Infosec Grc Specialist

We are banking at another level.

Choosing BDC as your employer means working in a healthy, inclusive, and skilled workplace that puts forward the best conditions to bring together unique teams where employees are empowered to act. It also means being at the centre of ambitious economic and financial projects to see further and to do things differently, to fuel the success of Canadian entrepreneurs.

Choosing BDC as your employer also means:
- Flexible and competitive benefits, including an Employee Savings and Investment Plan where BDC matches part of your voluntary contributions, a Defined Benefit Pension Plan, a $750 wellness and health care spending account, to name a few- In addition to paid vacation each year, five personal days, sick days as necessary, and our offices are closed from December 25 to January 1- A hybrid work model that truly balances work and personal life- Opportunities for learning, training and development, and much more...

POSITION OVERVIEW

The Specialist position within the GRC team will support the follow-up process of IT audits and assist in the management of internal IT controls, including recommendations, deadlines, action plans, as well as compliance activities for updating IT policies and guidelines. He will also be the focal point for internal customers (IT departments) for the organization's internal controls tests.

The activities will also comprise in the support and operation of the risk events process, reporting and performing investigations in events:
- Conduct business process and control walkthroughs- Gather information to understand the context, risks and intended control operation to be tested.-
- Analyze the design of controls/observations/recommendations around the underlying system architecture in the context of information technology controls such as security, availability and performance and their impact on business-aligned technology groups.- Document and maintain the methodology for assessing the security and technological risks of projects (definition of requirements, assessment, implementation, and operational readiness).- Deliver in-depth risk assessments/reviews, including identifying and documenting risks and controls, creating detailed process flows and assessing the implementation.- Liaise with the various internal stakeholders for IT Risk Management / IT Internal controls matters.

CHALLENGES TO BE MET-
- Audit non-technical areas including IT governance, project management and systems development.- Synthesize data and observations into findings and effectively communicate conclusions in writing and orally.- Analyze complex sets of data using Excel, Access, VBA and other advanced scripting and analytical tools that help operate and visualize data.- Understand Investment Banking and Broker Dealer related risks and regulations.-
- Handle multiple, simultaneous, and various ad-hoc requests.- Exercise strong attention to detail.- Ability to work independently, prioritize and work in a dynamic, deadline-focused environment.- Ability to form complex ‘communications / messages’ in a simple, clear and concise manner to the various profiles and departments within our organization in both French and English.- Excellent verbal and written communication skills in both official languages

WHAT WE ARE LOOKING FOR:
- 3-5 years performing audits of systems, physical, logical, or cyber security in a technical environment using generally accepted auditing standards consistent with internal control frameworks.- General knowledge of applicable regulatory requirements and expectations related to investment banking and broker-dealer activities.- Excellent understanding of modern governance, risk and control frameworks, including the three lines of defense- Excellent knowledge of risk management and internal control frameworks such as Cobit, COSO 2013, Sarbanes-Oxley and SEC NI 52-109, including IT-related controls, audit techniques, risk assessment methodologies and best practices- B.A./B.S in Computer Science, Information Security, Engineering or equivalent discipline or CPA- Relevant IT audit certifications are a plus, such as:
- Systems Auditor (CISA) a plus- Certified Internal Auditor (CIA) a plus- Audit experience covering cloud-based infrastructure is a plus, but not required

.