Key responsibilities include :

• Developing audit plans and strategies based on risk assessments, regulatory requirements, and industry standards and best practices including key objectives, scope, and criteria for the audit process
• Developing the Audit Calendar and conducting audits of the organization’s systems, networks, and infrastructure to identify vulnerabilities, weaknesses, and threats
• Evaluating the effectiveness of existing security controls and mechanisms, including access controls, encryption, firewalls, and intrusion detection systems
• Assessing compliance of security controls and mechanisms against security policies, procedures, and standards
• Identifying gaps or weaknesses in security controls using security frameworks and standards such as NIST, CSF. CIS, or ISO 27001
• Contributing to the development of security policies, procedures, and guidelines to mitigate risks and strengthen the organization’s overall security posture
• Preparing comprehensive audit reports complete with findings, observations, and recommendations
• Communicating audit results to stakeholders including senior management, highlighting areas of concern, and recommendations for remediation; collaborating with stakeholders to develop and implement action plans
• Exploring innovative audit methodologies and stays up to date on emerging threats, trends, technologies, and requirements to ensure effectiveness of security assessments and recommendations
• Monitoring the implementation of corrective actions and remediation plans resulting from audit findings, and tracking and measuring progress towards improving the security posture
• Providing ongoing guidance and support on security practices to ensure that they remain effective and compliant over time
• Participating in security incident response and investigation efforts as needed, providing expertise and guidance in auditing responses

WHAT YOU WILL BRING :

• Bachelor’s degree in Computer Science, Information Security, Information Management, or a related field, with a minimum of 5-7 years of recent, related experience in security audits, risk assessments, and compliance reviews or an equivalent combination of education, training, and experience
• CIA, CRISC and / or IIA certification would be considered an asset
• Demonstrated experience working with information security principles, standards, and regulatory requirements
• Ability to identify security vulnerabilities, assess risks, and recommend effective remediation strategies
• In-depth knowledge of security frameworks and standards such as NIST, CSF. CIS, or ISO 27001
• Proficiency in evaluating security controls and assessing the effectiveness of security measures
• Familiarity with security tools and technologies including vulnerability scanning, penetration testing, and risk analysis
• Ability to develop audit plans and coordinate audit activities
• Detail oriented with strong analytical and critical thinking skills to mitigate security risks and adapt audit methodologies alongside evolving cybersecurity threats and emerging technologies
• Strong understanding of network security, encryption, authentication mechanisms, and access controls
• Detail oriented with strong analytical and critical thinking skills to mitigate security risks and adapt audit methodologies alongside evolving cybersecurity threats and emerging technologies
• Ability to effectively collaborate with cross-functional teams, including IT professionals, business stakeholders, and external auditors, to gather information, share insights, and address security challenges to ensure comprehensive and cohesive audit outcomes

SECURITY REQUIREMENTS :

As a condition of employment at E-Comm, the required Police Security Clearance applicable to the position must be acquired and maintained. This is a process carried out by our law enforcement partner agencies, facilitated by E-Comm. The minimum residency in Canada to qualify for this position, as established by our law enforcement partner agencies, is 5 years.

To qualify for this process, a candidate may be either a Canadian Permanent Resident or Canadian Citizen. We regret any candidates under Student, Visitor, or Work Visas are not eligible for consideration.

WHAT WE OFFER :

• Meaningful work - work with a sense of purpose, supporting the public and first-responders
• Competitive salary - with the opportunity for increases
• 4 weeks vacation to start
• Earned Time Off - eligibility to participate in our Accumulated Time-Off Program
• 100% paid extended health and dental benefits
• Pension – employer matched contributions to Municipal Pension Plan, a defined benefits plan
• Career development - we are supportive in developing your skills while pursuing your career at E-Comm

Vaccination Policy : E-Comm 911 has a vaccination policy that is currently suspended. However, should the policy be reinstated, it will be a requirement for all current and future employees.

JOB DETAILS :

• Number of positions : One
• Job status : Regular Full-Time
• Hours of work : Monday to Friday, 40 hours per week
• Wage / Salary : P 3| $100,172 to $125,216 annually (2024 rates)