Security Auditor

**Who We Are**:
Headquartered in Atlantic Canada with offices across the United States and around the world, Bulletproof has decades of experience in IT, security, and compliance. The company’s footprint now includes users on six continents trusting Bulletproof to address their technology challenges and strengthen their security posture.

Driven by innovative, empowered and creative teamwork, we build solutions that solve business challenges and deliver overall business improvement for our global clients. At Bulletproof, we are committed to our customers, our team and our communities. Bulletproof's practices include Security and Network Operations Centers, Security Assessment & Audit, Quality Assurance and Testing, Project Management, Microsoft Consulting, Managed Services, Managed Security Services, and Product Fulfillment; working together to provide true end-to-end business solutions.

**Why Bulletproof**:
At Bulletproof, our people are the core of who we are and what we do. Founded in Atlantic Canada and now operating globally, it’s our people who drive us and who bring us together. We believe that it’s through trusting and empowering our entire team, that we achieve more. Bulletproof is a Microsoft Solutions Provider, a FOUR-PEAT Microsoft Canada Workplace Impact Award winner, and crowned the 2021 Microsoft Global Security Partner of the Year. Bulletproof is proud to be a member of the Microsoft Intelligent Security Association. We are committed to helping our customers achieve more.

**Position Summary**:
This position will work with clients to assess, develop, and implement policies, standards and guidelines. Also, the position will entail developing security programs in alignment with information security frameworks. The position will ensure clients meet compliance requirements and guide them in developing an improved security posture.

PLEASE, ONLY APPLY IF YOU ARE CURRENTLY LIVING IN CANADA.

**Responsibilities**:

- Conducts security assessments that can be multi-faceted for a wide variety of assigned clients.
- Provides clients with recommendations on building and enforcing information security standards and compliance to these standards.
- Creates security test reports and other documentation as needed.
- Works with clients in defining information security requirements for projects and ensures project compliance to these requirements.
- Authors/reviews security architecture for clients and provides recommendations based on best practices or based on regulatory compliance requirements.
- Works with clients to develop information security program health checks and the appropriate remediation plans.
- Provides thought leadership and direction for the Information Security practice on client security programs.
- Teams up with colleagues in other lines of services in support of client needs for Information Security services.
- Researches best practices, developments, techniques and trends in information security and determines relevance to client organizations.
- Provides clients with exceptional service in a professional, courteous and timely manner.
- Other related duties as assigned.

**Required Education/Credentials/Qualifications**:

- Degree in Computer Science, Information Systems, Engineering or related major from an accredited University or equivalent College Diploma and related experience.
- CISSP, CISA, CISM, or SANS Certifications
- A good understanding of Linux, Windows and network security skills
- Excellent written and oral communication skills in English
- Ability to meet deadlines and deliver a high-quality product (reports)
- Strong attention to detail
- Ability to work both independently and perform as a leader in a team environment
- 5 years minimum information security experience ideally in a fast paced, changing environment

**The following skills are preferred but not required**:

- ISO27001 Lead Auditor, PCI QSA
- Deep understanding of key information security program development, tool implementation and information security concepts and frameworks
- In-depth experience designing and implementing information security solutions
- Understanding of information security frameworks such as ISO/IEC 27001:2013, COBIT, NIST CSF
- Familiarity with threat modelling and security design review methodologies
- Support team technical development (e.g. through service development or research) and contribute to company technical processes overall
- Experience with physical security testing, phishing and social engineering techniques.

**Travel Expectations**:

- Must be able to travel.

**Equal Opportunity Statement**:
Bulletproof is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. Bulletproof is also committed