Position Summary :
Cogeco Peer 1 is looking for an Internal Security Assessor that will plan and execute security assessments that support the security and compliance strategy of the company.
The successful candidate will play a key role in the Legal and Business Assurance department in providing the business comfort that security and compliance risks are identified, assessed and reported appropriately.
Key Responsibilities :
Responsible for the ongoing certification and compliance with the Payment Card Industry (PCI) Data Security Standard (DSS) program throughout the organization including performing periodic assessments.
Leads the annual PCI DSS assessment and coordinates with the external assessors.
Assist in developing an audit program to address key risks identified by the business and conducting audit / assessments(including areas of the business outside of PCI requirements).
Conduct security specific assessments such as(but not limited to) third party vendors and applications.
Analyse technical controls for quality and provide advice to control owners.
Participate in policy and procedures review to ensure there is no conflict with current compliance reports.
Assist the Compliance team to develop the overall governance and compliance program for the company.
Prepare audit reports for management review
Assist with inquiries from both internal and external sources that pertain to technical security and compliance related questions.
Assist in other activities such as : Participate in RFP responsesProject and initiative impact reviews
Participate in RFP responses
Project and initiative impact reviews
Reviewing potential solutions and tools to be used by the business
Highly developed communication and influencing skills with ability to build relationships across the organization at all levels.
Detail oriented and ability to focus on granular level compliance and security issues
Ability to challenge constructively and enforce appropriate boundaries.
Ability to perform control reviews on systems development, operation, programming, control, and security procedures and standards.
Work Experience :
Proven experience as an IT security auditor.
Experience in performing or maintaining PCI DSS certification
Demonstrated knowledge and previous experience with other compliance audits and certifications such as : Service Organizational Controls(SOC) audit reports SOC 1 and SOC 2NISTHITRUST(HIPAA)ISO 27001
Service Organizational Controls(SOC) audit reports SOC 1 and SOC 2
Knowledge in organizational controls framework.
Research skills compiling and analyzing information.
IT and Systems knowledge general understanding of IT, operational support and business support systems.
Network knowledge general understanding of network technology and architecture(routing, firewalls, etc.)
Approximately 3-5 years experience in audit and compliance role.
Approximately 2-3 years experience in Audit Project Management.
Approximately 1-3 year(s) experience in security, IT, and network systems.
Degree or diploma.
PCI SSC Internal Security Assessor (ISA) preferred but not required
Certified Information Systems Auditor (CISM) preferred but not required
Applicable certification / professional qualification.