IT - Systems Integration
Oct 21, 2017
Our client in North York is seeking an experienced IT Controls and Compliance Specialist to lead internal and external controls assessments that will maintain and improve the security posture and compliance specific to contractual and regulatory requirements for internal and business partners. The ideal candidate has a strong knowledge of regulatory requirements in the banking and payments industry and has proven experience in implementing frameworks and related audit processes and programs, specific to IT General Controls and IT Security.
The IT Controls and Compliance Specialist will be able to effectively define, implement, promote, educate, assess, report, and facilitate assessments on IT Security and IT management best practices, both on site and at 3rd party partners and service providers. The ability to assess and rate risks, with a keen sense of how to balance between business efficiency/operations and security risks is essential. He/She will be able to develop and maintain metrics and dashboards with information relevant to the board.
- Facilitate 3rd party due diligence assessments of IT Security and General Controls, including assisting stakeholders in preparing for such assessments, respond to due diligence questionnaires, identify improvements to controls that can help meet 3rd party standards and expectations in a way that also meet business and operational needs
- Build and support security and compliance requirements framework that facilitates a mode of operation of ongoing compliance with internal policies and procedures, contractual and regulatory requirements (including PCI-DSS)
- Report and track the results of internal or external assessments, and the impact these findings bring to the organization and the compliance program.
- Maintain this security and compliance framework incorporating changes and additions to contractual and regulatory requirements into specific internal controls and validation activities. Communicate these changes to stakeholders.
- Facilitate the development and execution of compliance remediation and risk mitigation activities by assisting stakeholders with identification and evaluation of options and reviewing priorities with management
- Build and maintain metrics and dashboards that will inform management of compliance incidents, their severity and possible impacts as well as, significant exceptions, and risk mitigation activities
- Facilitate risk assessments and definition of security controls for systems and services under development
Required Skills and Experience:
- Undergraduate degree in computer science, networking, accounting, finance or a related field, or sufficient experience in IT internal auditing, or other field that would provide the same basic knowledge
- A minimum of 6 years operational IT audit experience in an environment that provides exposure to sophisticated information systems audit techniques, network security, technology infrastructure, software development, project management, or a related field for which Internal compliance and audit has a need
- Certification as a Certified Information Systems Auditor (CISA) and/or specific to the information technology industry such as a CISSP, Certified Information Systems Security Professional, or other equivalent certification
- In depth working knowledge of Payment Card Industry Data Security Standards (PCI DSS) and first hand on experience leading the successful implementation of controls for compliance with PCI DSS
- Demonstrated critical thinking and analytical skills
- Exceptional oral and written communication skills suitable for all levels of management. Ability to negotiate and inspire effective, timely, proactive or corrective action by management.
- Must be able to travel – estimated at 15% of the time
- Hands on experience with GRC tools
- Previous experience performing vendor due diligence exercises or responding to due diligence exercises of financial institution
- Experience in defining and building compliance metrics and related tools/systems