Senior Advisor, Buildings, Development, Security
Desjardins
IT Internal Audit Assistant Manager – Project Security
Intact
full-time
Posted on:
Location Type: Hybrid
Location: Montréal • 🇨🇦 Canada
Visit company websiteJob Level
Mid-LevelSenior
Tech Stack
AWSAzureCloudCyber SecurityGoogle Cloud Platform
About the role
- Lead IT portion of Real-Time Review of trusted advisory assignments, focusing on Cybersecurity, Artificial Intelligence, Secure Development Practices, Third-Party Risk Management, Project and Data Governance, Change Management, Cloud infrastructure, among others.
- Assist in planning and developing scope, and appropriate procedures for each review in accordance with departmental guidelines, IIA Standards, and relevant laws and regulations.
- Identify gaps in the Software Development Lifecycle of key projects and collaborate with stakeholders to provide recommendation that align with company’s internal standards or industry best practices.
- Support the audit team in kick-off and closing meetings, effectively communicate audit objectives, scope, findings and recommendations to management.
- Demonstrate expertise in security controls such as application security, logical access management, and data protection, providing valuable feedback to the first and second lines of business.
- Work with business stakeholders on issues follow-ups to ensure implementation of recommendations.
- Prepare concise memorandums for review by Portfolio Managers, Directors and Vice President of Internal Audit.
- Foster risk and control awareness across the organization by working with management and other line of defense functions.
- Advocate for application security within the organization and keep abreast of the latest security issues and technologies.
Requirements
- Post Secondary education in Information Systems, Computer Science, Software Engineering, or a related field - is required.
- A minimum of 3 years in IT auditing - is required.
- Recognized professional audit or security related designation (CIA, CISA, AAIA, CCSK, CCSP, CISSP, CISM, etc.).
- Working experience in reviewing software engineering controls related to project governance, data governance, IT and Data Security, testing and change/release management areas.
- Knowledge of best practices and strong security controls over cloud environments (AWS, Azure, GCP, etc.) or Artificial Intelligence (AI)/Machine Learning (ML) technologies and their security implication.
- Proficient in reviewing security vulnerabilities identified from different platforms such as middleware/container/automated pipelines with experience to independent assess the end-risk and root cause for each of the vulnerabilities.
- Knowledge of cyber security risks, assessments, reports and frameworks such as those published by leading organizations (e.g. NIST, ISO 27001, SOC 2 Type II, etc.) is an asset.
- Strong analytical skills that lead to accurate conclusions.
- Strong project management skills and solutions driven.
- Excellent written and communication skills.
- Experience using data analytics tools is an asset.
- Prior Big 4 firm and insurance industry experience is an asset.
- For candidates located in Quebec, bilingualism is required considering the necessity to interact on a regular basis with English-speaking colleagues across the country.
Benefits
- A financial rewards program that recognizes your success
- An industry leading Employee Share Purchase Plan; we match 50% of net shares purchased
- An extensive flex pension and benefits package, with access to virtual healthcare
- Flexible work arrangements
- Possibility to purchase up to 5 extra days off per year
- An annual wellness account that promotes an active and healthy lifestyle
- Access to tools and resources to support physical and mental health, embracing change and connecting with colleagues
- A dynamic workplace learning ecosystem complete with learning journeys, interactive online content, and inspiring programs
- Inclusive employee-led networks to educate, inspire, amplify voices, build relationships and provide development opportunities
- Inspiring leaders and colleagues who will lift you up and help you grow
- A Community Impact program, because what you care about is a part of what makes you different.
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
CybersecurityArtificial IntelligenceSecure Development PracticesThird-Party Risk ManagementProject GovernanceData GovernanceCloud InfrastructureSecurity ControlsSoftware Development LifecycleData Protection
Soft skills
Analytical SkillsProject ManagementCommunication SkillsSolutions DrivenRisk Awareness
Certifications
CIACISAAAIACCSKCCSPCISSPCISM