IT Auditor/Security Risk Analyst
Saba Software
Ottawa, ON
Saba Software is a cloud-based platform that employs AI to help thousands of enterprise customers deliver an unmatched “just-for-me” talent experience for their employees. From personalized training, collaboration, real-time coaching, goal setting and feedback, Saba Software services some 40 million employees worldwide. At Saba, we know that every organization has the potential to be a great place to work, because company success starts with people. We believe that in today’s diverse, mobile, social world, successful organizations must deliver an experience at work that’s more connected, and more personal than ever before. And the most successful companies do this with Saba. We’re committed to delivering a “just-for-me” talent experience for every individual. Working with Saba means you can work to your strengths. Work like you envision. Work like it’s personal. Work like you. Join Us!

IT Auditor/Security Risk Analyst

IT Auditor/Security Risk Analyst is responsible for supporting risk and compliance related activities improving the quality and consistency of Saba’s security, privacy and service delivery posture for our customers.

This role will be responsible for performing risk assessments and internal audits, including associated tasks (e.g. risk assessment, data collection and filing, issue/risk log, timely reporting of results, etc.).

Risk and compliance activities include working with cross functional teams to ensure the appropriate design and effectiveness of Saba controls, coordinating internal assessments/audits, contributing to policy and standards updates, responding to customer assessment/audit requests and producing risk/audit/compliance reports, metrics, scorecards and dashboards. This position will require some technical background with appropriate risk assessments, audit and security training/skills.

The role is part of the global Security, Risk and Compliance team.

Perform security compliance and risk assessments in all areas of the organization
Develop, maintain and deliver an Internal Audit schedule in line with business goals and priorities
Publish and present timely and quality audit reports and risk assessments
Interface and partner with cross functional leaders from engineering, operations, IT and other functions on designing effective controls to improve security compliance and manage risk
Working with control owners to ensure control objectives and activities meet audit standards for effectiveness and evidence, and ensuring operational efficiencies
Work with Saba’s external audit function and cross functional teams to schedule appropriate internal audit testing and/or risk assessments
Work with Saba’s external audit function and CISO to track and report on existing enterprise and security/compliance risk
Assist with responding to customer assessments/audits of Saba’s controls
Recommend updates to security policies, standards and procedures to address new industry practices, requirements and standards based on security and compliance requirements
Assist with soliciting from vendors and reviewing security collateral (audit reports, completed questionnaires, penetration tests) as part of vendor management program
Other duties as assigned

Requirements and the individual
3+ years of experience in information security, compliance, audit and/or risk management
3+ years of experience in information technology environments
Knowledge of security and compliance issues, trends, best practices
Familiarity with audit, business and segregation of duties, risks, and controls
Excellent data analysis skills
Ability to foresee, assess and identify mitigation strategies for risks
Working knowledge of security and audit legislation/industry standards such as SSAE18/SOC2, ISO 27001, and CSA CCM desirable
Working knowledge in one or more privacy laws such as PIPEDA, GDPR, Privacy Shield desirable
Excellent communication and presentation skills
Ability to communicate well to different stakeholders
Ability to work autonomously with flexibility and excellent judgment
Ability to work effectively under pressure to meet deadlines
Ability to solve problems quickly and automate processes
Ability to work cooperatively as part of a team

CISA, CRISC, CISSP, and/or CISM desired

Job Reference: CA00017