Auditor, IT Risk and Compliance - Corporate Information Systems Group in Canada Creek, Nova Scotia at Jobgether
Explore Related Opportunities
Job Description
This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for an Auditor, IT Risk and Compliance - Corporate Information Systems Group based in Canada.
As an Auditor, IT Risk and Compliance, you will play a key role in strengthening IT governance, cybersecurity, and compliance across a complex technology environment. Working remotely as part of the Corporate Information Systems team, you will help develop and manage audit, risk, and compliance programs while collaborating with technical and business stakeholders. This position offers the opportunity to assess security controls, support regulatory compliance, and contribute to continuous process improvement using industry-leading frameworks. You will provide expert guidance on risk management, participate in security initiatives, and help ensure critical systems remain secure and compliant. This is an excellent opportunity for an analytical professional who enjoys solving complex challenges and making a meaningful impact on enterprise-wide information security practices.
- Plan, execute, and report on internal IT and cybersecurity audits using recognized compliance frameworks such as ISO 27001, PCI DSS, SOC 2, CIS Controls, and other industry standards.
- Develop detailed audit plans, document findings, assess corrective actions, and present audit results and recommendations to management and governance committees.
- Monitor organizational compliance with applicable regulatory requirements and industry frameworks while maintaining and enhancing internal control frameworks and policies.
- Participate in enterprise IT risk management activities by identifying, assessing, documenting, tracking, and reporting technology and cybersecurity risks.
- Collaborate with business stakeholders and subject matter experts to evaluate compliance gaps and recommend practical, risk-based improvements.
- Support investigations of security incidents, contribute to root cause analysis, and provide technical guidance on compliance and security-related initiatives.
- Advise project teams during the implementation of new controls and compliance frameworks while ensuring alignment with organizational and regulatory requirements.
- Monitor corrective action plans, promote continuous improvement initiatives, and enhance audit methodologies, governance processes, and risk management practices.
- Bachelor's degree in Information Systems, Information Technology, Cybersecurity, or a related field, or an equivalent combination of education and relevant professional experience.
- Minimum of 3 years of experience in IT auditing, IT risk management, compliance, cybersecurity, or a similar role within a regulated environment.
- Strong knowledge of compliance frameworks such as ISO 27001:2022, PCI DSS v4.0+, SOC 2, and related governance, risk, and compliance standards.
- Working knowledge of threat and risk assessment methodologies, cybersecurity principles, and Governance, Risk, and Compliance (GRC) tools.
- Experience conducting compliance assessments, developing audit reports, presenting findings to management, and collaborating with external auditors.
- Strong understanding of current cybersecurity threats, security trends, and control frameworks.
- Professional certification such as CISA, BSI Internal Auditor, PECB Internal Auditor, ISC2, GIAC, SANS, or an equivalent credential is considered an asset.
- Additional experience with frameworks such as ISO 14298, FedRAMP, CSA, CSA STAR, or NASPO is preferred.
- Excellent analytical thinking, organization, communication, stakeholder management, and collaboration skills.
- Fluent English language skills are required; Spanish language proficiency is considered an advantage.
- Must be legally eligible to work in Canada, able to obtain and maintain Government of Canada Secret (Level II) security clearance, and willing to travel approximately 2 to 6 weeks per year.
- Permanent, full-time remote position based in Canada.
- Competitive compensation package.
- Comprehensive health, medical, and life insurance coverage.
- Defined contribution pension plan with employer matching.
- Opportunity to work on enterprise-level IT risk, cybersecurity, and compliance initiatives.
- Collaborative and inclusive work environment that supports professional growth and continuous learning.
- Exposure to a wide range of industry-leading compliance frameworks, governance programs, and security projects.