Information Systems Senior Auditor (Full-Time Temporary, up to 24 month contract)
Central 1 Credit Union
Vancouver, BC
Job Description

Internal Audit is responsible for providing independent, objective assurance and advisory services designed to evaluate and improve the effectiveness of risk management, control, and corporate governance processes across the organization. Internal Audit is accountable to the Audit and Finance Committee of Central 1’s Board of Directors.

Basic Function

Reporting to the AVP, Internal Audit, the Information Systems Senior Auditor is responsible for conducting risk-based internal audit and advisory services over information systems and information security to support and enhance Central 1’s system of risk management, internal control and governance.

Responsibilities include planning and executing audits, assessing risk management effectiveness, recommending process & control improvements, executing testing of internal controls over information systems, information and cyber security, and projects, discussing and following up on audit findings, and assisting with annual audit plans. The Senior Auditor works closely with management in all areas of Central 1 by assessing IT risks, completing independent and objective evaluations of IT risks and processes, and recommending improvements to associated IT controls and processes.

This position also provides input and support to the Information Systems Senior Audit Manager and AVP, Internal Audit on the development of the overall IT audit strategy and framework and assists in developing the annual IT audit plan.

Responsibilities also include developing and executing audit programs and testing to recommend process & control improvements in support of ISO 27001 certification, SWIFT & Payments Canada self-attestations, and CEO/CFO certification and compliance with NI 52-109.

As an integral member of the Internal Audit team, the Senior Auditor will:

Develop strong working relationships with the line of business (1st line) and the Risk group (2nd line)
Conduct risk-based audit assurance and advisory work in a business supportive way
Work in a dynamic environment with a focus on being agile to meet the growing and changing needs of stakeholders across the organization
Demonstrate cross-functional leadership behaviours aligned with Central 1’s core values of being curious, collaborative, and courageous
Primary Accountabilities

General

Proactively develop, maintain and manage relationships with various internal contacts. Collaborate with management and business teams to improve overall governance, risk and control.
Where necessary across functional teams (e.g. risk, compliance, external audit) coordinate activities and ensure efficient use of resources and integrated assurance.
Assist or conduct special audit investigations, as necessary, where fraud or other improprieties are suspected and prepare reports of findings.
Assist in general department planning and strategy and perform other duties as required to assist the Internal Audit department support Central 1’s business goals.
Occasional travel to Central 1’s offices outside of BC to conduct internal audits as required.
Information systems audit

Identify opportunities to optimize the internal audit process and implement improvements to existing approaches and audit methodologies, consistent with the Institute of Internal Auditor's International Standards for the Professional Practice of Internal Auditing (IIA Standards), other established frameworks and standards (e.g. COBIT, ISO 31000, ISO 27001) and industry best practices.
Plan and manage the execution and reporting of all internal audit engagements and projects within agreed budgets and timelines. Manage internal audits end to end (planning, execution and reporting) on various types of engagements assessing information systems governance, security, risk management and internal controls.
Meet with all levels of employees and management, following audit procedures to ensure that audit objectives and conclusions are adequately addressed and supported.
Develop action-oriented recommendations to improve risk management and internal controls. Prepare audit finding summaries, updates and audit reports for discussion with auditees and the AVP, Internal Audit and presentation to management and the Audit & Finance Committee of the Board of Directors.
Monitor and follow up on audit findings and remediation action plans with employees and management to ensure resolution.
Coordinate and facilitate audit activities with other assurance providers (e.g. external audit) and regulators, as necessary, to ensure optimal audit coverage.
Conduct testing of Central 1’s control environment, develop recommendations to address gaps and ensure remediation is completed by management to support NI 52-109 Certification.

Qualifications

Education and experience

Post-secondary education in Information Technology/Systems or Business.
Professional certification in information systems audit or security (CISA, CISSP). (CISA or willingness to obtain the certification is required).
Other certifications such as ISO 27001 Lead Auditor, CRISC, CISM, CGEIT, CIA, CCSA, CRMA, CRM, or CPA would be beneficial.
5 years’ relevant IT audit/assurance experience. Previous experience performing a wide variety of risk-based internal audits and advisory activities. (Financial Services industry experience would be considered beneficial).
An equivalent combination of education and experience may be considered.
Technical requirements

Extensive knowledge of IT control systems, infrastructures, processes, operations, risk management frameworks and best practices.
In depth knowledge of IT auditing methodologies and tools including risk assessments, controls and governance.
Knowledge of and experience applying internal audit standards, procedures and techniques in accordance with the International Standards for the Professional Practice of Internal Auditing.
Experience with internal control, risk management and governance frameworks, standards and principles, e.g. COBIT, ITIL, PCI, ISO 27001, COSO, COSO ERM, ISO 31000, etc.
Previous experience with SOX or National Instrument 52-109, Certification of Disclosure in Issuers’ Annual and Interim Filings, (C-Sox) compliance requirements.
Experience conducting ISO 27001 conformance audits, NIST Cybersecurity audits and/or SOC Type II audits would be extremely beneficial.
Critical thinking skills and the ability to make sound judgments in a deadline-oriented environment.
Demonstrated ability to work independently, be self-motivated, highly organized and exercise professional judgment.
Strong verbal and written communication skills, ability to present information to a wide variety of end users and ability to exercise initiative are required.
Proven audit planning and project management skills in a multi-assignment environment.
Attention to detail but also able to view issues holistically and identify key issues and risks from an organizational perspective.
Knowledge of the Institute of Internal Auditor’s Code of Ethics.
Must be proficient with MS Office; knowledge of automated auditing or GRC software would be an asset.
Ability to learn new business processes and functions within a short period and provide value added assessments and recommendations.
Managerial skills

Collaboration skills with a proven track record of partnering with business and driving change and improvement in a business supportive way.
Cross-functional leadership presence and ability to build credibility and trust across the organization.
Effective consensus building, conflict resolution, and negotiation skills, including being able to share knowledge and educate business partners on risk management and internal controls.

Additional Information

As much as we believe in working hard, we also believe in personal growth and taking time for ourselves. Accordingly, our total rewards philosophy amounts to one of the best compensation and benefits packages in the industry – from performance-based incentives and extended benefits, to training and education reimbursements and ample vacation time.

Central 1 is committed to diversity and inclusion. If you have a request for an accommodation, we will work with you to meet your needs.

Reporting to: AVP, Internal Audit
Grade: E/F
Date Posted: July 11, 2019
Internal Applicants must apply by: July 18, 2019

  • Unsolicited resumes from vendors will not be accepted for this or any position at Central 1*