Canadian Bank Note Company

Auditor, IT Risk and Compliance - Corporate Information Systems Group

Canadian Bank Note Company$70K — $95K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • Eligible to work in Canada
  • Fluent in English (speaking, reading, writing)
  • Able to maintain Government of Canada Secret (Level II) security clearance
  • Willing to travel 2-6 weeks per year
  • Bachelor's degree in Information Systems or equivalent experience
  • 3+ years in a relevant auditing, compliance, and/or risk role
  • Knowledge of ISO 27001 and PCI-DSS compliance frameworks

Responsibilities

  • Create detailed audit plans and schedules for compliance
  • Conduct internal audits of IT systems and processes
  • Prepare detailed reports on audit findings
  • Present audit findings to management and compliance committees
  • Ensure IT systems comply with industry standards
  • Update internal policies for emerging compliance standards
  • Participate in risk management program maintenance

Benefits

  • Remote work model
  • Opportunity for professional development
  • Potential for certifications support
  • Participation in relevant security projects
  • Opportunity to influence compliance and risk programs
Full Job Description
Internal Job Title: Auditor, IT Risk and Compliance

Job Type: Permanent, Full-Time

Location: 18 Auriga Drive, Ottawa ON

Work Model: Remote

Position Summary

As an Auditor, IT Risk and Compliance in our Corporate Information Systems group, you will play a central role in developing, delivering and managing the compliance and risk programs and activities while also investigating and participating in relevant IT security projects that support the business needs of the organization.

Key Responsibilities

Audit Planning Execution and Reporting
  • Design Audit Plans and Schedules: Create detailed audit plans and schedules aligning with the organization's compliance requirements.
  • Conduct Audits: Perform comprehensive internal audits aligned with recognized frameworks (ISO/IEC 27001, ISO 14298, PCI DSS, SOC 2, CIS Controls etc.) of IT systems, applications, and processes with a strong focus on IT and cybersecurity risk.
  • Document Findings: Prepare detailed reports on audit findings, update registers, and highlight areas of concern and assessing corrective actions to ensure they will meet compliance requirements.
  • Present to Management: Present findings to senior management and compliance committees, ensuring transparency and accountability.

Compliance Monitoring and Management
  • Compliance: Ensure IT systems and procedures comply with industry standards and regulations such as ISO-27001, PCI, and SOC 2.
  • Framework Evaluation: Maintain currency for emerging compliance frameworks or as standards evolve. Update internal control frameworks, assess gaps and work with stakeholders to maintain our compliance.
  • Internal Policies: Create internal policies and procedures to meet emerging or evolving standards and as new technologies or threats are defined.

Risk Assessment and Management
  • Risk Program: Participate in the maintenance of our ongoing risk management program following CBN standard procedures.
  • Identify and Evaluate Risks: Collaborating with stakeholders and SMEs across the business to continuously assess IT risks.
  • Risk Documentation: Document identified risks and communicate them to relevant stakeholders, updating risk registers and following up with risk owners and reporting as necessary to executive committees.

Technical Guidance
  • Investigations: As required assist in investigating security events and participate in relevant root cause analysis development.
  • Consulting: Provide subject-matter guidance to business and technology teams on the interpretation and application of applicable compliance frameworks and standards, supporting informed decision-making and consistent execution.
  • Implementation Support: Provide advisory support during the implementation of compliance frameworks and control enhancements, including reviewing design approaches, validating alignment to requirements, and providing practical, risk-based recommendations without assuming control ownership.

Continuous Improvement
  • Supervise Corrective Actions: Oversee the implementation of corrective actions to ensure compliance issues are resolved effectively and promptly.
  • Process Enhancement: Continuously seek ways to improve processes and methodologies to enhance efficiency and effectiveness.


Qualifications

Mandatory Requirements
  • Legally eligible to work in Canada
  • Fluent in English (speak, read, write)
  • Able to obtain (in a timely manner) and maintain Government of Canada Secret (Level II) security clearance
  • Able to travel 2-6 weeks/year

Minimum Qualifications
  • Bachelor's degree in Information Systems (or similar) or equivalent combination of relevant education and additional relevant work experience or overall additional relevant work experience.
  • Certification and/or demonstrable knowledge/experience in compliance frameworks including ISO 27001:2022 and PCI-DSS v4.0+.
  • Working knowledge of industry recognized threat and risk management methodologies and frameworks.
  • Comprehensive knowledge of Unified Compliance Frameworks and GRC tools.
  • Thorough knowledge of current security trends, threat vectors and cyber security threats.
  • 3+ years of experience in a relevant auditing, compliance and/or risk role.
    • Experience in cybersecurity, corporate security, or highly regulated organization
    • Experience in developing and delivering compliance and risk assessments, creating, and presenting reports to management and liaising with external auditors.

Preferred Qualifications
  • Certification in a relevant audit discipline: BSI Internal Auditor, ISACA CISA, PECB Internal Auditor, or other relevant industry certification e.g. ISC2, GIAC, SANS, or equivalent
  • Certification and/or demonstrable knowledge/experience in various compliance frameworks including but not limited to ISO 14298, NASPO, SOC 2 (Type I and II), FedRamp, CSA and CSA Star-II.
  • 7+ years of experience in a relevant auditing, compliance and/or risk role
  • Fluent in Spanish (speak, read, write)

Soft Skills and Characteristics
  • Critical thinking skills
  • Organization and time management skills
  • Interpersonal skills
  • Teamwork and collaboration
  • Growth mindset


Additional Information

About Canadian Bank Note Company

The Canadian Bank Note Company is a security printing company that produces banknotes, passports, and other secure documents for governments and central banks around the world. The company was founded in 1897 and is headquartered in Ottawa, Canada. Canadian Bank Note Company has a global presence with operations in North America, Europe, Africa, and Asia. The company's products include banknotes, passports, driver's licenses, and other secure documents. Canadian Bank Note Company is known for its high-quality printing and security features, which help prevent counterfeiting and fraud. The company is also involved in the production of lottery tickets and other gaming products.
Learn more about Canadian Bank Note Company
Size
1,500 employees
Industry

Similar Jobs

More Jobs at Canadian Bank Note Company

More Information Technology Jobs

Find similar Auditor, IT Risk and Compliance - Corporate Information Systems Group jobs: