InfoSec Audit & Risk Specialist, Senior
Mississauga, ON
Position Summary:
Manage the ISO27001 ISMS for CompuCom clients in Canada. With a strong focus on cost-effectively meeting the IT Audit and Compliance needs of CompuCom business units and, through them, our clients, this person must be able to assist the Senior Manager of the Audit & Risk team with activities performed within an enterprise level IT Audit and Compliance program. This includes performing Audits, Compliance and Risk Assessments and being a Subject Matter Expert in these and other areas related Audit and Compliance.

Position Details:

Experience with creating and maintaining an ISMS based on the ISO27001 standard
Experience with performing Sarbanes Oxley (SOx), PCI, and HIPAA compliance audits
Experience with performing SSAE18 and AT101/TSP100 audits
Experience with performing ISO20000 audits
Assist the Sr. Manager in program management and status reporting

What You'll Do

IT Audits

Experience with the audit process and performing risk based audits related to business unit processes and controls, IT infrastructure and general controls
Act as a liaison between InfoSec Audit & Risk team with external auditors, IT and CompuCom business units
Project manage all aspects of ISO27001, SSAE18, and AT101 audits
Help the Sr. Manager with maintaining and improving an IT Internal Audit program
Understand IT General Controls and be able to test their design and operating effectiveness

Risk Assessments

Be knowledgeable of the risk assessment process and methodologies
Experience with conducting IT risk assessments
Ability to correspond and communicate with various levels of management to obtain background and product information

Subject Matter Expert

Keep abreast of audit, compliance, and privacy standards and regulations that are relevant to CompuCom
Develop proposals on how new and existing standards could be used to reduce risk to CompuCom and/or improve the competitive position of CompuCom


Participate in the Change Management process and weekly meetings
Active participation in Project Management, as participant or Project Manager, for any project that may require such a formal approach
Perform additional duties as may be deemed necessary by CompuCom management

What You'll Need

Bachelors Degree in Information Systems or the equivalent in the form of proven experience
Experience with establishing an maintaining an ISMS based on ISO27001
Proven ability to create and maintain effective documentation, including audit reports and evidence collection
Excellent understanding of audit standards and compliance standards
5 years of proven experience with IT Audit in a medium to large organization
Excellent organization skills
Ability to prioritize workload in order to meet commitments
Strong communications skills, both verbal and written, as well as the ability to communicate well with people in a variety of positions, roles and levels
CISA certification required
CISSP, CISM or QSA certifications preferred