Senior 3rd Party IT Auditor

Company: Direct IT Recruiting Inc.

Location: Pickering

Status: 2 Month Contract

Job Reference No: 740

Job Category: IT Auditor, CTPRP, CISA, CCSP, CCSK, CISSP, GSNA, CISM

Career Level: Senior

Number of Staff to Supervise: N/A

Work Experience: 10+ years IT Audit, 3 years in 3rd party assessments

Industry: Government, OPS

Apply

 

Senior 3rd Party IT Auditor

 

Job Title: Senior 3rd Party Auditor

Company: Direct IT Recruiting Inc.

Location: Pickering, Ontario

Status: 2 Month Contract

Job Category: IT Auditor, CTPRP, CISA, CCSP, CCSK, CISSP, GSNA, CISM

Career Level: Senior          

Work Experience: 10+ years IT Audit, 3 years in 3rd party assessments

Industry: Government, OPS

                               

REQUIREMENTS:

 

- Bachelor's degree (or higher) in Computer Science, Business Administration or IT Administration.

-  Industry recognized certifications within the domains of information security (e.g. CTPRP, CISA, CCSP, CCSK, CISSP, GSNA, CISM, etc.) considered a plus

- 10+ years experience of IT Audit, with 3 years experience of 3rd party assessments.

- Expert knowledge in security compliance, security audit and security assessment (execute scans, analyze scans, classify risk ranking, propose a solution, identify security controls gaps and propose controls to mitigate risks)

- Information Security experience specifically in third party and technology assessments.

- Functional knowledge of common information security controls, security frameworks and standards (e.g., ISO 27001, ISO 27018, SOC 1 / SSAE 16 & 18, SOC 2, NIST CSF, PCI-DSS, COBIT, CSA CCM, SIG) and ability to glean significance from findings identified in these reports and various work you're doing

- Comprehensive knowledge of third party lifecycle management and vendor risk management methodologies, including associated regulatory and industry guidance

- Good knowledge of Information Security, Business Continuity, and IT Audit methodology and concepts

- Deep understanding of inherent technology risks and the ability to translate these risks into business language.

- Advanced analytical, problem solving, design, and implementation skills to facilitate resolution of technical compliance issues and support maintenance of an effective controls environment

- Ability to effectively communicate to all levels of the organization, including senior management, business partners and third parties

- Solid experience with risk assessment, information security, and technical IT infrastructure knowledge of key infrastructure technologies (e.g. Operating Systems (Windows/UNIX/Linux), databases (SQL, Oracle, Sybase, etc.), networking, middleware, Cloud and Cyber, etc.