ISO 27001 and IT Controls Auditor

Global Relay

Upgrade to Global Relay. The leading provider of compliant electronic communications archiving, messaging, supervision, and eDiscovery.

For over 20 years, Global Relay has set the standard in enterprise information archiving with industry-leading cloud archiving, surveillance, eDiscovery, and analytics solutions. We securely capture and preserve the communications data of the world’s most highly regulated firms, giving them greater visibility and control over their information and ensuring compliance with stringent regulations.

Though we offer competitive compensation and benefits and all the other perks one would expect from an established company, we are not your typical technology company. Global Relay is a career-building company. A place for big ideas. New challenges. Groundbreaking innovation. It’s a place where you can genuinely make an impact – and be recognized for it.

We believe great businesses thrive on diversity, inclusion, and the contributions of all employees. To that end, we recruit candidates from different backgrounds and foster a work environment that encourages employees to collaborate and learn from each other, completely free of barriers.

Your role:

As an ISO 27001 and IT Controls Auditor, you will ensure security and compliance for our highly regulated customers in sectors such as finance, insurance, healthcare, and government. You will audit for compliance with ISO 27001, SOC 2, and other IT control frameworks, identify potential risks, and advise on remediation actions. Collaborating across both operations and commercial teams, you will maintain our high standards for security and compliance.

If you are passionate about IT audit, compliance, and contributing to a secure, compliant IT environment, we encourage you to apply!

Your responsibilities:

Duties and responsibilities, pertaining to ISO 27001 and SOC 2, include:

• Design and conduct comprehensive audits against the ISO 27001 framework, ensuring our information security management system (ISMS) meets regulatory requirements
• Review security policies, procedures, and controls, ensuring they align with ISO 27001 and SOC 2 requirements
• Lead internal audits and collaborate with external auditors for all regulatory certification processes
• Document and report audit findings, providing detailed recommendations for improving compliance and security posture
• Monitor changes in ISO and SOC frameworks, industry best practices, regulatory changes, ensuring the company continuously adapts its security and compliance strategies accordingly
• Compile test controls, document results, and prepare summary reports for senior management
• Maintain a schedule of audit activity, liaise with stakeholders, and participate in IT controls and business process audits
• Identify risks, control weaknesses, and provide improvement recommendations
• Benchmark processes and controls, collaborating with stakeholders to communicate findings to senior management
• Evaluate SOC 2 audit evidence collection, ensuring it meets external audit requirements

Duties and responsibilities pertaining to the IT Controls Audit:

• Audit and surveil key performance indicators (KPIs) for quality and completeness across multiple departments
• Review processes for delivering on customer commitments and identify opportunities for process improvements
• Review and contribute to the annual Privacy Impact Assessment to meet customer expectations
• Ensure contracted commitments are accounted for in policies, procedures, and KPIs
• Work collaboratively with stakeholders to create new processes to address emerging risks and control weaknesses
• Assist in the maintenance of business capability maps and privacy data maps for multiple departments, including Finance, Accounting, Human Resources, Marketing, and Business Development teams
• Evaluate the effectiveness of IT General Controls (ITGCs), including system access, change management, data backup, and disaster recovery processes
• Assess IT controls based on recognized frameworks like COBIT, NIST, and COSO, identifying gaps and areas for improvement in control environments
• Review IT system configurations, security patching, logging, and monitoring processes to ensure they comply with internal and external security standards
• Conduct risk assessments and develop audit plans to test critical IT and security controls for effectiveness
• Provide clear, actionable audit reports with prioritizations for remediation, supporting our IT and security teams in improving control effectiveness
• Collaborate with IT and engineering teams to ensure that security controls are embedded in systems development and operational processes
• Maintain awareness of emerging technologies and trends in cybersecurity and IT controls, ensuring that audit practices stay current

About you:

• 5+ years of IT auditing experience, including ISO 27001 and SOC 2 audits
• Proven experience in auditing IT General Controls (ITGCs) and application controls in complex IT environments
• Strong familiarity with frameworks such as ISO 27001, SOC 2, COBIT, NIST, and COSO, and strong knowledge of IT risk assessment, IT governance, and internal control concepts
• Experience in highly regulated sectors (e.g. finance, healthcare, government), is highly desirable
• Experience working with cloud infrastructure environments (e.g., AWS, Azure, GCP) and understanding cloud compliance controls
• Certifications such as ISO 27001 Lead Auditor, CISA, CISM, CISSP, or SOC 2 auditing certification are strongly preferred
• Excellent understanding of information security principles and IT compliance standards
• Proficiency in writing detailed audit reports, articulating technical findings, and making recommendations in a clear and concise manner
• Analytical mindset with strong attention to detail and the ability to think critically about complex technical issues
• High integrity and strong professional ethics to ensure impartiality, objectivity and confidentiality in audits
• Excellent communication skills, capable of presenting audit findings to technical and non-technical stakeholders and communicating with executives
• Collaborative, adaptable and open to continuous learning to stay current with evolving security risks and regulatory requirements
• Willingness to travel occasionally as needed

Compensation:

Global Relay advertises the pay range for this role in compliance with British Columbia’s pay transparency laws. Individual pay rates are determined by evaluating factors such as expertise, skills, education, and professional background.

The range below reflects the expected annual base salary, which is only one element of our comprehensive total rewards package designed to reflect our company pay philosophy, culture and values. We aim to foster an inspiring work environment and support employees' work-life rhythms. We provide a comprehensive extended health benefits program, including virtual healthcare and a wellness allowance. Employees also receive annual allotted vacation days, which increase based on tenure. Other benefits include: Paid sick days, maternity/parental enhancement program, corporate bonuses, and an RRSP contribution matching program.

For Vancouver-based employees, we provide a subsidized meal program, courtesy of our talented in-house culinary team!

British Columbia - Base Salary Range: $80,000—$105,000 CAD