IT AUDITOR (HYBRID)

WHO WE ARE

When it comes to health, we’re always looking for waysto push for better. It’s why we were founded in the first place. In 1957, ourfounder, pharmacist William Wilkinson, witnessed a mother sacrifice her healthby forgoing her own medicine to pay for her sick daughter’s prescription.

Heknew there had to be a better way. So, he introduced North America’s firstprepaid drug plan, and GreenShield was born as a not-for-profit with a missionto support better health for all Canadians.

We aren’t just a health and benefits company. We’rethe only not-for-profit social enterprise that brings worlds of coverage andcare together, all in one place.

We’re noble challengers, purposefully building a betterway and we need the best people to help us create a more holistic approach thattakes care of the mind and body.

Our mission is to create better health for allCanadians, and we know that starts with our employees.

THEROLE IN A NUTSHELL

Reporting to the Manager, Internal AuditServices, we are looking to fill the new position of IT Auditor. We are seekingan experienced individual who can bring new knowledge and skills to theInternal Audit Services Team and be responsible for assessing, planning and executing audits in the areas of InformationTechnology and Cybersecurity, as well as other strategic and processing areas,in order to ensure key risks to achieving objectives have been identified,internal control completeness and effectiveness has been evaluated, andproviding value added advisory services to GSC.

Key accountabilities include :

• Conduct comprehensive IT audits to assess the effectiveness of security controls, compliance with policies, and adherence to regulatory requirements.
• Review and analyze system configurations, network setups, and security measures to identify vulnerabilities and areas for improvement.
• Conduct SOC 1 & SOC 2 audits to ensure compliance with Trust Service Criteria (Security, Availability, Processing Integrity, Confidentiality, and Privacy).
• Conduct process and operational audits to evaluate the efficiency and effectiveness of business operations.
• Identify and assess business risk areas and research relevant best practices and strategies to develop audit programs for individual internal audits.
• Work closely with IT, IT Security, and other business units in an advisory capacity on various IT projects, system implementations, and technology initiatives.
• Provide technical expertise on risk, security, and control matters to support IT and business objectives.
• Build strong relationships with internal partners.
• Partner with management to develop recommendations for changes to processes and systems that will mitigate risk, improve performance and productivity.
• Accurately and thoroughly document all work performed in line with the IIA’s IPPF and the internal audit policy and procedures.
• Regularly communicate with stakeholders to obtain findings status and verify the successful implementation of recommended changes.
• Proactively identify opportunities to optimize the efficiency of audit processes, and methodologies to increase assurance coverage.

WHO WE'RE LOOKING FOR

We’re looking for a highlyorganized individual who can make an immediate impact. The successful candidate must have strongbusiness acumen, be innovative, be a problem solver, be comfortablecommunicating with individuals at all levels of the organization and isadaptable to changing circumstances.

Specifically, we’re looking for someone with :

• Minimum post-secondary degree or diploma in computer science, information systems, business administration or a related field.
• A professional designation is considered an asset, such as, Certified Information Systems Auditor (CISA), Certified in Information Risk and Control (CRISC), Certified Information Systems Security Professional (CISSP), or another relevant designation / certificate.
• Minimum 3 years of experience in IT auditing, cybersecurity, or related fields.
• Understanding of security frameworks, including NIST, ISO Standards, COBIT and CIS
• Familiarity with cloud services (, AWS, Azure, Google Cloud).
• Experience with SOC 2 audits, process audits, and operational audits
• Knowledge of cloud security principles and compliance requirements.
• Experience working with Technology platforms and must be familiar with performing audits of network, operating systems, applications, databases and other technical areas, including but not limited to Active Directory, Microsoft solutions, Firewall Technology, 3rd Party Management and Cloud solutions.
• Motivated to stay current on changes and trends in the IT / cybersecurity fields
• Excellent planning, organizing, and time management skills with strong attention to detail
• Strong written and verbal communication skills
• Strong personal integrity and work ethic
• General understanding of the Canadian regulatory environment
• Must be a team player with theability to work independently in a rapidly changing environment

NICE TO HAVE

• Bilingualism (English & French)
• Preference will be given to those who also hold a CIA designation.
• Experience working in a regulated environment.
• Additional IT Certifications (ISO 27001 Lead Auditor, CEH, CCAKCCSK, CISM,ITIL etc.)

THE CULTURE

We believe a career should be meaningful. Not just ameans to earn a living. Our culture is one where everyone's voice is heard andvalued.

Because that’s what it takesto create better health for all. We dare to challenge the status quo. And we’redriven by people who have challenged theirs.

We believe that yourworkplace should empower you to be the best version of yourself. That’s why we provide aplace where you can be inspired, challenged, and rewarded.

Where your growth means our growth.

Where your voice is heard and valued.

Where your work has purpose. And purpose matters.

We believe our people arecritical to our overall success. Inclusivity makes us a stronger, smarter andmore informed organization.

Being intentionally inclusive of diversebackgrounds, perspectives and experiences will enhance our company culture topositively impact how we support our communities.

A career at GreenShield isn’t just about personalachievements, it's about making a difference together.

Here’s to Better Health for All!

AFEW MORE DETAILS

Proficiency in English is requiredfor this position. As part of this role, you will be required to communicatewith colleagues or customers who use English as their primary language.

By requiring English proficiency for thisposition, we aim to ensure that our employees can excel in their roles,collaborate, and communicate effectively, and contribute to the success of ourorganization.

GS supports diversity, equity andinclusion in our teams and communities, and we value the unique contributionsmade by all.

Even if your experience doesn’t align perfectly to everyrequirement, we invite you to apply. We encourage applications fromall candidates and will accommodate needs under human rights legislationthroughout all stages of the recruitment and selection process.

Please let usknow of any accommodation through . Information received relating toaccommodation will be addressed confidentially.

Providing this information givesGS consent to use your personal information to assess your suitability forspecific positions, future opportunities or for your personnel file.

Yourrésumé will be held in strict confidence and will be viewed only by theOrganization. Information may be stored outside of Canada and could be used foraggregate statistical purposes (which uses no personal identification).