When you’re passionate about what you do and where you work, the rest comes easy. That’s the culture at Central 1 Credit Union, and that’s precisely what we’re looking for from you. Supporting nearly 150 member credit unions across British Columbia and Ontario, we’re the backbone of the credit union system in both provinces – taking care of everything from online services and product development, to payment processing, trade association services and more.

Our team of over 600 employees represent some of the most innovative, passionate individuals you’ll ever meet; people who honestly care about the organization, its members and each other. In other words, people who love what they do.

We're looking for an Information Systems Audit Manager that will be responsible for the effective planning, execution, and reporting of internal audit projects and advisory services with a focus on Information Technology (IT) and Information Security.
Reporting to the Director, Internal Audit, the Information Systems Audit Manager will be accountable for the ongoing management and development of the overall IT audit strategy and framework. The position will also be responsible for providing  input and guidance on organizational IT risks and assists in developing the annual IT audit plan. The Information Systems Audit Manager will work closely with management in all areas of Central 1 by assessing IT risks, completing independent and objective evaluations of IT risks and processes, and recommending improvements to associated IT controls and processes. Additional responsibilities will also include developing and executing audit programs and testing to support ISO 27001 certification, CEO/CFO certification and compliance with NI 52-109 (C-Sox), and SWIFT self-attestation.

Specific Accountabilities:

General

• Manage the overall corporate IT audit strategy, framework methodology and develop a comprehensive IT audit program and annual audit plan for discussion with the Director, Internal Audit and presentation to the Audit & Finance Committee of the Board as part of the overall risk-based Internal Audit Plan.
• Identify key IT risk areas across Central 1 in accordance with the established risk governance framework and incorporate into IT audit strategy and annual IT audit planning.
• Identify opportunities to optimize the IT audit process and implement improvements to existing approaches and audit methodologies, consistent with the Institute of Internal Auditor's International Standards for the Professional Practice of Internal Auditing (IIA Standards) and other established IT frameworks and standards (e.g. COBIT).
• Proactively develop, maintain and manage high profile relationships with various internal contacts. Collaborate with management and IT teams to improve overall IT governance.
• Conduct special audits and investigations where fraud or other improprieties are suspected and prepare reports of findings.
• Assist where required in the deployment of the Internal Audit Quality Assurance Program.
• Assist where required in updating and aligning of the overall audit methodology as practiced within the department.
• Keep up to date with developments and legislative changes in the Financial Services industry, corporate governance and the auditing profession.
• Participate on security incident response teams as needed to assist in investigating information security incidents, ensure adequate internal action and timely response and provide advice and recommendations on corrective and preventative actions to reduce the impact of future incidents.
• Represent Internal Audit on various IT project teams and internal committees, management meetings and to external stakeholders. Provide advice on governance, risk and control best practices, conformance with standards, compliance with legislation and regulations and internal policies.
• Liaise with Information Security, Operational Risk and Compliance to understand areas of risk and other security concern/focus and incorporate into audit planning as appropriate.
• Liaise with the Corporate Policy Manager and provide feedback on corporate policies and standards.
• Assist in general department planning and strategy and perform other duties as required to assist the Internal Audit department support Central 1’s business goals.
• Occasional travel to Central 1’s offices outside of BC to conduct internal audits as required.
• Information systems audit
• Plan and manage the execution and reporting of all IT audit engagements and projects within agreed budgets and timelines. Manage internal audits end to end (planning, execution and reporting) on various types of engagements assessing information systems governance, security, risk management and controls, including: 
  

1. Internal ISO 27001 conformance audits,
2. NI 52-109 (CEO/CFO certification) IT General Controls testing/audits,
3. General IT audits, project health checks, application reviews, cybersecurity and SWIFT reviews/audits.

• Prepare audit finding summaries, updates and audit reports for discussion with auditees and the Director, Internal Audit and presentation to management and the Audit & Finance Committee of the Board of Directors.
• Meet with all levels of employees and management, following audit procedures to ensure that audit objectives and conclusions are adequately addressed and supported.
• Monitor and follow up on audit findings and remediation action plans with employees and management to ensure resolution.
• Coordinate and facilitate audit activities with other assurance providers (e.g. external audit, ISO certification auditors) and regulators, as necessary, to ensure optimal audit coverage.

Education and experience:

• Post-secondary education in Information Technology, Business or a related discipline.
• Professional certification in information systems auditing - Certified Information Systems Auditor (CISA).
• Certified ISO 27001 Lead Auditor (or willingness to obtain).
• Other certifications such as CIA, CISSP, CISM, CRISC would be beneficial.
• At least 5 years’ IT audit/assurance experience. (Financial Industry experience would be considered beneficial).
• An equivalent combination of education and experience may be considered.

Technical requirements:

• Extensive knowledge of IT control systems, infrastructures, processes, operations, risk management frameworks and best practices.
• In depth knowledge of IT auditing methodologies and tools including risk assessments, controls and governance.
• Experience with internal control frameworks and management standards related to risk management, internal control and information systems, e.g. COBIT, ITIL, COSO, PCI. 
• Experience with ISO 27001:2013 & ISO 19011:2011 and conducting conformance audits.
• Previous experience with SOX or National Instrument 52-109, Certification of Disclosure in Issuers’ Annual and Interim Filings, (C-Sox) compliance requirements.
• Strong IT strategic thinking skills – ability to find innovative, yet practical, strategies to achieve goals, link several strategies into a unified plan, while anticipating needs and maintaining a future focus.
• Critical thinking skills and the ability to make sound judgments in a deadline-oriented environment.
• Demonstrated ability to work independently, be self-motivated, highly organized and exercise professional judgment.
• Strong verbal and written communication skills, ability to present information to a wide variety of end users and ability to exercise initiative are required. Focus on relationship-building and communicating effectively with people at all levels and in all departments as well as external consultants.
• Proven audit planning and project management skills in a multi-assignment environment.
• Excellent attention to detail but also able to view issues holistically and identify key issues and risks.
• Knowledge of the Institute of Internal Auditor’ Code of Ethics and
• Standards for the Professional Practice of Internal Auditing.
• Must be proficient with MS Office; knowledge of automated auditing or GRC software would be an asset.
• Ability to learn new business processes and functions within a short period and provide value added assessments and recommendations.
  

As much as we believe in working hard, we also believe in personal growth and taking time for ourselves. Accordingly, our total rewards philosophy amounts to one of the best compensation and benefits packages in the industry – from performance-based incentives and extended benefits, to training and education reimbursements and ample vacation time.

If you are looking to further your career in a dynamic, client-focused and project-based environment, please apply with your cover letter and resumé in confidence

Central 1 is committed to diversity and inclusion. If you have a request for a disability-related accommodation, we will work with you to meet your needs.

Reporting to: Director, Internal Audit

Grade: G

Date Posted: March 20, 2017

Internal Applicants must apply by: March 28, 2017

*Unsolicited resumes from vendors will not be accepted for this or any position at Central 1*

**If you have issues or questions about the application process, please email humanresources @central1.com with a description of your problem**