IT Security Auditor / Staff Accountant

Chartered Professional Accountants – North York, ON

About the Opportunity
This is an exciting opportunity to work as a part of a growing Accounting firm located at Yonge and Sheppard (Sheppard subway line) in North York. In this fast-paced environment, you will get an opportunity to master various areas of our profession.

Responsibilities and Duties

Performance expectations
IT Security Assessment
-Responsible for analyzing and assessing client’s IT infrastructure to test the design and operational effectiveness of the processes and systems.-Perform or support risk assessments to identify information security issues-Perform or support vulnerability assessments to determine the organization's security flaws and weaknesses and communicate the findings-Analyze the security measures to determine effectiveness and recommend changes that will improve security and associated controls-Analyze IT specifications to assess security risks including antivirus programs and network security through firewalls, password protection and other systems. -Inspect networks and hardware for vulnerable points of access. -Experience or understanding of Security Architectural concepts and requirements-Perform penetration testing and vulnerability assessment using tools like Kali, Nessus, Parrotetc-Suggest remediation for privacy breaches and malware threats. -Serve as a security expert and conduct trainings when needed.-Draft policies and guidelines for the clients.

IT Audit
-Execute audits that primarily deal with technology in the areas of IT infrastructure, processes, applications, operations, security and emerging technologies-Audit assurance, governance and control frameworks such as COBIT, NIST and ISO, Service Organization Controls (SOC) Reporting standards (e.g. CSAE 3416, SOC1, SOC2) and apply IT risk and control concepts-Ability to prepare risk and controls matrix, perform risks and internal controls assessment by identifying areas of non-compliance; perform walkthroughs and document clearly document the processes and controls; identify process weaknesses and operational issues; perform test procedures and assist in completion of the report. -Knowledge of planning steps for assurance engagement i.e. understanding organization objectives, structure, policies, processes, internal controls; identifying risk areas; preparing audit scope and objectives; preparing audit programs.-Ability to write comprehensive and easy to follow audit work papers and memos, mapping them with underlying audit tests and findings. -Strong knowledge of execution of audit program steps; testing key areas; examining and analyzing documentation; risks and internal controls; evaluating manual and automated controls; identifying process weaknesses and inefficiencies and operational issues. Provide advisory services to clients on issues related to IT risk assessment, controls and governance.-Ability to wrap up files independently - prepare final reports as required by the frameworks / standards; ensure compliance with Canadian / applicable Auditing Standards. -Ability to wrap up the audit files with limited supervision.

Advisory work
-Assist clients with the development\ management of security strategies, policies, programs, protocols, controls, tools for risk mitigation and security countermeasures.-Design and implementation of Identity Access Management tools -Assist clients with their PCI certification process and assessment requirements-Perform ISO 27000 series audits

-Depending on client needs you may be asked to work on other advisory engagements-Various day to day office administrative functions as needed

Qualifications and Skills
equirements and Experience
Qualification -
-University degree (or college) in Computer Science, Information Technology, or other IT-related field of study.-The preferred candidate may also have one or more of the following designations: o CISA, CIA, CISSP or CISMo ISO Lead Auditoro PCI QSA o Certified Ethical hacker (CEH), Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), CREST, SANS GIAC Penetration Tester, Web Application Penetration Tester, Exploit Researcher and Advanced Penetration Tester.

Must have skills -
-Skills to plan, implement, administer, maintain, and secure a computer network.-Have experience of an audit with a CPA-CA of IT Consulting firm – must have done audit work -Must have knowledge of scripting languages such as perl, vbscript, *nix shell scripting -Previous experience with IDS and log correlation software (SIEM) is an asset-Excellent knowledge of cyber security standards, risks, threats, prevention measures, and best practices.-Experiences in improving a vulnerability management process and/or a vulnerability-scanning concept.-Hands-on experience with vulnerability scanning and management processes and tools like Qualys, ServiceNow Vulnerability Response.-Knowledge of OWASP Top 10, OWASP ASVS, SANS, NIST, OWASP testing guide and Penetration Testing Execution Standard-Experience with vulnerability management in cloud solutions-Sound computer user support skills, network administration skills and security and vulnerability assessment and remediation skills-Knowledge with Auditing Standards
Knowledge / Experience in the use of Caseware and Caseview-Proficient with Microsoft Office applications (Word / Excel / Powerpoint / Access / Visio) -Project management - Able to multitask and finish work in tight deadlines and communicates task progress and findings by providing information in status meetings; highlighting unresolved issues-Protects organization's reputation by keeping information confidential.-Good English writing skills-Ability to work under pressure-Willing and able to learn and work independently with minimal supervision-At least 3-year experience in audit and cyber security -Willing to work additional hours and weekends to meet client needs

Good to have skills-
-Knowledge of Controls audits / IT audits and experience with SOX or SOC reports-Demonstrate an interest in pursuing relevant designations and completing the required examinations; maintaining personal networks; participating in professional organizations.-Preference will be given to applicants residing in North York / Toronto.