IT Internal Audit, Project Security - Hybrid

As the IT Internal Audit Assistant Manager (Project Security), you will lead independent reviews of IT projects and programs and will be responsible for supporting planning and execution of risk-based, process focused IT audit and advisory assignments with goal to improve the overall IT security and governance risk/control environment for key IT projects/programs developed.

The role offers a unique opportunity to work with a broad scope on a global team, where each member’s participation and value-add are key to the success of the Corporate Audit Services function. This position will primarily support the North America operations as part of our Real-Time Review (RTR) of projects audit team and will also support United Kingdom and Europe operations as required.

Advantages
Your enthusiasm is infectious. You challenge the status quo. You find solutions to problems. You go the extra mile to exceed customers’ expectations. You get things done the right way. You represent our brand with passion and pride. You are a team player. You have fun and you make work fun for those working around you.


Responsibilities
Lead IT portion of Real-Time Review of trusted advisory assignments, focusing on Cybersecurity, Artificial Intelligence, Secure Development Practices, Third-Party Risk Management, Project and Data Governance, Change Management, Cloud infrastructure, among others.

Assist in planning and developing scope, and appropriate procedures for each review in accordance with departmental guidelines, IIA Standards, and relevant laws and regulations.

Identify gaps in the Software Development Lifecycle of key projects and collaborate with stakeholders to provide recommendation that align with company’s internal standards or industry best practices.

Support the audit team in kick-off and closing meetings, effectively communicate audit objectives, scope, findings and recommendations to management.

Demonstrate expertise in security controls such as application security, logical access management, and data protection, providing valuable feedback to the first and second lines of business.

Work with business stakeholders on issues follow-ups to ensure implementation of recommendations.

Prepare concise memorandums for review by Portfolio Managers, Directors and Vice President of Internal Audit.

Foster risk and control awareness across the organization by working with management and other line of defense functions.

Advocate for application security within the organization and keep abreast of the latest security issues and technologies.


Qualifications
Post Secondary education in Information Systems, Computer Science, Software Engineering, or a related field - is required.

A minimum of 3 years in IT auditing - is required.

Recognized professional audit or security related designation (CIA, CISA, AAIA, CCSK, CCSP, CISSP, CISM, etc.).

Working experience in reviewing software engineering controls related to project governance, data governance, IT and Data Security, testing and change/release management areas.

Knowledge of best practices and strong security controls over cloud environments (AWS, Azure, GCP, etc.) or Artificial Intelligence (AI)/Machine Learning (ML) technologies and their security implication.

Proficient in reviewing security vulnerabilities identified from different platforms such as middleware/container/automated pipelines with experience to independent assess the end-risk and root cause for each of the vulnerabilities.

Knowledge of cyber security risks, assessments, reports and frameworks such as those published by leading organizations (e.g. NIST, ISO 27001, SOC 2 Type II, etc.) is an asset.

Strong analytical skills that lead to accurate conclusions.

Strong project management skills and solutions driven.

Excellent written and communication skills.

Experience using data analytics tools is an asset

Prior Big 4 firm and insurance industry experience is an asset.

For candidates located in Quebec, bilingualism is required considering the necessity to interact on a regular basis with English-speaking colleagues across the country.

Summary
This role will be in office 2 days a week and it's a hybrid with no exceptions.

Randstad Canada is committed to fostering a workforce reflective of all peoples of Canada. As a result, we are committed to developing and implementing strategies to increase the equity, diversity and inclusion within the workplace by examining our internal policies, practices, and systems throughout the entire lifecycle of our workforce, including its recruitment, retention and advancement for all employees. In addition to our deep commitment to respecting human rights, we are dedicated to positive actions to affect change to ensure everyone has full participation in the workforce free from any barriers, systemic or otherwise, especially equity-seeking groups who are usually underrepresented in Canada's workforce, including those who identify as women or non-binary/gender non-conforming; Indigenous or Aboriginal Peoples; persons with disabilities (visible or invisible) and; members of visible minorities, racialized groups and the LGBTQ2+ community.

Randstad Canada is committed to creating and maintaining an inclusive and accessible workplace for all its candidates and employees by supporting their accessibility and accommodation needs throughout the employment lifecycle. We ask that all job applications please identify any accommodation requirements by sending an email to accessibility@randstad.ca to ensure their ability to fully participate in the interview process.