Security Audit Specialist
Security Audit Specialist
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Osler Hoskin & Harcourt LLP is one of Canadas leading business law firms. Advising many of Canadas corporate leaders as well as U.S. and international parties with extensive interest in Canada our more than 1000 firm members are based in offices in Toronto Montral Ottawa Vancouver Calgary and New York.
Osler prides itself on attracting and maintaining some of the brightest talent in the legal arena. Our lawyers students management and staff have created a unique firm culture which nurtures mentoring and the exchange of ideas. Osler is a dynamic and exciting place to further your career or carve out a new path.
Reporting to the Manager Security & Compliance the Security Audit Specialist will be entrusted with ensuring the ongoing effectiveness compliance and integrity of the Firms ISO 27001 program while promoting continuous improvement and alignment with evolving standards and client requirements. As a member of the Firms Information Security Management System (ISMS) this role is also accountable for reviewing and advising on Outside Counsel Guidelines security policy and other security related matters in a manner consistent with legislation client requirements and Firm culture. In addition this role is accountable for leading client security audits and attestations by interfacing directly with our clients and Firm members as required.
Major Responsibilities
- Lead internal and external ISO 27001 audits to ensure the Firms compliance with ISO 27001 certification requirements
- Lead various ISO 27001 certification efforts including initiatives pertaining to governance tracking remediation and compliance of information systems and controls
- Track and report on ISO related compliance status including any identified non-conformities or opportunities for improvement as well as develop and implement corrective and preventive actions to address and determine root cause
- Develop and update policies procedures and controls to mitigate identified risks and ensure compliance with industry security best practices
- Ensure ISO 27001 process and certification related documentation is available and up to date
- Engage with Firm members from different departments to raise awareness and support of the certification process
- Stay up to date with the latest developments in information security and ISO 27001 standards
- Participate and act a resource on client security audits coordinating with and preparing firm members as required
- Participate in the Outside Counsel Guidelines process by reviewing and advising Outside Counsel Guidelines
- Advise ISMS members on all audit and security related matters
- Assist other security team members with tasks critical to the maintenance of these certifications
Position Requirements
Education and Experience
This position requires a university degree in Computer Science or a related information systems security field and a minimum of three years of security compliance or auditing experience.
Security or SCCP and/or CIA or CISA or ISO/IEC 27001 Lead Implementer or equivalent certification is required. ISO Auditor training is considered an asset. An equivalent combination of education training and experience may be acceptable.
Knowledge and Skills
- Audit experience with a focus on risks and controls and risk-based auditing techniques
- Deep understanding of the security issues affecting organizations
- Able to understand and interpret security-related laws and regulations and voluntarily adopted standards (e.g. ISO 27002)
- Strong technical and process documentation writing skills
- Project Management experience with proven ability to set and shift priorities to meet a variety of timelines
- Formal knowledge of information technology (IT) security principles and methods (e.g. firewalls demilitarized zones encryption)
- Knowledge of penetration testing principles tools and techniques
- Knowledge of vulnerability scanning and assessment skills
- Knowledge of system and application security threats and vulnerabilities
- Knowledge of information security systems such as PaloAlto CarbonBlack MS SCEP Active Directory/Entra
- Demonstrated experience with execution of information security policy practices and procedures
- Experience handling major and minor IT security incidents
We are currently working in a hybrid work arrangement which includes a requirement to work primarily in the office and flexibility to work remotely up to 2 days per week.
Accessibility and Accommodation
We thank all applicants for their interest in Osler; however only chosen applicants will be contacted. Osler is committed to fostering a diverse and inclusive work environment and we welcome and encourage applications from people with disabilities and people with diverse backgrounds identities and cultures. Accommodations are available upon request for candidates in all phases of the selection process.
Background and Reference Checks
Please note that any offer of employment will be conditional upon background and reference checks including a criminal record check credit check and employment and educational verifications.
If you have the required background with the ability to provide exceptional customer service and wish to work in one of Canadas leading law firms please reply in confidence with a cover letter and rsum by the closing date.
#LI-Hybrid
#LI-AC1
Required Experience:
Unclear Seniority
Employment Type
Full-Time
