IT & Cybersecurity Control Testing Auditor

**Description de l'entreprise**Wepoint est l’architecte des grandes transformations des entreprises et des acteurs publics.Nous accompagnons nos clients de la stratégie à la mise en œuvre technologique, en nous attachant toujours à penser au-delà des évidences et à s’inscrire dans des logiques de Responsabilité Économique, Sociale, Environnementale et Technologique (RESET), pour créer de nouvelles façons de travailler, de nouveaux modèles économiques et de nouveaux lieux intelligents.En près de 20 ans, nous sommes devenus l’un des acteurs majeurs de la transformation numérique et employons 3 500 collaborateurs en Europe, en Tunisie et en Amérique du Nord ainsi qu’en Asie Pacifique.**Ce que nous recherchons**COURAGE - AUTHENTICITÉ - OUVERTURE - ENGAGEMENT - ÉLÉGANCEAutant de valeurs qui rejoignent les collaborateurs de Wepoint.Au cœur des relations humaines et du respect de notre environnement, chez Wepoint, se trouvent l’authenticité et la volonté de toujours tendre vers l’excellence pour nos clients.**Responsibilities*** Lead and conduct reviews as part of the annual control plan, focusing on risks related to information technology, information security, and cybersecurity;* Conduct walkthroughs (reconstructions of business and control processes) to gather the information needed to understand the context, risks, and expected functioning of the controls to be tested;* Scope, plan, and execute technology and compliance control audits with the following focus areas: Design and execute tests to validate application controls (system controls), which may include data analysis, code inspection, and system process re-execution; Analyze the design of controls around system architecture (security, availability, performance) and their impact on technology teams aligned with the business; Analyze business and technology processes to assess the effectiveness of relevant controls; Validate that system functionalities meet business, technical, and regulatory requirements.* Identify issues through testing and ensure that appropriate action plans are developed by the business to correct deficiencies;* Discuss findings and conclusions with stakeholders (business, functions tested);* Document audit work and draft final test reports to formally communicate findings;* Verify that corrective actions agreed upon by the business are implemented on time;* Maintain regular engagement and provide feedback to key stakeholders within compliance, risk, and business units;* Assist the audit manager in developing the annual risk-based test plan.**Education and certifications*** Bachelor's degree in computer science, information security, engineering, or equivalent field;* IT audit/security certifications preferred: CISA (asset), CISSP, CPA, CIA;* **Excellent oral and written communication skills in English, as the position requires communicating with teams located outside Quebec.****Qualifications*** 7–11 years of professional experience in financial services or equivalent environment;* 3–5 years of experience in systems auditing, physical/logical security, or cybersecurity in a technical environment, applying recognized auditing standards consistent with internal control frameworks;* General knowledge of regulatory requirements applicable to banking investment and broker-dealer activities;* AML experience and securities licenses: a plus.**Technical skills and tools*** Frameworks and regulations: NIST, FFIEC, ISO, GDPR, NYSDFS, FISMA, etc.;* Data analysis and management tools: Scripting: Python, VBA; Relational databases: T-SQL, PL/SQL; Data visualization: Power BI, MicroStrategy, Spotfire.* Proficiency in Microsoft Word, Excel, PowerPoint;* Excellent writing skills.**Required profile*** Mastery and application of audit methodology and control-based audit techniques;* Experience in auditing general and application controls on various technologies and platforms, based on industry standards and best practices;* Good knowledge of high-risk IS/cyber areas: identity and access management (IAM), data protection, encryption, firewall security, intrusion detection/prevention systems (IDS/IPS), internal threats;* Ability to audit non-technical areas: IT governance, project management, systems development;* Knowledge of cloud infrastructures is a plus;* Ability to synthesize data and observations into findings and present conclusions clearly in writing and orally;* Ability to analyze complex data sets using Excel, Access, VBA, and other advanced analytical scripts/tools;* Understanding of the risks and regulations associated with banking investments and broker-dealer activities;* Strong analytical skills, organizational skills, ability to manage multiple simultaneous and ad hoc requests;* Rigorous, self-motivated, detail-oriented, and able to work in a dynamic environment with deadlines;* Interpersonal skills, ability to work collaboratively in complex, multicultural organizations; excellent writing and oral communication skills.**Only candidates legally authorized to work for any employer in Canada will be considered.****Avantages Wepoint:*** Minimum de 3 semaines de vacances dès la première année;* Assurances collectives complètes avec contribution généreuse de l'employeur;* Contribution employeurs au REER collectif* Flexibilité de télétravail complète : Hybride, Distanciel, Présentiel.* Un bureau chaleureux, lumineux et accueillant qui vous offre : des fruits frais, du café, des breuvages, des repas occasionnels, etc.* Budget de matériel informatique annuel* Environnement de travail équilibré et flexibilité d'horaires;* Évolution de carrière : Formation et certifications, Apprentissage en-ligne ou en présentiel, Academy Wepoint, etc.* Une culture d’entreprise axée sur les besoins des individus et leurs appartenances à une communauté forte
#J-18808-Ljbffr