Skip to main content (Press Enter).
Sign in
Skip auxiliary navigation (Press Enter).
ISACA.org
Certifications
Online Forums
Volunteering
My ISACA
Join ISACA
Skip main navigation (Press Enter).
Toggle navigation
Home
About Our Chapter
About Us
Chapter Leaders
Member Benefits
Board Roles
Chapter Bylaws
Privacy Statement
One In Tech Foundation
Privacy Notice
Career
Jobs
Employee Resources
Employer Resources
Calendar of Events
Our Chapter Events
Search Events For All Communities
My Registrations
Academics
Partnership
Students
Certifications
Upcoming CRISC Events and Courses
Upcoming CISM Events and Courses
Upcoming CISA Events and Courses
Upcoming CGEIT Events and Courses
Contact Us
Career
Jobs
IT Security Auditor / Staff Accountant
IT Security Auditor / Staff Accountant
Chartered Professional Accountants
– North York
, ON
About the Opportunity
This is an exciting opportunity to work as a part of a growing Accounting firm located at Yonge
and Sheppard (Sheppard subway line) in North York.
In this
fast
-paced
environment, you will get
an
opportunity to master
various
areas of our profession.
Responsibilities and Duties
Performance expectations
IT Security Assessment
-
Responsible for analyzing and assessing client’s
IT infrastructure to test
the
design and
operational effectiveness of the processes and systems.
-
Perform or support risk assessments to identify information security
issues
-
Perform or support vulnerability assessments to determine
the organization's security
flaws
and weaknesses and communicat
e the findings
-
Analyze the security measures
to determine
effectiveness
and r
ecommend changes that will
improve security and associated controls
-
Analyze IT specifications to assess security risks including antivirus programs and network
security through firewalls, password protection and other systems
.
-
Inspect
networks and hardware for vulnerable points of access
.
-
Experience or understanding of
Security Architectural concepts and requirements
-
Perform penetration testing
and vulnerability assessment using tools like Kali
, Nessus, Parrot
etc
-
Suggest remediation for privacy breaches and malware threats
.
-
Serve as a security expert and conduct trainings when needed.
-
Draft policies and guidelines for
the
clients
.
IT Audit
-
Execute audits that primarily deal with technology in the areas of IT infrastructure, processes,
applications, operations, security and emerging technologies
-
Audit assurance, governance and control frameworks such as COBIT, NIST and ISO, Service
Organizati
on Controls (SOC) Reporting standards (e.g. CSAE 3416, SOC1,
SOC2
) and apply
IT risk and control concepts
-
Ability to prepare risk and controls matrix, perform risks and internal controls assessment by
identifying areas of non
-compliance; perform walkthroughs and document clearly document
the processes and controls; identify process weaknesses and operational issues; perform test
procedures and assist in completion of the report
.
-
Knowledge of plan
ning steps for
assurance
engagement i.e.
understanding organization
objectives, structure, policies, processes, internal controls; identifying risk areas; preparing
audit scope and objectives; preparing audit programs.
-
Ability to write comprehensive and easy to follow
audit work papers and memo
s, mapping
them with underlying
audit tests and findings
.
-
Strong knowledge of execution of audit program steps; testing key areas
; examining and
analyzing documentation; risks and internal controls; evaluating manual and automated
controls
; identifying proc
ess weaknesses and inefficiencies and operational issues
.
Provide advisory services to clients
on issues related to IT risk assessment, controls and
governance.
-
Ability to wrap up files independently
- prepare final reports as required by the frameworks /
standards; ensure compliance with Canadian / applicable Auditing Standards
.
-
Ability to wrap up the audit files with limited supervision.
A
dvisory work
-
Assist clients with the development
\ management of security strategies, policies, programs,
protocols, controls, tools for risk mitigation and security countermeasures.
-
Design and implementation of Identity Access Management tools
-
Assist clients with their
PCI certification process and assessment requirements
-
Perform ISO 27000 series audits
Others
-
Depending on client needs you may be asked to work on other advisory engagements
-
Various day to day office administrative functions as needed
Q
ualifications and Skills
R
equirements and Experience
Qualification
-
-
University degree (or college) in Computer Science, Information Technology, or other IT
-
related field of study.
-
The preferred candidate may also have one or more of the following designations:
o
CISA,
CIA, CISSP
or CISM
o
ISO Lead Auditor
o
PCI QSA
o
Certified Ethical hacker (CEH),
Offensive Security Certified Professional (OSCP)
,
Offensive Security Certified Expert (OSCE)
, CREST
, SANS GIAC Penetration Tester,
Web Application Penetration Tester, Exploit Researcher and Advanced Penetration
Tester.
Must have skills
-
-
Skills to plan, implement, administer, maintain,
and secure a computer network.
-
Have experience of an audit with a C
PA-CA
of IT Consulting
firm
– must
have done audit work
-
Must have knowledge of scripting languages such as perl, vbscript, *nix shell scripting
-
Previous experience with IDS and log correlation software (SIEM) is an asset
-
Excellent knowledge of cyber security standards, risks, threats, prevention measures, and
best practices.
-
Experiences in improving a vulnerability management process and/or a vulnerability
-scanning
concept.
-
Hands
-on
experience with vulnerability scanning and management processes and tools like
Qualys, ServiceNow Vulnerability Response.
-
Knowledge of
OWASP Top 10, OWASP ASVS, SANS, NIST, OWASP testing guide and
Penetration Testing Execution Standard
-
Experience with vulnerability management in cloud solutions
-
Sound computer user support skills, network administration skills and security and
vulnerability assessment and remediation skills
-
Knowledge with A
udit
ing Standards
Knowledge / Experience in the use of Caseware and C
aseview
-
Proficient with Microsoft Office applications (Word / Excel / Powerpoint /
Access
/ Visio
)
-
Project management -
Able to multitask and finish work in tight deadlines
and c
ommunicates
task
progress and findings by providing information in status meetings; highlighting
unresolved issues
-
Protects organization's reputation by keeping information confidential.
-
Good English writing skills
-
Ability to work under pressure
-
Willing and able to learn
and work independently with minimal supervision
-
At least 3
-year
experience in audit and cyber security
-
Willing to work additional hours and weekends to meet client needs
Good to have
skills
-
-
Knowledge of Controls audits / IT audits and
experience with SOX or SOC reports
-
Demonstrate an interest in pursuing relevant designations and completing the required
examinations
; maintaining personal networks; participating in professional organizations.
-
Preference will be given to applicants residi
ng in North York / Toronto
.
Contact:
sanjaychadha@savassociates.ca
Copyright 2023 ISACA. All rights reserved.
ISACA COMMUNITIES CODE OF CONDUCT
CHAPTER PRIVACY POLICY
Powered by Higher Logic