Mgr Internal Audit

Description:

Reporting to the AVP of IS Audit, the Technology and Cyber Audit Manager will support the achievement of Internal Audit’s vision to provide bold insights for a company that delivers on its promises to customers, by: 

Leading and oversee auditors in performing audit planning, test program development, execution and reporting in multiple regions, including:
Plan and lead collaborative risk-based Information and Cyber Security audits of moderate to high complexity in a local and global context and conclude whether risks are appropriately managed through the existence of effective controls or other techniques. 
When assuming a supervisory role, the auditor is expected to develop a comprehensive audit plan clearly outlining the objective, scope, deliverables, approach, resourcing, communications, and schedule. 
Ensure quality of assignments through effective application of the Audit Standard Methodology for Lifeco and appropriate use of specific applications and tools. 
Strive for efficient use of audit resources by monitoring execution of audits assigned, timely escalation, and management of conflicts. The incumbent is expected to seek and obtain direction, perspective and resources as required to complete the assigned audit on time and within budget. 
Serves as subject matter expect for global Internal Audit and stakeholders related to cyber security technology and processes including cloud, infrastructure, applications, and virtualization. 
Prepare and deliver effective presentations to stakeholders at audit opening and closing meetings as a means of communicating and gaining their agreement and understanding of audit plans and audit results. 
Provide value-adding and effective audit recommendations to stakeholder’s senior management identifying significant issues in a business context, working with audit stakeholders to identify and recommend feasible solutions. 
Present audits conclusions and reports in a relevant context and applicable to Canada Life by ensuring they are supported by an orderly accumulation and analysis of documented audit evidence and that the content is clear and concise. 
Perform accountabilities with minimal supervision and provide audit management and audit stakeholders with regular status updates of audits and assignments. 
Actively seek to be informed of industry and corporate initiatives and trends to support effective audit continuous monitoring of the organization’s proper management of information and cyber security risks. 
Leading and/or participating in professional practice and improvement initiatives. 
Cultivating business relationships and work collaboratively with other functional areas. 
Creating and maintaining a positive work environment. 
Seeking learning and development opportunities in line with organizational needs and personal aspirations. 

What You Will Bring

Strong working knowledge of governance, risk, control frameworks and audit methodologies
Maintain information systems competency through ongoing professional development and staying abreast of emerging technologies, risks and controls in information and cyber security. 
Provide direction, guidance, and expert advice to audit teams globally to allow definition of effective assessments on information and cyber security risk management. 
When required, prepare, and deliver effective presentations on various audit and information security related matters to Audit senior management and relevant stakeholders across the organization. 
Identify and advise Audit teams globally on the use of relevant data analytics and other advanced techniques and tools in order to improve efficiency and effectiveness of audit assessments. 
Establish and maintain solid relationship with audit stakeholders to serve a catalyst of positive change and improvement of information and cyber security risk management. 

Required Qualifications And Competencies

7+ years of information technology and/or cyber security industry experience is required. 
Experience in auditing current and emerging technologies and cyber related risks
Experience in auditing “Full Stack” - hardware, software, systems, applications, and processes
Knowledge and practical experience with security assessment tools (exploit tools, vulnerability assessment, SAST, DAST) and Security Operations Centre software (IDS, IPS, SIEM, EDR, etc.). 
Knowledgeable and experience in areas such as network security architecture, disaster recovery and business resiliency, penetration testing, authentication, privacy, vulnerability assessments, data loss prevention, web application security, secure coding assessment, cloud security, DDoS protection, encryption, and malware protection. 
Experience in using automation and data analytics tools including ACL, Power Query, advanced Excel, Power BI, etc. 
Working knowledge of Canada Life’s primary business areas or other financial institutes would be an asset. 
Bachelor’s degree in information technology, Computer Science or equivalent is required. 
Excellent verbal, presentation and written communication skills and ability to communicate at all levels of the organization. 
Proven ability to build and maintain trusted collaborative business relationships with the ability to engage and influence others. 
One or more of the following certifications: CISA, CISM, CISSP, CCSP, GCIA is required.