Director, IT Infrastructure Audit
CA ON Toronto
HOOPP
The Healthcare of Ontario Pension Plan (HOOPP) provides a lifetime pension plan at retirement. We’re one of the largest defined benefit pension plans in Canada.Why you’ll love working here:
high-performance, people-focused culture
our commitment that equity, diversity, and inclusion are fundamental to our work environment and business success, which helps employees feel valued and empowered to be their authentic selves
learning and development initiatives, including workshops, Speaker Series events and access to LinkedIn Learning, that support employees’ career growth
membership in HOOPP’s world class defined benefit pension plan, which can serve as an important part of your retirement security
competitive, 100% company-paid extended health and dental benefits for permanent employees, including coverage supporting our team's diversity and mental health (e.g., gender affirmation, fertility and drug treatment, psychological support benefits of $2,500 per year, and newly extended maternity/parental leave top of 26 weeks)
optional post-retirement health and dental benefits subsidized at 50%
yoga classes, meditation workshops, nutritional consultations, and wellness seminars
access to an annual wellness reimbursement program for health and wellness-related expenses for permanent and temporary employees
the opportunity to make a difference and help take care of those who care for us, by providing a financially secure retirement for Ontario healthcare workers
Job Summary
The Director is accountable for providing leadership and independent assessments of the effectiveness and integrity of HOOPP’s Information Technology controls focused on IT Infrastructure. This role builds and maintains effective relationships with senior IT stakeholders including the Senior Managing Directors and the Executive team, that promote trust and increase efficiency while providing independent assurance and advisory services designed to evaluate and improve the effectiveness of risk management, control, and governance processes. You are accountable for the audit plan execution across assigned business areas and will be a subject matter expert on Information Technology Infrastructure that includes information security, technology systems including Cloud services. The Director reviews ongoing internal audit processes and identifies and implements changes and oversees complex projects while mobilizing a team. These projects include building board and executive dashboards, supporting the rollout of data analytics within the internal audit plan and upskilling the team. The Director develops and maintains a risk-based IT Audit Universe and IT Audit Plan and is responsible for audit prioritization and resource allocation throughout the year. The position has significant direct interaction with senior executives in the Information Technology, Investment Management, Plan Operations, and Corporate divisions.
What you will do:
Develops, maintains, and implements a risk-focused IT Audit Universe and IT Audit Plan and is responsible for audit prioritization and resource allocation throughout the year. Ensures that audit priority, scope, and issue ranking decisions are risk-based. Concludes on the design and effectiveness of controls.
Advises senior leadership on impacts of changes in regulations and the industry and recommends impacts to the IT audit plan and IT audit universe.
Develops Board Committee and Management reporting materials for assigned responsibilities. Responds quickly and appropriately to Board / Senior Management audit related questions.
Manages a team of seasoned IT audit professionals. Reviews and approves audit work products to ensure thorough and effective coverage, as well as timely and effective escalation of issues and conclusions.
Oversees the ongoing progress and remediation by management for all outstanding technology audit observations.
Experience with building dashboard and reports to communicate and advises Senior Management.
Develops and deepens relationships with key internal and external stakeholders that include but are not limited to: Executive and senior management; internal control and risk partners; external auditors; external subject matter experts; industry peers and enable a culture of continuous improvement
Presenting and persuading senior executives and will present relevant audit findings at Senior Leadership Committee meetings.
Works closely with Risk, Compliance, IT and Finance to support the resolution of audit issues and determines the closure of ongoing audit findings.
Has excellent project management skills ensuring that IT audits meet department and industry quality expectations and milestone dates.
Provide specialized in-depth subject matter expertise in Cybersecurity and IT infrastructure risk management. Leads technical assessments to identify vulnerabilities associated with network, infrastructure, software, and hardware. Advise on ongoing and emerging cybersecurity, regulatory and technology risks
Lead the design and execution of IT audit strategic initiatives.
Builds and implements an effective Continuous Monitoring Program built upon regular relationship management meetings and committees that focus on technology and emerging IT risks, regulatory matters, and best practice trends in the industry.
Builds and implements a risk-based analytic program and capabilities. Applies innovative automation and advanced analytical techniques to test hypotheses and add insights into audit findings.
Conducts research on industry trends, risks and make strategic and tactical recommendations. Keeps abreast of changes in audit practices, regulatory requirements, and Risk frameworks to understand their impact to internal auditing e.g. NIST, COBIT, ISO2700x. Updates senior leadership and the board on the propose audit updates based on these changes.
Perform other duties as requested.
What you bring:
15 years or more of relevant experience in information technology and leading IT infrastructure, applications and cyber security assessments along with a CISA certification.
Additional security certifications and designations such as CISSP, CISM, CompTIA Security, CEH is an asset.
Broad and deep knowledge of the general security threat landscape and regulatory requirements
Advanced understanding of IT and cybersecurity-specific risks and controls, as well as related frameworks, standards or guides, relevant provincial and federal regulatory requirements, and industry leading practices and risk trends
Experienced in Technology infrastructure, applications, cloud services and cyber security.
Proficient in leading, designing and the development of project specific approaches or testing methodologies, auditing principles and techniques.
Experience in leading system development reviews of new IT system implementations.
Hands-on knowledge of networking, coding, penetration testing and/or code review
Management experience in coaching and developing a team of seasoned professional staff
Advisory experience on cybersecurity, regulatory and technology risks and mitigating strategies
Experience building and implementing a Continuous Monitoring Program, innovative IT Audit Program or Data Analytics Program within the internal audit space.
Experience in Board & Senior Management Reporting
Bachelor’s degree in Computer Science, Management Information Systems, or a comparative field.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Analytics Audits Automation CEH CISA CISM CISSP Cloud COBIT Compliance CompTIA Computer Science Data Analytics Finance Governance ISO 27000 IT infrastructure Monitoring NIST Pentesting Risk management Security assessment Vulnerabilities
Perks/benefits: Career development Fertility benefits Health care Parental leave Startup environment Team events Wellness Yoga
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Security Operations Engineer jobs
- Open Information Security Officer jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Product Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Penetration Tester jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Security Consultant jobs
- Open Senior Information Security Analyst jobs
- Open IT Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Manager Pentest H/F jobs
- Open Information System Security Officer jobs
- Open Information Security Architect jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open Network security-related jobs
- Open Analytics-related jobs
- Open SOC-related jobs
- Open CISA-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open Vulnerability management-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs
- Open Security Clearance-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open Security assessment-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open Java-related jobs
- Open EDR-related jobs
- Open PowerShell-related jobs