Apply on Kit Job: kitjob.ca/job/2g91q7

Internal Audit & Compliance Specialist

Reporting directly to SVP, IT Infrastructure and their designates, the Internal Audit & Compliance Specialist will be a key member of the Security and Compliance team, responsible for analyzing, assessing, and designing effective security controls to achieve PCI compliance, privacy compliance, and to improve enterprise-wide security.

Responsibilities

- Develop methods to monitor and measure risk, compliance, and assurance efforts
- Develop specifications to ensure risk, compliance, and assurance efforts conform with security, resilience, and dependability requirements at the software application, system, and network environment level
- Draft statements of preliminary or residual security risks for system operation
- Maintain information systems assurance and accreditation materials (PA-DSS, PCI-DSS, SOC, ISO27001 etc.)
- Monitor and evaluate a system's compliance with information technology (IT) security, resilience, and dependability requirements
- Assess the effectiveness of security controls
- Perform reviews, identify gaps in software architecture, and develop a risk management plan
- Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy
- Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change
- Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks
- Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations

Qualifications

- 5+ years’ experience in Information Security and performing compliance assessments
- Master’s degree in information security or equivalent




- 5+ years’ experience of Level-1 assessment experience with solid understanding of PCI-DSS and PA-DSS
- Proven experience with Information Security Management System (SOC2 Type 2, ISO 27001)
- Experience with Cryptography
- One of the certifications: CSSLP, CASE, GSSP, GWEB, CEH, OSCP, PenTest+ or GPEN
- Experience with network architectures and network device (Firewalls/ Switches/ Routers/ IDS/IPS/ Load Balancers etc.) and Servers/ Virtualization Devices configurations
- Experience with audit experience for cloud computing environments (e.g., AWS, MS Azure, Google Cloud)
- Experience with IT security principles and methods (e.g., firewalls, DMZ, encryption)
- Experience with cyber defense and vulnerability assessment tools, including open source tools, and their capabilities (Nexpose, Nessus etc.)
- Hands‑on experience with penetration testing tools (Metasploit, Nessus etc.)
- Knowledge of Risk Management Framework (RMF) requirements
- Ability to work collaboratively with key stakeholders and other team members
- Excellent time management, written documentation, and oral presentation skills

Certifications (at least one from each group below)

- Current PCI-QSA or PCI-ISA qualification
- Information Security: CISSP, CISM, ISO 27001 LI, RISS, CRISC
- Audit: CISA, GSNA, ISO 27001 LA/IA, IRCA ISMS Auditor, IIA CIA

NRT is an equal prospect employer and does not use AI within its hiring process in most cases. In a case where AI is utilized to assess a candidate during the process, an advanced notice will be provided. It is NRT’s policy to recruit and select applicants for employment solely on the basis of their qualifications, with emphasis on selecting the best-qualified person for the job. NRT does not discriminate against applicants based on race, color, religion, sex, sexual orientation, national origin, or disability or any other status or condition protected by applicable law. NRT welcomes and encourages applications from people with disabilities. Accommodations are available on request for candidates taking part in all aspects of the selection process.

#J-18808-Ljbffr

Apply on Kit Job: kitjob.ca/job/2g91q7

📌 Internal Audit & Compliance Specialist (Toronto)
🏢 Human Resources Department - NRT Technology
📍 Toronto