Information Technology Auditor

Position: IT Audit Portfolio Manager (Hybrid Work Model)Department: Internal Audit ServicesLocation: Hybrid, TorontoAs one of Canada’s most iconic and trusted companies ‘We are Here to Make Life in Canada Better’. We have a passion for customers, whether that means being the best in retail, financial services, building an innovative online shopping experience or leading an impressive loyalty program. The Internal Audit Services (IAS) team is a key function in the organization partnering closely with business to provide an independent perspective and risk insights.Reporting to the ‘Vice President, IT Audit’, you will be accountable for the execution of the technology portfolio through audit assurance, project reviews and risk advisory work, ensuring IT activities are consistent with the Company’s risk appetite and strategic goals. This includes executing and reporting on multiple concurrent audit engagements resulting in improvements to the overall risk/control environment of Canadian Tire Corporation (CTC).ResponsibilitiesContribute to CTC’s Internal Audit Services annual planning process ensuring suitable coverage of information technology and cyber risk within the audit universeLead information technology and cybersecurity process audits by developing and executing comprehensive audit plans that contain objectives, scope, deliverables, approach, resourcing, and scheduleConclude whether risks associated with information technology and cybersecurity processes are appropriately managed through existence of effective controls. Ensure that audit conclusions and recommendations are properly supported by audit evidence and that the audit report content is clear, concise and supported by the audit work completedPrepare and discuss audit findings with client and audit senior management; identifying significant issues in a business context, working with audit clients to identify and recommend feasible solutionsCollaborate with various audit teams on audits of significant CTC projects by addressing various system development and implementation and cybersecurity risks including in-depth assessment of project solution and security architecture, security risk assessments ensuring adherence to enterprise standards and best practicesAct as a risk/control subject matter expert (SME) for various IT infrastructure such as operating systems, databases, network devices, and cloud technologiesPromote compliance to CTC policies and procedures, standards, and guidelinesQualifications7+ years of IT audit or information technology experience with focus on cybersecurity or risk managementUniversity degree as well as CISA or CISSP or equivalent certifications are required. Other technology specific certifications are a plusExcellent working knowledge of audit, project management, and system development methodologiesExperience in the assessment of threats and risks over IT and cybersecurity processes and systemsSolid working knowledge and application of IT, cybersecurity, and service organization reporting control frameworks, specifically COBIT, NIST, and SOC (1 and 2)Knowledge of various industry regulations such as 52-109, PCI, PIPEDA, and GDPRStrong technical knowledge of various IT infrastructure and network components such as operating system (Windows, Linux), databases (Oracle), and network platformsKnowledgeable and experience in areas such as network security architecture, identity and access, threat and vulnerability, systems development security, data loss prevention, and endpoint protectionKnowledge and experience of various security tools (IDAM, Vulnerability Assessment, EDR, SIEM etc.)Strong understanding of public cloud networking and network security controls on platforms such as Azure, GCP, AWSExcellent relationship management, time management, organization, planning, and process mapping skillsWell-developed influential skills to resolve situations when there can be distinct differences of opinion between the client and the auditorSuperior verbal and written communication skills sufficient to prepare and communicate audit reports dealing with facts and concepts for presentations to client executives and external auditorsCommitted to providing a customer focus and valued added serviceWe encourage individuals from all backgrounds, including but not limited to race, ethnicity, gender, sexual orientation, age, disability, to apply for this position.As a condition of employment, this position is subject to the successful completion of Reference Checks and Criminal Background Checks.