Job Description :
Are you looking for unlimited opportunities to develop and succeed? With work that challenges and makes a difference, within a flexible and supportive environment, we can help our customers achieve their dreams and aspirations.
The Senior Technology Auditor participates in the execution of large, complex and sensitive projects of all types (key risk audits, systems development audits, SOX / MAR audits, policy and standard review, data analytics, program and project audits, investigations, consulting and other special projects) to deliver high quality, professional, cost-
effective, valuable and risk-based audit services related to Manulife’s application and infrastructure supporting information services and products.
The scope of the senior auditor’s accountabilities includes developing and executing risk assessments and audit procedures to cover the management of information services and technology, including those of emerging risk areas such as cybersecurity, mobile and web development, big data, Agile software development environments, digital transformations, cloud-
based applications, DevOps and DevSecOps, and data center security. The Senior Technology Auditor will assist in audit planning;
executing engagements to deliver on the audit plan and assist audit lead in reporting.
RESPONSIBILITIES INCLUDE :
Understand the company’s technology strategy, operations and regulatory environment to dedicatedly identify areas of emerging and heightened risk related to technology that affect the company.
Reach agreement with management the risks affecting the technology unit; develop risk management objectives and audit programs to evaluate these risks;
Understand Information Technology control environment to assess and evaluate the effectiveness and efficiency of internal controls and operating practices;
Execute multiple simultaneous projects within time budgets and target dates as well as quality of execution, reporting any timing problems or budget over-
runs to Manager or Director.
Execute audit projects to cover key risks and produce relevant audit reports that clearly articulate the position on risks and related issues.
Assist in developing and implementing a strategy to gain ongoing assurance over information services through automated methods.
Find opportunities to automate testing using toolsets deployed internally or through the assessment of other monitoring / analytic tools available in the market.
Assist in performing assessments of information services processes new to the company.
Assist in the development of agendas, audit objectives and scope, test procedures, and requests lists.
Lead client meetings and maintain excellent client relationships.
Clearly communicate potential issues and evaluate corrective action plans.
Knowledgeable about cybersecurity concepts including security operations, version control tools, secure code development, code scanning, code reviews, application penetration testing, vulnerability management, DLP, SIEM, security engineering, cryptography, cloud security, security architecture, cyber threat intelligence, Azure, AWS, virtualization
Knowledgeable about network security concepts and tools including network access controls, intrusion detection and prevention, central authentication, network penetration testing.
Knowledgeable about infrastructure technology including operating systems, databases, active directory, firewalls, routers, switches, information risk management, vendor management, ethical hacking tools and toolsets Qualys, Splunk, Netskope, Zscaler, Nmap, Kali Linux.
Knowledgeable about IT general control concepts, such as, access security, change management, incident management, asset and configuration management.
QUALIFICATIONS DESIRED :
Excellent communication skills and ability to work collaboratively and independently.
University degree in accounting, information systems, or other relevant degree or equivalent experience. A recognized IT security / audit (CISSP, CISA, or similar) designation or equivalent experience is preferred.
Experience working in a client-facing, matrix, project-based organization is helpful; typically gained through prior audit, advisory, consulting, or public accounting experience in a Big Four or other professional services firm, or other large organizations.
Working knowledge or prior experience with information systems and operations used in the insurance industry and financial services industry is preferred;
Experience analyzing complex data sets; Prior experience auditing various software development environments, including Agile is preferred;
Ability to quickly comprehend business processes and identify the risk implications, analyze complex situations, reach appropriate conclusions, and make beneficial and practical recommendations;
In depth knowledge of audit methodologies, system development methodologies, control frameworks and risk management practices, and regulatory requirements;